diff --git a/lib/libexpat/Changes b/lib/libexpat/Changes index 52b366d5d..c1d22efa5 100644 --- a/lib/libexpat/Changes +++ b/lib/libexpat/Changes @@ -30,6 +30,60 @@ !! THANK YOU! Sebastian Pipping -- Berlin, 2024-03-09 !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +Release 2.6.3 Wed September 4 2024 + Security fixes: + #887 #890 CVE-2024-45490 -- Calling function XML_ParseBuffer with + len < 0 without noticing and then calling XML_GetBuffer + will have XML_ParseBuffer fail to recognize the problem + and XML_GetBuffer corrupt memory. + With the fix, XML_ParseBuffer now complains with error + XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse + has been doing since Expat 2.2.1, and now documented. + Impact is denial of service to potentially artitrary code + execution. + #888 #891 CVE-2024-45491 -- Internal function dtdCopy can have an + integer overflow for nDefaultAtts on 32-bit platforms + (where UINT_MAX equals SIZE_MAX). + Impact is denial of service to potentially artitrary code + execution. + #889 #892 CVE-2024-45492 -- Internal function nextScaffoldPart can + have an integer overflow for m_groupSize on 32-bit + platforms (where UINT_MAX equals SIZE_MAX). + Impact is denial of service to potentially artitrary code + execution. + + Other changes: + #851 #879 Autotools: Sync CMake templates with CMake 3.28 + #853 Autotools: Always provide path to find(1) for portability + #861 Autotools: Ensure that the m4 directory always exists. + #870 Autotools: Simplify handling of SIZEOF_VOID_P + #869 Autotools: Support non-GNU sed + #856 Autotools|CMake: Fix main() to main(void) + #865 Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM + #863 Autotools|CMake: Stop requiring dos2unix + #854 #855 CMake: Fix check for symbols size_t and off_t + #864 docs|tests: Convert README to Markdown and update + #741 Windows: Drop support for Visual Studio <=15.0/2017 + #886 Drop needless XML_DTD guards around is_param access + #885 Fix typo in a code comment + #894 #896 Version info bumped from 10:2:9 (libexpat*.so.1.9.2) + to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/ + for what these numbers do + + Infrastructure: + #880 Readme: Promote the call for help + #868 CI: Fix various issues + #849 CI: Allow triggering GitHub Actions workflows manually + #851 #872 .. + #873 #879 CI: Adapt to breaking changes in GitHub Actions + + Special thanks to: + Alexander Bluhm + Berkay Eren Ürün + Dag-Erling Smørgrav + Ferenc Géczi + TaiYou + Release 2.6.2 Wed March 13 2024 Security fixes: #839 #842 CVE-2024-28757 -- Prevent billion laughs attacks with diff --git a/lib/libexpat/README.md b/lib/libexpat/README.md index 3c20adbee..180a68e4a 100644 --- a/lib/libexpat/README.md +++ b/lib/libexpat/README.md @@ -4,8 +4,14 @@ [![Downloads SourceForge](https://img.shields.io/sourceforge/dt/expat?label=Downloads%20SourceForge)](https://sourceforge.net/projects/expat/files/) [![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases) +> [!CAUTION] +> +> Expat is **understaffed** and without funding. +> There is a [call for help with details](https://github.com/libexpat/libexpat/blob/master/expat/Changes) +> at the top of the `Changes` file. -# Expat, Release 2.6.2 + +# Expat, Release 2.6.3 This is Expat, a C99 library for parsing [XML 1.0 Fourth Edition](https://www.w3.org/TR/2006/REC-xml-20060816/), started by @@ -20,7 +26,7 @@ Expat supports the following compilers: - GNU GCC >=4.5 - LLVM Clang >=3.5 -- Microsoft Visual Studio >=15.0/2017 (rolling `${today} minus 5 years`) +- Microsoft Visual Studio >=16.0/2019 (rolling `${today} minus 5 years`) Windows users can use the [`expat-win32bin-*.*.*.{exe,zip}` download](https://github.com/libexpat/libexpat/releases), @@ -158,10 +164,10 @@ support this mode of compilation (yet): 1. Mass-patch `Makefile.am` files to use `libexpatw.la` for a library name:
- `find -name Makefile.am -exec sed + `find . -name Makefile.am -exec sed -e 's,libexpat\.la,libexpatw.la,' -e 's,libexpat_la,libexpatw_la,' - -i {} +` + -i.bak {} +` 1. Run `automake` to re-write `Makefile.in` files:
`automake` diff --git a/lib/libexpat/doc/reference.html b/lib/libexpat/doc/reference.html index 5614dc34c..4cfb2ce93 100644 --- a/lib/libexpat/doc/reference.html +++ b/lib/libexpat/doc/reference.html @@ -52,7 +52,7 @@

The Expat XML Parser - Release 2.6.2 + Release 2.6.3

@@ -319,7 +319,7 @@ directions in the next section. Otherwise if you have Microsoft's Developer Studio installed, you can use CMake to generate a .sln file, e.g. -cmake -G"Visual Studio 15 2017" -DCMAKE_BUILD_TYPE=RelWithDebInfo . +cmake -G"Visual Studio 16 2019" -DCMAKE_BUILD_TYPE=RelWithDebInfo . , and build Expat using msbuild /m expat.sln after.

Alternatively, you may download the Win32 binary package that @@ -1135,7 +1135,9 @@ containing part (or perhaps all) of the document. The number of bytes of s that are part of the document is indicated by len. This means that s doesn't have to be null-terminated. It also means that if len is larger than the number of bytes in the block of -memory that s points at, then a memory fault is likely. The +memory that s points at, then a memory fault is likely. +Negative values for len are rejected since Expat 2.2.1. +The isFinal parameter informs the parser that this is the last piece of the document. Frequently, the last piece is empty (i.e. len is zero.) @@ -1183,11 +1185,17 @@ XML_ParseBuffer(XML_Parser p, int isFinal);

+

This is just like XML_Parse, except in this case Expat provides the buffer. By obtaining the buffer from Expat with the XML_GetBuffer function, the application can avoid double copying of the input. +

+ +

+Negative values for len are rejected since Expat 2.6.3. +

XML_GetBuffer

diff --git a/lib/libexpat/lib/expat.h b/lib/libexpat/lib/expat.h index c2770be38..d0d6015a6 100644 --- a/lib/libexpat/lib/expat.h +++ b/lib/libexpat/lib/expat.h @@ -1066,7 +1066,7 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled); */ #define XML_MAJOR_VERSION 2 #define XML_MINOR_VERSION 6 -#define XML_MICRO_VERSION 2 +#define XML_MICRO_VERSION 3 #ifdef __cplusplus } diff --git a/lib/libexpat/lib/siphash.h b/lib/libexpat/lib/siphash.h index a1ed99e68..04f6f7458 100644 --- a/lib/libexpat/lib/siphash.h +++ b/lib/libexpat/lib/siphash.h @@ -126,8 +126,7 @@ | ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) \ | ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56)) -#define SIPHASH_INITIALIZER \ - { 0, 0, 0, 0, {0}, 0, 0 } +#define SIPHASH_INITIALIZER {0, 0, 0, 0, {0}, 0, 0} struct siphash { uint64_t v0, v1, v2, v3; diff --git a/lib/libexpat/lib/xmlparse.c b/lib/libexpat/lib/xmlparse.c index 2951fec70..d9285b213 100644 --- a/lib/libexpat/lib/xmlparse.c +++ b/lib/libexpat/lib/xmlparse.c @@ -1,4 +1,4 @@ -/* 2a14271ad4d35e82bde8ba210b4edb7998794bcbae54deab114046a300f9639a (2.6.2+) +/* ba4cdf9bdb534f355a9def4c9e25d20ee8e72f95b0a4d930be52e563f5080196 (2.6.3+) __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __| @@ -39,6 +39,7 @@ Copyright (c) 2022 Sean McBride Copyright (c) 2023 Owain Davies Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow + Copyright (c) 2024 Berkay Eren Ürün Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -294,7 +295,7 @@ typedef struct { The name of the element is stored in both the document and API encodings. The memory buffer 'buf' is a separately-allocated memory area which stores the name. During the XML_Parse()/ - XMLParseBuffer() when the element is open, the memory for the 'raw' + XML_ParseBuffer() when the element is open, the memory for the 'raw' version of the name (in the document encoding) is shared with the document buffer. If the element is open across calls to XML_Parse()/XML_ParseBuffer(), the buffer is re-allocated to @@ -2038,6 +2039,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) { if (parser == NULL) return XML_STATUS_ERROR; + + if (len < 0) { + parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT; + return XML_STATUS_ERROR; + } + switch (parser->m_parsingStatus.parsing) { case XML_SUSPENDED: parser->m_errorCode = XML_ERROR_SUSPENDED; @@ -5846,18 +5853,17 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) { /* Set a safe default value in case 'next' does not get set */ next = textStart; -#ifdef XML_DTD if (entity->is_param) { int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok, next, &next, XML_FALSE, XML_FALSE, XML_ACCOUNT_ENTITY_EXPANSION); - } else -#endif /* XML_DTD */ + } else { result = doContent(parser, parser->m_tagLevel, parser->m_internalEncoding, textStart, textEnd, &next, XML_FALSE, XML_ACCOUNT_ENTITY_EXPANSION); + } if (result == XML_ERROR_NONE) { if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) { @@ -5894,18 +5900,17 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end, /* Set a safe default value in case 'next' does not get set */ next = textStart; -#ifdef XML_DTD if (entity->is_param) { int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok, next, &next, XML_FALSE, XML_TRUE, XML_ACCOUNT_ENTITY_EXPANSION); - } else -#endif /* XML_DTD */ + } else { result = doContent(parser, openEntity->startTagLevel, parser->m_internalEncoding, textStart, textEnd, &next, XML_FALSE, XML_ACCOUNT_ENTITY_EXPANSION); + } if (result != XML_ERROR_NONE) return result; @@ -5932,7 +5937,6 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end, return XML_ERROR_NONE; } -#ifdef XML_DTD if (entity->is_param) { int tok; parser->m_processor = prologProcessor; @@ -5940,9 +5944,7 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end, return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE, XML_ACCOUNT_DIRECT); - } else -#endif /* XML_DTD */ - { + } else { parser->m_processor = contentProcessor; /* see externalEntityContentProcessor vs contentProcessor */ result = doContent(parser, parser->m_parentParser ? 1 : 0, @@ -7016,6 +7018,16 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd, if (! newE) return 0; if (oldE->nDefaultAtts) { + /* Detect and prevent integer overflow. + * The preprocessor guard addresses the "always false" warning + * from -Wtype-limits on platforms where + * sizeof(int) < sizeof(size_t), e.g. on x86_64. */ +#if UINT_MAX >= SIZE_MAX + if ((size_t)oldE->nDefaultAtts + > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) { + return 0; + } +#endif newE->defaultAtts = ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE)); if (! newE->defaultAtts) { @@ -7558,6 +7570,15 @@ nextScaffoldPart(XML_Parser parser) { int next; if (! dtd->scaffIndex) { + /* Detect and prevent integer overflow. + * The preprocessor guard addresses the "always false" warning + * from -Wtype-limits on platforms where + * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ +#if UINT_MAX >= SIZE_MAX + if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) { + return -1; + } +#endif dtd->scaffIndex = (int *)MALLOC(parser, parser->m_groupSize * sizeof(int)); if (! dtd->scaffIndex) return -1; diff --git a/lib/libexpat/tests/basic_tests.c b/lib/libexpat/tests/basic_tests.c index 372089a9d..5dba5ed59 100644 --- a/lib/libexpat/tests/basic_tests.c +++ b/lib/libexpat/tests/basic_tests.c @@ -2804,6 +2804,61 @@ START_TEST(test_empty_parse) { } END_TEST +/* Test XML_Parse for len < 0 */ +START_TEST(test_negative_len_parse) { + const char *const doc = ""; + for (int isFinal = 0; isFinal < 2; isFinal++) { + set_subtest("isFinal=%d", isFinal); + + XML_Parser parser = XML_ParserCreate(NULL); + + if (XML_GetErrorCode(parser) != XML_ERROR_NONE) + fail("There was not supposed to be any initial parse error."); + + const enum XML_Status status = XML_Parse(parser, doc, -1, isFinal); + + if (status != XML_STATUS_ERROR) + fail("Negative len was expected to fail the parse but did not."); + + if (XML_GetErrorCode(parser) != XML_ERROR_INVALID_ARGUMENT) + fail("Parse error does not match XML_ERROR_INVALID_ARGUMENT."); + + XML_ParserFree(parser); + } +} +END_TEST + +/* Test XML_ParseBuffer for len < 0 */ +START_TEST(test_negative_len_parse_buffer) { + const char *const doc = ""; + for (int isFinal = 0; isFinal < 2; isFinal++) { + set_subtest("isFinal=%d", isFinal); + + XML_Parser parser = XML_ParserCreate(NULL); + + if (XML_GetErrorCode(parser) != XML_ERROR_NONE) + fail("There was not supposed to be any initial parse error."); + + void *const buffer = XML_GetBuffer(parser, (int)strlen(doc)); + + if (buffer == NULL) + fail("XML_GetBuffer failed."); + + memcpy(buffer, doc, strlen(doc)); + + const enum XML_Status status = XML_ParseBuffer(parser, -1, isFinal); + + if (status != XML_STATUS_ERROR) + fail("Negative len was expected to fail the parse but did not."); + + if (XML_GetErrorCode(parser) != XML_ERROR_INVALID_ARGUMENT) + fail("Parse error does not match XML_ERROR_INVALID_ARGUMENT."); + + XML_ParserFree(parser); + } +} +END_TEST + /* Test odd corners of the XML_GetBuffer interface */ static enum XML_Status get_feature(enum XML_FeatureEnum feature_id, long *presult) { @@ -5959,6 +6014,8 @@ make_basic_test_case(Suite *s) { tcase_add_test__ifdef_xml_dtd(tc_basic, test_user_parameters); tcase_add_test__ifdef_xml_dtd(tc_basic, test_ext_entity_ref_parameter); tcase_add_test(tc_basic, test_empty_parse); + tcase_add_test(tc_basic, test_negative_len_parse); + tcase_add_test(tc_basic, test_negative_len_parse_buffer); tcase_add_test(tc_basic, test_get_buffer_1); tcase_add_test(tc_basic, test_get_buffer_2); #if XML_CONTEXT_BYTES > 0 diff --git a/lib/libexpat/tests/misc_tests.c b/lib/libexpat/tests/misc_tests.c index ffde05631..2ee9320b1 100644 --- a/lib/libexpat/tests/misc_tests.c +++ b/lib/libexpat/tests/misc_tests.c @@ -208,7 +208,7 @@ START_TEST(test_misc_version) { if (! versions_equal(&read_version, &parsed_version)) fail("Version mismatch"); - if (xcstrcmp(version_text, XCS("expat_2.6.2"))) /* needs bump on releases */ + if (xcstrcmp(version_text, XCS("expat_2.6.3"))) /* needs bump on releases */ fail("XML_*_VERSION in expat.h out of sync?\n"); } END_TEST diff --git a/lib/libz/inflate.c b/lib/libz/inflate.c index 008f508ff..c4f80cfa0 100644 --- a/lib/libz/inflate.c +++ b/lib/libz/inflate.c @@ -960,7 +960,7 @@ int ZEXPORT inflate(z_streamp strm, int flush) { while (state->have < 19) state->lens[order[state->have++]] = 0; state->next = state->codes; - state->lencode = (const code FAR *)(state->next); + state->lencode = state->distcode = (const code FAR *)(state->next); state->lenbits = 7; ret = inflate_table(CODES, state->lens, 19, &(state->next), &(state->lenbits), state->work); diff --git a/regress/usr.sbin/rpki-client/Makefile b/regress/usr.sbin/rpki-client/Makefile index 54afb1963..b116b6098 100644 --- a/regress/usr.sbin/rpki-client/Makefile +++ b/regress/usr.sbin/rpki-client/Makefile @@ -1,12 +1,8 @@ -# $OpenBSD: Makefile,v 1.12 2022/10/14 17:09:43 tb Exp $ +# $OpenBSD: Makefile,v 1.14 2024/09/04 04:35:30 tb Exp $ SUBDIR += libressl -.if exists(/usr/local/bin/eopenssl11) -SUBDIR += openssl11 -.else -.END: - @echo 'Run "pkg_add openssl--%1.1" to run tests against OpenSSL 1.1' - @echo SKIPPED +.if exists(/usr/local/bin/eopenssl32) +SUBDIR += openssl .endif .include diff --git a/regress/usr.sbin/rpki-client/openssl/Makefile b/regress/usr.sbin/rpki-client/openssl/Makefile new file mode 100644 index 000000000..2d5ce4cd6 --- /dev/null +++ b/regress/usr.sbin/rpki-client/openssl/Makefile @@ -0,0 +1,10 @@ +# $OpenBSD: Makefile,v 1.1 2024/09/04 04:34:14 tb Exp $ + +EOPENSSL = eopenssl32 + +LDADD += -Wl,-rpath,/usr/local/lib/${EOPENSSL} -L/usr/local/lib/${EOPENSSL} +CFLAGS += -I${.CURDIR}/ -I/usr/local/include/${EOPENSSL}/ + +.PATH: ${.CURDIR}/.. + +.include diff --git a/regress/usr.sbin/rpki-client/openssl/unistd.h b/regress/usr.sbin/rpki-client/openssl/unistd.h new file mode 100644 index 000000000..13b89aa43 --- /dev/null +++ b/regress/usr.sbin/rpki-client/openssl/unistd.h @@ -0,0 +1,29 @@ +/* $OpenBSD: unistd.h,v 1.2 2024/09/04 07:52:45 tb Exp $ */ +/* + * Public domain + * compatibility shim for OpenSSL 3 + * overloading unistd.h is a ugly guly hack for this issue but works here + */ + +#include_next + +#include +#include + +#ifndef DECLARE_STACK_OF +#define DECLARE_STACK_OF DEFINE_STACK_OF +#endif + +static inline int +CMS_get_version(CMS_ContentInfo *cms, long *version) +{ + *version = 3; + return 1; +} + +static inline int +CMS_SignerInfo_get_version(CMS_SignerInfo *si, long *version) +{ + *version = 3; + return 1; +} diff --git a/regress/usr.sbin/rpki-client/openssl11/Makefile b/regress/usr.sbin/rpki-client/openssl11/Makefile deleted file mode 100644 index d71229913..000000000 --- a/regress/usr.sbin/rpki-client/openssl11/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -# $OpenBSD: Makefile,v 1.18 2023/05/22 15:20:16 tb Exp $ - -LDADD += -Wl,-rpath,/usr/local/lib/eopenssl11 -L/usr/local/lib/eopenssl11 -CFLAGS += -I${.CURDIR}/ -I/usr/local/include/eopenssl11/ - -.PATH: ${.CURDIR}/.. - -.include diff --git a/regress/usr.sbin/rpki-client/openssl11/unistd.h b/regress/usr.sbin/rpki-client/openssl11/unistd.h deleted file mode 100644 index b3f5c3adc..000000000 --- a/regress/usr.sbin/rpki-client/openssl11/unistd.h +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Public domain - * compatibility shim for openssl11 - * overloading unistd.h is a ugly guly hack for this issue but works here - */ - -#include_next - -#include - -#define CMS_get_version(cms, version) (*(version) = 3, 1) -#define CMS_SignerInfo_get_version(si, version) (*(version) = 3, 1) - -#ifndef DECLARE_STACK_OF -#define DECLARE_STACK_OF DEFINE_STACK_OF -#endif diff --git a/sbin/unwind/frontend.c b/sbin/unwind/frontend.c index b10f9e384..3d5d739b9 100644 --- a/sbin/unwind/frontend.c +++ b/sbin/unwind/frontend.c @@ -1,4 +1,4 @@ -/* $OpenBSD: frontend.c,v 1.82 2024/08/09 19:43:26 florian Exp $ */ +/* $OpenBSD: frontend.c,v 1.83 2024/09/05 08:22:46 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser @@ -773,7 +773,7 @@ handle_query(struct pending_query *pq) } rcode = parse_edns_from_query_pkt(pq->qbuf, &pq->edns, NULL, NULL, - NULL, 0, pq->region); + NULL, 0, pq->region, NULL); if (rcode != LDNS_RCODE_NOERROR) { error_answer(pq, rcode); goto send_answer; @@ -1059,7 +1059,7 @@ resend_dns64_query(struct pending_query *opq) } rcode = parse_edns_from_query_pkt(pq->qbuf, &pq->edns, NULL, NULL, - NULL, 0, pq->region); + NULL, 0, pq->region, NULL); if (rcode != LDNS_RCODE_NOERROR) { error_answer(pq, rcode); goto send_answer; diff --git a/sbin/unwind/libunbound/config.h b/sbin/unwind/libunbound/config.h index 807d3a1e7..bfa7d8c08 100644 --- a/sbin/unwind/libunbound/config.h +++ b/sbin/unwind/libunbound/config.h @@ -1,6 +1,9 @@ /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ +/* apply the fallthrough attribute. */ +#define ATTR_FALLTHROUGH __attribute__((fallthrough)); + /* apply the noreturn attribute to a function that exits the program */ #define ATTR_NORETURN __attribute__((__noreturn__)) @@ -58,6 +61,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_ARPA_INET_H 1 +/* Whether the C compiler accepts the "fallthrough" attribute */ +#define HAVE_ATTR_FALLTHROUGH 1 + /* Whether the C compiler accepts the "format" attribute */ #define HAVE_ATTR_FORMAT 1 @@ -407,6 +413,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_NET_IF_H 1 +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NET_PFVAR_H */ + /* Define this to use nghttp2 client. */ /* #undef HAVE_NGHTTP2 */ @@ -567,6 +576,9 @@ function. */ /* #undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB */ +/* Define to 1 if you have the `SSL_CTX_set_tmp_ecdh' function. */ +/* #undef HAVE_SSL_CTX_SET_TMP_ECDH */ + /* Define to 1 if you have the `SSL_get0_alpn_selected' function. */ #define HAVE_SSL_GET0_ALPN_SELECTED 1 @@ -779,7 +791,7 @@ #define PACKAGE_NAME "unbound" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "unbound 1.20.0" +#define PACKAGE_STRING "unbound 1.21.0" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "unbound" @@ -788,7 +800,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.20.0" +#define PACKAGE_VERSION "1.21.0" /* default pidfile location */ #define PIDFILE "" @@ -811,7 +823,7 @@ #define ROOT_CERT_FILE "/var/unbound/etc/icannbundle.pem" /* version number for resource files */ -#define RSRC_PACKAGE_VERSION 1,20,0,0 +#define RSRC_PACKAGE_VERSION 1,21,0,0 /* Directory to chdir to */ #define RUN_DIR "/var/unbound/etc" @@ -1485,6 +1497,7 @@ struct sockaddr_storage; # define calloc(n,s) unbound_stat_calloc_log(n, s, __FILE__, __LINE__, __func__) # define free(p) unbound_stat_free_log(p, __FILE__, __LINE__, __func__) # define realloc(p,s) unbound_stat_realloc_log(p, s, __FILE__, __LINE__, __func__) +# define strdup(s) unbound_stat_strdup_log(s, __FILE__, __LINE__, __func__) void *unbound_stat_malloc(size_t size); void *unbound_stat_calloc(size_t nmemb, size_t size); void unbound_stat_free(void *ptr); @@ -1497,6 +1510,8 @@ void unbound_stat_free_log(void *ptr, const char* file, int line, const char* func); void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, int line, const char* func); +char *unbound_stat_strdup_log(const char *s, const char* file, int line, + const char* func); #elif defined(UNBOUND_ALLOC_LITE) # include "util/alloc.h" #endif /* UNBOUND_ALLOC_LITE and UNBOUND_ALLOC_STATS */ diff --git a/sbin/unwind/libunbound/dns64/dns64.c b/sbin/unwind/libunbound/dns64/dns64.c index dcd7017bb..c637130a3 100644 --- a/sbin/unwind/libunbound/dns64/dns64.c +++ b/sbin/unwind/libunbound/dns64/dns64.c @@ -701,6 +701,7 @@ dns64_operate(struct module_qstate* qstate, enum module_ev event, int id, iq->state = DNS64_NEW_QUERY; iq->started_no_cache_store = qstate->no_cache_store; qstate->no_cache_store = 1; + ATTR_FALLTHROUGH /* fallthrough */ case module_event_pass: qstate->ext_state[id] = handle_event_pass(qstate, id); @@ -1044,8 +1045,8 @@ dns64_get_mem(struct module_env* env, int id) */ static struct module_func_block dns64_block = { "dns64", - &dns64_init, &dns64_deinit, &dns64_operate, &dns64_inform_super, - &dns64_clear, &dns64_get_mem + NULL, NULL, &dns64_init, &dns64_deinit, &dns64_operate, + &dns64_inform_super, &dns64_clear, &dns64_get_mem }; /** diff --git a/sbin/unwind/libunbound/dnstap/dnstap.h b/sbin/unwind/libunbound/dnstap/dnstap.h index 77914c20c..21c033697 100644 --- a/sbin/unwind/libunbound/dnstap/dnstap.h +++ b/sbin/unwind/libunbound/dnstap/dnstap.h @@ -39,6 +39,7 @@ #ifdef USE_DNSTAP +#include "util/locks.h" struct config_file; struct sldns_buffer; struct dt_msg_queue; @@ -75,6 +76,13 @@ struct dt_env { unsigned log_forwarder_query_messages : 1; /** whether to log Message/FORWARDER_RESPONSE */ unsigned log_forwarder_response_messages : 1; + + /** lock on sample count */ + lock_basic_type sample_lock; + /** rate limit value from config, samples 1/N messages */ + unsigned int sample_rate; + /** rate limit counter */ + unsigned int sample_rate_count; }; /** diff --git a/sbin/unwind/libunbound/iterator/iter_scrub.c b/sbin/unwind/libunbound/iterator/iter_scrub.c index 04c62df31..754117861 100644 --- a/sbin/unwind/libunbound/iterator/iter_scrub.c +++ b/sbin/unwind/libunbound/iterator/iter_scrub.c @@ -367,6 +367,47 @@ type_allowed_in_additional_section(uint16_t tp) return 0; } +/** Shorten RRset */ +static void +shorten_rrset(sldns_buffer* pkt, struct rrset_parse* rrset, int count) +{ + /* The too large NS RRset is shortened. This is so that too large + * content does not overwhelm the cache. It may make the rrset + * bogus if it was signed, and then the domain is not resolved any + * more, that is okay, the NS RRset was too large. During a referral + * it can be shortened and then the first part of the list could + * be used to resolve. The scrub continues to disallow glue for the + * removed nameserver RRs and removes that too. Because the glue + * is not marked as okay, since the RRs have been removed here. */ + int i; + struct rr_parse* rr = rrset->rr_first, *prev = NULL; + if(!rr) + return; + for(i=0; inext; + if(!rr) + return; /* The RRset is already short. */ + } + if(verbosity >= VERB_QUERY + && rrset->dname_len <= LDNS_MAX_DOMAINLEN) { + uint8_t buf[LDNS_MAX_DOMAINLEN+1]; + dname_pkt_copy(pkt, buf, rrset->dname); + log_nametypeclass(VERB_QUERY, "normalize: shorten RRset:", buf, + rrset->type, ntohs(rrset->rrset_class)); + } + /* remove further rrs */ + rrset->rr_last = prev; + rrset->rr_count = count; + while(rr) { + rrset->size -= rr->size; + rr = rr->next; + } + if(rrset->rr_last) + rrset->rr_last->next = NULL; + else rrset->rr_first = NULL; +} + /** * This routine normalizes a response. This includes removing "irrelevant" * records from the answer and additional sections and (re)synthesizing @@ -387,6 +428,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, uint8_t* sname = qinfo->qname; size_t snamelen = qinfo->qname_len; struct rrset_parse* rrset, *prev, *nsset=NULL; + int cname_length = 0; /* number of CNAMEs, or DNAMEs */ if(FLAGS_GET_RCODE(msg->flags) != LDNS_RCODE_NOERROR && FLAGS_GET_RCODE(msg->flags) != LDNS_RCODE_NXDOMAIN) @@ -401,6 +443,16 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, prev = NULL; rrset = msg->rrset_first; while(rrset && rrset->section == LDNS_SECTION_ANSWER) { + if(cname_length > 11 /* env->cfg.iter_scrub_cname */) { + /* Too many CNAMEs, or DNAMEs, from the authority + * server, scrub down the length to something + * shorter. This deletes everything after the limit + * is reached. The iterator is going to look up + * the content one by one anyway. */ + remove_rrset("normalize: removing because too many cnames:", + pkt, msg, prev, &rrset); + continue; + } if(rrset->type == LDNS_RR_TYPE_DNAME && pkt_strict_sub(pkt, sname, rrset->dname)) { /* check if next rrset is correct CNAME. else, @@ -420,6 +472,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, "too long"); return 0; } + cname_length++; if(nx && nx->type == LDNS_RR_TYPE_CNAME && dname_pkt_compare(pkt, sname, nx->dname) == 0) { /* check next cname */ @@ -460,6 +513,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, if(rrset->type == LDNS_RR_TYPE_CNAME) { struct rrset_parse* nx = rrset->rrset_all_next; uint8_t* oldsname = sname; + cname_length++; /* see if the next one is a DNAME, if so, swap them */ if(nx && nx->section == LDNS_SECTION_ANSWER && nx->type == LDNS_RR_TYPE_DNAME && @@ -507,6 +561,10 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, LDNS_SECTION_ANSWER && dname_pkt_compare(pkt, oldsname, rrset->dname) == 0) { + if(rrset->type == LDNS_RR_TYPE_NS && + rrset->rr_count > 20 /* env->cfg->iter_scrub_ns */) { + shorten_rrset(pkt, rrset, 20 /* env->cfg->iter_scrub_ns */); + } prev = rrset; rrset = rrset->rrset_all_next; } @@ -522,6 +580,11 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, continue; } + if(rrset->type == LDNS_RR_TYPE_NS && + rrset->rr_count > 20 /* env->cfg->iter_scrub_ns */) { + shorten_rrset(pkt, rrset, 20 /* env->cfg->iter_scrub_ns */); + } + /* Mark the additional names from relevant rrset as OK. */ /* only for RRsets that match the query name, other ones * will be removed by sanitize, so no additional for them */ @@ -578,6 +641,25 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, "RRset:", pkt, msg, prev, &rrset); continue; } + if(rrset->rr_count > 20 /* env->cfg->iter_scrub_ns */) { + /* If this is not a referral, and the NS RRset + * is signed, then remove it entirely, so + * that when it becomes bogus it does not + * make the message that is otherwise fine + * into a bogus message. */ + if(!(msg->an_rrsets == 0 && + FLAGS_GET_RCODE(msg->flags) == + LDNS_RCODE_NOERROR && + !soa_in_auth(msg) && + !(msg->flags & BIT_AA)) && + rrset->rrsig_count != 0) { + remove_rrset("normalize: removing too large NS " + "RRset:", pkt, msg, prev, &rrset); + continue; + } else { + shorten_rrset(pkt, rrset, 20 /* env->cfg->iter_scrub_ns */); + } + } } /* if this is type DS and we query for type DS we just got * a referral answer for our type DS query, fix packet */ diff --git a/sbin/unwind/libunbound/iterator/iter_utils.c b/sbin/unwind/libunbound/iterator/iter_utils.c index f291178d2..1b4f5f6eb 100644 --- a/sbin/unwind/libunbound/iterator/iter_utils.c +++ b/sbin/unwind/libunbound/iterator/iter_utils.c @@ -279,9 +279,10 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env, name, namelen, qtype, &lame, &dnsseclame, &reclame, &rtt, now)) { log_addr(VERB_ALGO, "servselect", &a->addr, a->addrlen); - verbose(VERB_ALGO, " rtt=%d%s%s%s%s", rtt, + verbose(VERB_ALGO, " rtt=%d%s%s%s%s%s", rtt, lame?" LAME":"", dnsseclame?" DNSSEC_LAME":"", + a->dnsseclame?" ADDR_DNSSEC_LAME":"", reclame?" REC_LAME":"", a->lame?" ADDR_LAME":""); if(lame) diff --git a/sbin/unwind/libunbound/iterator/iterator.c b/sbin/unwind/libunbound/iterator/iterator.c index 2ecdd1495..9f39df029 100644 --- a/sbin/unwind/libunbound/iterator/iterator.c +++ b/sbin/unwind/libunbound/iterator/iterator.c @@ -760,6 +760,14 @@ target_count_increase_nx(struct iter_qstate* iq, int num) iq->target_count[TARGET_COUNT_NX] += num; } +static void +target_count_increase_global_quota(struct iter_qstate* iq, int num) +{ + target_count_create(iq); + if(iq->target_count) + iq->target_count[TARGET_COUNT_GLOBAL_QUOTA] += num; +} + /** * Generate a subrequest. * Generate a local request event. Local events are tied to this module, and @@ -1378,7 +1386,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, "restarts (eg. indirections)"); if(iq->qchase.qname) errinf_dname(qstate, "stop at", iq->qchase.qname); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } /* We enforce a maximum recursion/dependency depth -- in general, @@ -1560,6 +1568,11 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, errinf(qstate, "malloc failure for forward zone"); return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } + if(!cache_fill_missing(qstate->env, iq->qchase.qclass, + qstate->region, iq->dp)) { + errinf(qstate, "malloc failure, copy extra info into delegation point"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } if((qstate->query_flags&BIT_RD)==0) { /* If the server accepts RD=0 queries and forwards * with RD=1, then if the server is listed as an NS @@ -1654,7 +1667,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, if(!iq->dp) { log_err("internal error: no hints dp"); errinf(qstate, "no hints for this class"); - return error_response(qstate, id, + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } iq->dp = delegpt_copy(iq->dp, qstate->region); @@ -1974,7 +1987,8 @@ generate_target_query(struct module_qstate* qstate, struct iter_qstate* iq, * if it is negative, there is no maximum number of targets. * @param num: returns the number of queries generated and processed, * which may be zero if there were no missing targets. - * @return false on error. + * @return 0 on success, nonzero on error. 1 means temporary failure and + * 2 means the failure can be cached. */ static int query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, @@ -1997,13 +2011,13 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, else toget = maxtargets; if(toget == 0) { *num = 0; - return 1; + return 0; } /* now that we are sure that a target query is going to be made, * check the limits. */ if(iq->depth == ie->max_dependency_depth) - return 0; + return 1; if(iq->depth > 0 && iq->target_count && iq->target_count[TARGET_COUNT_QUERIES] > MAX_TARGET_COUNT) { char s[LDNS_MAX_DOMAINLEN+1]; @@ -2011,7 +2025,7 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, verbose(VERB_QUERY, "request %s has exceeded the maximum " "number of glue fetches %d", s, iq->target_count[TARGET_COUNT_QUERIES]); - return 0; + return 2; } if(iq->dp_target_count > MAX_DP_TARGET_COUNT) { char s[LDNS_MAX_DOMAINLEN+1]; @@ -2019,7 +2033,7 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, verbose(VERB_QUERY, "request %s has exceeded the maximum " "number of glue fetches %d to a single delegation point", s, iq->dp_target_count); - return 0; + return 2; } /* select 'toget' items from the total of 'missing' items */ @@ -2048,7 +2062,7 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, *num = query_count; if(query_count > 0) qstate->ext_state[id] = module_wait_subquery; - return 0; + return 1; } query_count++; /* If the mesh query list is full, exit the loop here. @@ -2057,9 +2071,17 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, * increase, because the spawned state uses cpu and a * socket while this state waits for that spawned * state. Next time we can look up further targets */ - if(mesh_jostle_exceeded(qstate->env->mesh)) + if(mesh_jostle_exceeded(qstate->env->mesh)) { + /* If no ip4 query is possible, that makes + * this ns resolved. */ + if(!((ie->supports_ipv4 || ie->use_nat64) && + ((ns->lame && !ns->done_pside4) || + (!ns->lame && !ns->got4)))) { + ns->resolved = 1; + } break; } + } /* Send the A request. */ if((ie->supports_ipv4 || ie->use_nat64) && ((ns->lame && !ns->done_pside4) || @@ -2070,13 +2092,18 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, *num = query_count; if(query_count > 0) qstate->ext_state[id] = module_wait_subquery; - return 0; + return 1; } query_count++; /* If the mesh query list is full, exit the loop. */ - if(mesh_jostle_exceeded(qstate->env->mesh)) + if(mesh_jostle_exceeded(qstate->env->mesh)) { + /* With the ip6 query already checked for, + * this makes the ns resolved. It is no longer + * a missing target. */ + ns->resolved = 1; break; } + } /* mark this target as in progress. */ ns->resolved = 1; @@ -2089,7 +2116,7 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, if(query_count > 0) qstate->ext_state[id] = module_wait_subquery; - return 1; + return 0; } /** @@ -2180,12 +2207,14 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, } /* query for an extra name added by the parent-NS record */ if(delegpt_count_missing_targets(iq->dp, NULL) > 0) { - int qs = 0; + int qs = 0, ret; verbose(VERB_ALGO, "try parent-side target name"); - if(!query_for_targets(qstate, iq, ie, id, 1, &qs)) { + if((ret=query_for_targets(qstate, iq, ie, id, 1, &qs))!=0) { errinf(qstate, "could not fetch nameserver"); errinf_dname(qstate, "at zone", iq->dp->name); + if(ret == 1) return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } iq->num_target_queries += qs; target_count_increase(iq, qs); @@ -2414,13 +2443,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, verbose(VERB_QUERY, "request has exceeded the maximum " "number of referrrals with %d", iq->referral_count); errinf(qstate, "exceeded the maximum of referrals"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } if(iq->sent_count > ie->max_sent_count) { verbose(VERB_QUERY, "request has exceeded the maximum " "number of sends with %d", iq->sent_count); errinf(qstate, "exceeded the maximum number of sends"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } /* Check if we reached MAX_TARGET_NX limit without a fallback activation. */ @@ -2450,7 +2479,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, "already present for the delegation point, no " "fallback possible"); errinf(qstate, "exceeded the maximum nameserver nxdomains"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } verbose(VERB_ALGO, "initiating parent-side fallback for " "nxdomain nameserver lookups"); @@ -2493,7 +2522,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, "lookups (%d) with %d", MAX_TARGET_NX_FALLBACK, iq->target_count[TARGET_COUNT_NX]); errinf(qstate, "exceeded the maximum nameserver nxdomains"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } if(!iq->dp->has_parent_side_NS) { @@ -2707,7 +2736,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, verbose(VERB_ALGO, "auth zone lookup failed, no fallback," " servfail"); errinf(qstate, "auth zone lookup failed, fallback is off"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } if(iq->dp->auth_dp) { /* we wanted to fallback, but had no delegpt, only the @@ -2736,11 +2765,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, /* if in 0x20 fallback get as many targets as possible */ if(iq->caps_fallback) { - int extra = 0; + int extra = 0, ret; size_t naddr, nres, navail; - if(!query_for_targets(qstate, iq, ie, id, -1, &extra)) { + if((ret=query_for_targets(qstate, iq, ie, id, -1, &extra))!=0) { errinf(qstate, "could not fetch nameservers for 0x20 fallback"); + if(ret == 1) return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } iq->num_target_queries += extra; target_count_increase(iq, extra); @@ -2883,15 +2914,18 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, * to distinguish between generating (a) new target * query, or failing. */ if(delegpt_count_missing_targets(iq->dp, NULL) > 0) { - int qs = 0; + int qs = 0, ret; verbose(VERB_ALGO, "querying for next " "missing target"); - if(!query_for_targets(qstate, iq, ie, id, - 1, &qs)) { + if((ret=query_for_targets(qstate, iq, ie, id, + 1, &qs))!=0) { errinf(qstate, "could not fetch nameserver"); errinf_dname(qstate, "at zone", iq->dp->name); + if(ret == 1) return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, + LDNS_RCODE_SERVFAIL); } if(qs == 0 && delegpt_count_missing_targets(iq->dp, NULL) == 0){ @@ -2902,6 +2936,17 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, * so this is not a loop. */ return 1; } + if(qs == 0) { + /* There should be targets now, and + * if there are not, it should not + * wait for no targets. Stop it from + * waiting forever, or looping to + * here, as a safeguard. */ + errinf(qstate, "could not generate nameserver lookups"); + errinf_dname(qstate, "at zone", iq->dp->name); + return error_response(qstate, id, + LDNS_RCODE_SERVFAIL); + } iq->num_target_queries += qs; target_count_increase(iq, qs); } @@ -2976,6 +3021,17 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, } } + target_count_increase_global_quota(iq, 1); + if(iq->target_count && iq->target_count[TARGET_COUNT_GLOBAL_QUOTA] + > MAX_GLOBAL_QUOTA) { + char s[LDNS_MAX_DOMAINLEN+1]; + dname_str(qstate->qinfo.qname, s); + verbose(VERB_QUERY, "request %s has exceeded the maximum " + "global quota on number of upstream queries %d", s, + iq->target_count[TARGET_COUNT_GLOBAL_QUOTA]); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); + } + /* Do not check ratelimit for forwarding queries or if we already got a * pass. */ sq_check_ratelimit = (!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok); @@ -3025,7 +3081,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, qstate->was_ratelimited = 1; errinf_dname(qstate, "exceeded ratelimit for zone", iq->dp->name); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } log_addr(VERB_QUERY, "error sending query to auth server", &real_addr, real_addrlen); @@ -3247,7 +3303,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, iter_scrub_nxdomain(iq->response); return final_state(iq); } - return error_response(qstate, id, + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } /* Best effort qname-minimisation. @@ -3582,7 +3638,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, " fallback possible, servfail"); errinf_dname(qstate, "response is bad, no fallback, " "for auth zone", iq->dp->name); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } verbose(VERB_ALGO, "auth zone response was bad, " "fallback enabled"); @@ -3990,7 +4046,7 @@ processCollectClass(struct module_qstate* qstate, int id) if(iq->num_current_queries == 0) { verbose(VERB_ALGO, "No root hints or fwds, giving up " "on qclass ANY"); - return error_response(qstate, id, LDNS_RCODE_REFUSED); + return error_response_cache(qstate, id, LDNS_RCODE_REFUSED); } /* return false, wait for queries to return */ } @@ -4357,7 +4413,7 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, "getting different replies, failed"); outbound_list_remove(&iq->outlist, outbound); errinf(qstate, "0x20 failed, then got different replies in fallback"); - (void)error_response(qstate, id, + (void)error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); return; } @@ -4457,8 +4513,8 @@ iter_get_mem(struct module_env* env, int id) */ static struct module_func_block iter_block = { "iterator", - &iter_init, &iter_deinit, &iter_operate, &iter_inform_super, - &iter_clear, &iter_get_mem + NULL, NULL, &iter_init, &iter_deinit, &iter_operate, + &iter_inform_super, &iter_clear, &iter_get_mem }; struct module_func_block* diff --git a/sbin/unwind/libunbound/iterator/iterator.h b/sbin/unwind/libunbound/iterator/iterator.h index c81eb9435..9843a234e 100644 --- a/sbin/unwind/libunbound/iterator/iterator.h +++ b/sbin/unwind/libunbound/iterator/iterator.h @@ -55,6 +55,9 @@ struct rbtree_type; /** max number of targets spawned for a query and its subqueries */ #define MAX_TARGET_COUNT 64 +/** max number of upstream queries for a query and its subqueries, it is + * never reset. */ +#define MAX_GLOBAL_QUOTA 128 /** max number of target lookups per qstate, per delegation point */ #define MAX_DP_TARGET_COUNT 16 /** max number of nxdomains allowed for target lookups for a query and @@ -248,6 +251,9 @@ enum target_count_variables { TARGET_COUNT_QUERIES, /** Number of nxdomain responses encountered. */ TARGET_COUNT_NX, + /** Global quota on number of queries to upstream servers per + * client request, that is never reset. */ + TARGET_COUNT_GLOBAL_QUOTA, /** This should stay last here, it is used for the allocation */ TARGET_COUNT_MAX, diff --git a/sbin/unwind/libunbound/libunbound/context.c b/sbin/unwind/libunbound/libunbound/context.c index 179695dd8..c1ccdd720 100644 --- a/sbin/unwind/libunbound/libunbound/context.c +++ b/sbin/unwind/libunbound/libunbound/context.c @@ -75,7 +75,9 @@ context_finalize(struct ub_ctx* ctx) ctx->pipe_pid = getpid(); cfg_apply_local_port_policy(cfg, 65536); config_apply(cfg); - if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env)) + if(!modstack_call_startup(&ctx->mods, cfg->module_conf, ctx->env)) + return UB_INITFAIL; + if(!modstack_call_init(&ctx->mods, cfg->module_conf, ctx->env)) return UB_INITFAIL; listen_setup_locks(); log_edns_known_options(VERB_ALGO, ctx->env); diff --git a/sbin/unwind/libunbound/libunbound/libunbound.c b/sbin/unwind/libunbound/libunbound/libunbound.c index 1f0e1b131..3e273140c 100644 --- a/sbin/unwind/libunbound/libunbound/libunbound.c +++ b/sbin/unwind/libunbound/libunbound/libunbound.c @@ -188,7 +188,9 @@ ub_ctx_create(void) int e = errno; ub_randfree(ctx->seed_rnd); config_delete(ctx->env->cfg); - modstack_desetup(&ctx->mods, ctx->env); + modstack_call_deinit(&ctx->mods, ctx->env); + modstack_call_destartup(&ctx->mods, ctx->env); + modstack_free(&ctx->mods); listen_desetup_locks(); edns_known_options_delete(ctx->env); edns_strings_delete(ctx->env->edns_strings); @@ -202,7 +204,9 @@ ub_ctx_create(void) tube_delete(ctx->qq_pipe); ub_randfree(ctx->seed_rnd); config_delete(ctx->env->cfg); - modstack_desetup(&ctx->mods, ctx->env); + modstack_call_deinit(&ctx->mods, ctx->env); + modstack_call_destartup(&ctx->mods, ctx->env); + modstack_free(&ctx->mods); listen_desetup_locks(); edns_known_options_delete(ctx->env); edns_strings_delete(ctx->env->edns_strings); @@ -360,7 +364,9 @@ ub_ctx_delete(struct ub_ctx* ctx) } libworker_delete_event(ctx->event_worker); - modstack_desetup(&ctx->mods, ctx->env); + modstack_call_deinit(&ctx->mods, ctx->env); + modstack_call_destartup(&ctx->mods, ctx->env); + modstack_free(&ctx->mods); a = ctx->alloc_list; while(a) { na = a->super; @@ -981,7 +987,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) if(!addr) { /* disable fwd mode - the root stub should be first. */ if(ctx->env->cfg->forwards && - strcmp(ctx->env->cfg->forwards->name, ".") == 0) { + (ctx->env->cfg->forwards->name && + strcmp(ctx->env->cfg->forwards->name, ".") == 0)) { s = ctx->env->cfg->forwards; ctx->env->cfg->forwards = s->next; s->next = NULL; @@ -1001,7 +1008,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) /* it parses, add root stub in front of list */ lock_basic_lock(&ctx->cfglock); if(!ctx->env->cfg->forwards || - strcmp(ctx->env->cfg->forwards->name, ".") != 0) { + (ctx->env->cfg->forwards->name && + strcmp(ctx->env->cfg->forwards->name, ".") != 0)) { s = calloc(1, sizeof(*s)); if(!s) { lock_basic_unlock(&ctx->cfglock); @@ -1019,6 +1027,7 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) ctx->env->cfg->forwards = s; } else { log_assert(ctx->env->cfg->forwards); + log_assert(ctx->env->cfg->forwards->name); s = ctx->env->cfg->forwards; } dupl = strdup(addr); diff --git a/sbin/unwind/libunbound/libunbound/libworker.c b/sbin/unwind/libunbound/libunbound/libworker.c index d13387dc1..a8e4755af 100644 --- a/sbin/unwind/libunbound/libunbound/libworker.c +++ b/sbin/unwind/libunbound/libunbound/libworker.c @@ -292,6 +292,7 @@ libworker_do_cmd(struct libworker* w, uint8_t* msg, uint32_t len) log_err("unknown command for bg worker %d", (int)context_serial_getcmd(msg, len)); /* and fall through to quit */ + ATTR_FALLTHROUGH /* fallthrough */ case UB_LIBCMD_QUIT: free(msg); diff --git a/sbin/unwind/libunbound/respip/respip.c b/sbin/unwind/libunbound/respip/respip.c index 2613e80bf..2e67016e1 100644 --- a/sbin/unwind/libunbound/respip/respip.c +++ b/sbin/unwind/libunbound/respip/respip.c @@ -1259,8 +1259,8 @@ respip_get_mem(struct module_env* env, int id) */ static struct module_func_block respip_block = { "respip", - &respip_init, &respip_deinit, &respip_operate, &respip_inform_super, - &respip_clear, &respip_get_mem + NULL, NULL, &respip_init, &respip_deinit, &respip_operate, + &respip_inform_super, &respip_clear, &respip_get_mem }; struct module_func_block* diff --git a/sbin/unwind/libunbound/services/authzone.c b/sbin/unwind/libunbound/services/authzone.c index 084f8ca1c..efa63b203 100644 --- a/sbin/unwind/libunbound/services/authzone.c +++ b/sbin/unwind/libunbound/services/authzone.c @@ -7778,7 +7778,8 @@ static void auth_zone_log(uint8_t* name, enum verbosity_value level, static int zonemd_dnssec_verify_rrset(struct auth_zone* z, struct module_env* env, struct module_stack* mods, struct ub_packed_rrset_key* dnskey, struct auth_data* node, - struct auth_rrset* rrset, char** why_bogus, uint8_t* sigalg) + struct auth_rrset* rrset, char** why_bogus, uint8_t* sigalg, + char* reasonbuf, size_t reasonlen) { struct ub_packed_rrset_key pk; enum sec_status sec; @@ -7808,7 +7809,7 @@ static int zonemd_dnssec_verify_rrset(struct auth_zone* z, "zonemd: verify %s RRset with DNSKEY", typestr); } sec = dnskeyset_verify_rrset(env, ve, &pk, dnskey, sigalg, why_bogus, NULL, - LDNS_SECTION_ANSWER, NULL, &verified); + LDNS_SECTION_ANSWER, NULL, &verified, reasonbuf, reasonlen); if(sec == sec_status_secure) { return 1; } @@ -7851,7 +7852,8 @@ static int nsec3_of_param_has_type(struct auth_rrset* nsec3, int algo, static int zonemd_check_dnssec_absence(struct auth_zone* z, struct module_env* env, struct module_stack* mods, struct ub_packed_rrset_key* dnskey, struct auth_data* apex, - char** reason, char** why_bogus, uint8_t* sigalg) + char** reason, char** why_bogus, uint8_t* sigalg, char* reasonbuf, + size_t reasonlen) { struct auth_rrset* nsec = NULL; if(!apex) { @@ -7863,7 +7865,7 @@ static int zonemd_check_dnssec_absence(struct auth_zone* z, struct ub_packed_rrset_key pk; /* dnssec verify the NSEC */ if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, - nsec, why_bogus, sigalg)) { + nsec, why_bogus, sigalg, reasonbuf, reasonlen)) { *reason = "DNSSEC verify failed for NSEC RRset"; return 0; } @@ -7906,7 +7908,7 @@ static int zonemd_check_dnssec_absence(struct auth_zone* z, } /* dnssec verify the NSEC3 */ if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, match, - nsec3, why_bogus, sigalg)) { + nsec3, why_bogus, sigalg, reasonbuf, reasonlen)) { *reason = "DNSSEC verify failed for NSEC3 RRset"; return 0; } @@ -7928,7 +7930,7 @@ static int zonemd_check_dnssec_soazonemd(struct auth_zone* z, struct module_env* env, struct module_stack* mods, struct ub_packed_rrset_key* dnskey, struct auth_data* apex, struct auth_rrset* zonemd_rrset, char** reason, char** why_bogus, - uint8_t* sigalg) + uint8_t* sigalg, char* reasonbuf, size_t reasonlen) { struct auth_rrset* soa; if(!apex) { @@ -7941,12 +7943,12 @@ static int zonemd_check_dnssec_soazonemd(struct auth_zone* z, return 0; } if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, soa, - why_bogus, sigalg)) { + why_bogus, sigalg, reasonbuf, reasonlen)) { *reason = "DNSSEC verify failed for SOA RRset"; return 0; } if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, - zonemd_rrset, why_bogus, sigalg)) { + zonemd_rrset, why_bogus, sigalg, reasonbuf, reasonlen)) { *reason = "DNSSEC verify failed for ZONEMD RRset"; return 0; } @@ -8014,6 +8016,7 @@ auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env, struct module_stack* mods, struct ub_packed_rrset_key* dnskey, int is_insecure, char** result, uint8_t* sigalg) { + char reasonbuf[256]; char* reason = NULL, *why_bogus = NULL; struct auth_data* apex = NULL; struct auth_rrset* zonemd_rrset = NULL; @@ -8042,7 +8045,8 @@ auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env, } else if(!zonemd_rrset && dnskey && !is_insecure) { /* fetch, DNSSEC verify, and check NSEC/NSEC3 */ if(!zonemd_check_dnssec_absence(z, env, mods, dnskey, apex, - &reason, &why_bogus, sigalg)) { + &reason, &why_bogus, sigalg, reasonbuf, + sizeof(reasonbuf))) { auth_zone_zonemd_fail(z, env, reason, why_bogus, result); return; } @@ -8050,7 +8054,8 @@ auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env, } else if(zonemd_rrset && dnskey && !is_insecure) { /* check DNSSEC verify of SOA and ZONEMD */ if(!zonemd_check_dnssec_soazonemd(z, env, mods, dnskey, apex, - zonemd_rrset, &reason, &why_bogus, sigalg)) { + zonemd_rrset, &reason, &why_bogus, sigalg, reasonbuf, + sizeof(reasonbuf))) { auth_zone_zonemd_fail(z, env, reason, why_bogus, result); return; } @@ -8107,6 +8112,8 @@ auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env, * @param why_bogus: if the routine fails, returns the failure reason. * @param keystorage: where to store the ub_packed_rrset_key that is created * on success. A pointer to it is returned on success. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return the dnskey RRset, reference to zone data and keystorage, or * NULL on failure. */ @@ -8114,7 +8121,8 @@ static struct ub_packed_rrset_key* zonemd_get_dnskey_from_anchor(struct auth_zone* z, struct module_env* env, struct module_stack* mods, struct trust_anchor* anchor, int* is_insecure, char** why_bogus, - struct ub_packed_rrset_key* keystorage) + struct ub_packed_rrset_key* keystorage, char* reasonbuf, + size_t reasonlen) { struct auth_data* apex; struct auth_rrset* dnskey_rrset; @@ -8150,7 +8158,8 @@ zonemd_get_dnskey_from_anchor(struct auth_zone* z, struct module_env* env, auth_zone_log(z->name, VERB_QUERY, "zonemd: verify DNSKEY RRset with trust anchor"); sec = val_verify_DNSKEY_with_TA(env, ve, keystorage, anchor->ds_rrset, - anchor->dnskey_rrset, NULL, why_bogus, NULL, NULL); + anchor->dnskey_rrset, NULL, why_bogus, NULL, NULL, reasonbuf, + reasonlen); regional_free_all(env->scratch); if(sec == sec_status_secure) { /* success */ @@ -8173,7 +8182,8 @@ static struct ub_packed_rrset_key* auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z, struct module_env* env, struct module_stack* mods, struct ub_packed_rrset_key* ds, int* is_insecure, char** why_bogus, - struct ub_packed_rrset_key* keystorage, uint8_t* sigalg) + struct ub_packed_rrset_key* keystorage, uint8_t* sigalg, + char* reasonbuf, size_t reasonlen) { struct auth_data* apex; struct auth_rrset* dnskey_rrset; @@ -8209,7 +8219,7 @@ auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z, keystorage->rk.rrset_class = htons(z->dclass); auth_zone_log(z->name, VERB_QUERY, "zonemd: verify zone DNSKEY with DS"); sec = val_verify_DNSKEY_with_DS(env, ve, keystorage, ds, sigalg, - why_bogus, NULL, NULL); + why_bogus, NULL, NULL, reasonbuf, reasonlen); regional_free_all(env->scratch); if(sec == sec_status_secure) { /* success */ @@ -8235,6 +8245,7 @@ void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf, { struct auth_zone* z = (struct auth_zone*)arg; struct module_env* env; + char reasonbuf[256]; char* reason = NULL, *ds_bogus = NULL, *typestr="DNSKEY"; struct ub_packed_rrset_key* dnskey = NULL, *ds = NULL; int is_insecure = 0, downprot; @@ -8346,7 +8357,8 @@ void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf, if(!reason && !is_insecure && !dnskey && ds) { dnskey = auth_zone_verify_zonemd_key_with_ds(z, env, &env->mesh->mods, ds, &is_insecure, &ds_bogus, - &keystorage, downprot?sigalg:NULL); + &keystorage, downprot?sigalg:NULL, reasonbuf, + sizeof(reasonbuf)); if(!dnskey && !is_insecure && !reason) reason = "DNSKEY verify with DS failed"; } @@ -8354,6 +8366,7 @@ void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf, if(reason) { auth_zone_zonemd_fail(z, env, reason, ds_bogus, NULL); lock_rw_unlock(&z->lock); + regional_free_all(env->scratch); return; } @@ -8438,6 +8451,7 @@ zonemd_lookup_dnskey(struct auth_zone* z, struct module_env* env) void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env, struct module_stack* mods, char** result, int offline, int only_online) { + char reasonbuf[256]; char* reason = NULL, *why_bogus = NULL; struct trust_anchor* anchor = NULL; struct ub_packed_rrset_key* dnskey = NULL; @@ -8472,7 +8486,8 @@ void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env, } /* equal to trustanchor, no need for online lookups */ dnskey = zonemd_get_dnskey_from_anchor(z, env, mods, anchor, - &is_insecure, &why_bogus, &keystorage); + &is_insecure, &why_bogus, &keystorage, reasonbuf, + sizeof(reasonbuf)); lock_basic_unlock(&anchor->lock); if(!dnskey && !reason && !is_insecure) { reason = "verify DNSKEY RRset with trust anchor failed"; @@ -8498,6 +8513,7 @@ void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env, if(reason) { auth_zone_zonemd_fail(z, env, reason, why_bogus, result); + regional_free_all(env->scratch); return; } diff --git a/sbin/unwind/libunbound/services/cache/dns.c b/sbin/unwind/libunbound/services/cache/dns.c index 9d18b7901..16cf216ca 100644 --- a/sbin/unwind/libunbound/services/cache/dns.c +++ b/sbin/unwind/libunbound/services/cache/dns.c @@ -96,7 +96,8 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now, struct ub_packed_rrset_key* ck; lock_rw_rdlock(&rep->ref[i].key->entry.lock); /* if deleted rrset, do not copy it */ - if(rep->ref[i].key->id == 0) + if(rep->ref[i].key->id == 0 || + rep->ref[i].id != rep->ref[i].key->id) ck = NULL; else ck = packed_rrset_copy_region( rep->ref[i].key, region, now); @@ -109,14 +110,22 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now, /* no break: also copy key item */ /* the line below is matched by gcc regex and silences * the fallthrough warning */ + ATTR_FALLTHROUGH /* fallthrough */ case 1: /* ref updated, item inserted */ rep->rrsets[i] = rep->ref[i].key; - } - /* if ref was updated make sure the message ttl is updated to - * the minimum of the current rrsets. */ - ttl = ((struct packed_rrset_data*)rep->rrsets[i]->entry.data)->ttl; + /* ref was updated; make sure the message ttl is + * updated to the minimum of the current rrsets. */ + lock_rw_rdlock(&rep->ref[i].key->entry.lock); + /* if deleted, skip ttl update. */ + if(rep->ref[i].key->id != 0 && + rep->ref[i].id == rep->ref[i].key->id) { + ttl = ((struct packed_rrset_data*) + rep->rrsets[i]->entry.data)->ttl; if(ttl < min_ttl) min_ttl = ttl; + } + lock_rw_unlock(&rep->ref[i].key->entry.lock); + } } if(min_ttl < rep->ttl) { rep->ttl = min_ttl; @@ -337,6 +346,13 @@ find_add_addrs(struct module_env* env, uint16_t qclass, * not use dns64 translation */ neg = msg_cache_lookup(env, ns->name, ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); + /* Because recursion for lookup uses BIT_CD, check + * for that so it stops the recursion lookup, if a + * negative answer is cached. Because the cache uses + * the CD flag for type AAAA. */ + if(!neg) + neg = msg_cache_lookup(env, ns->name, ns->namelen, + LDNS_RR_TYPE_AAAA, qclass, BIT_CD, now, 0); if(neg) { delegpt_add_neg_msg(dp, neg); lock_rw_unlock(&neg->entry.lock); @@ -396,6 +412,13 @@ cache_fill_missing(struct module_env* env, uint16_t qclass, * not use dns64 translation */ neg = msg_cache_lookup(env, ns->name, ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); + /* Because recursion for lookup uses BIT_CD, check + * for that so it stops the recursion lookup, if a + * negative answer is cached. Because the cache uses + * the CD flag for type AAAA. */ + if(!neg) + neg = msg_cache_lookup(env, ns->name, ns->namelen, + LDNS_RR_TYPE_AAAA, qclass, BIT_CD, now, 0); if(neg) { delegpt_add_neg_msg(dp, neg); lock_rw_unlock(&neg->entry.lock); diff --git a/sbin/unwind/libunbound/services/cache/infra.c b/sbin/unwind/libunbound/services/cache/infra.c index c110af7b5..831808882 100644 --- a/sbin/unwind/libunbound/services/cache/infra.c +++ b/sbin/unwind/libunbound/services/cache/infra.c @@ -60,6 +60,16 @@ * can do this number of packets (until those all timeout too) */ #define TIMEOUT_COUNT_MAX 3 +/** Minus 1000 because that is outside of the RTTBAND, so + * blacklisted servers stay blacklisted if this is chosen. + * If USEFUL_SERVER_TOP_TIMEOUT is below 1000 (configured via RTT_MAX_TIMEOUT, + * infra-cache-max-rtt) change it to just above the RTT_BAND. */ +#define STILL_USEFUL_TIMEOUT ( \ + USEFUL_SERVER_TOP_TIMEOUT < 1000 || \ + USEFUL_SERVER_TOP_TIMEOUT - 1000 <= RTT_BAND \ + ?RTT_BAND + 1 \ + :USEFUL_SERVER_TOP_TIMEOUT - 1000) + /** ratelimit value for delegation point */ int infra_dp_ratelimit = 0; @@ -347,6 +357,7 @@ infra_create(struct config_file* cfg) return NULL; } infra_ip_ratelimit = cfg->ip_ratelimit; + infra_ip_ratelimit_cookie = cfg->ip_ratelimit_cookie; infra->client_ip_rates = slabhash_create(cfg->ip_ratelimit_slabs, INFRA_HOST_STARTSIZE, cfg->ip_ratelimit_size, &ip_rate_sizefunc, &ip_rate_compfunc, &ip_rate_delkeyfunc, &ip_rate_deldatafunc, NULL); @@ -398,6 +409,7 @@ infra_adjust(struct infra_cache* infra, struct config_file* cfg) infra->infra_keep_probing = cfg->infra_keep_probing; infra_dp_ratelimit = cfg->ratelimit; infra_ip_ratelimit = cfg->ip_ratelimit; + infra_ip_ratelimit_cookie = cfg->ip_ratelimit_cookie; maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+ sizeof(struct infra_data)+INFRA_BYTES_NAME); /* divide cachesize by slabs and multiply by slabs, because if the @@ -656,7 +668,7 @@ infra_update_tcp_works(struct infra_cache* infra, if(data->rtt.rto >= RTT_MAX_TIMEOUT) /* do not disqualify this server altogether, it is better * than nothing */ - data->rtt.rto = RTT_MAX_TIMEOUT-1000; + data->rtt.rto = STILL_USEFUL_TIMEOUT; lock_rw_unlock(&e->lock); } @@ -796,7 +808,7 @@ infra_get_lame_rtt(struct infra_cache* infra, && infra->infra_keep_probing) { /* single probe, keep probing */ if(*rtt >= USEFUL_SERVER_TOP_TIMEOUT) - *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; + *rtt = STILL_USEFUL_TIMEOUT; } else if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay && rtt_notimeout(&host->rtt)*4 <= host->rtt.rto) { /* single probe for this domain, and we are not probing */ @@ -804,26 +816,23 @@ infra_get_lame_rtt(struct infra_cache* infra, if(qtype == LDNS_RR_TYPE_A) { if(host->timeout_A >= TIMEOUT_COUNT_MAX) *rtt = USEFUL_SERVER_TOP_TIMEOUT; - else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; + else *rtt = STILL_USEFUL_TIMEOUT; } else if(qtype == LDNS_RR_TYPE_AAAA) { if(host->timeout_AAAA >= TIMEOUT_COUNT_MAX) *rtt = USEFUL_SERVER_TOP_TIMEOUT; - else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; + else *rtt = STILL_USEFUL_TIMEOUT; } else { if(host->timeout_other >= TIMEOUT_COUNT_MAX) *rtt = USEFUL_SERVER_TOP_TIMEOUT; - else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; + else *rtt = STILL_USEFUL_TIMEOUT; } } /* expired entry */ if(timenow > host->ttl) { - /* see if this can be a re-probe of an unresponsive server */ - /* minus 1000 because that is outside of the RTTBAND, so - * blacklisted servers stay blacklisted if this is chosen */ if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) { lock_rw_unlock(&e->lock); - *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; + *rtt = STILL_USEFUL_TIMEOUT; *lame = 0; *dnsseclame = 0; *reclame = 0; diff --git a/sbin/unwind/libunbound/services/cache/infra.h b/sbin/unwind/libunbound/services/cache/infra.h index a9864d67b..95f48c063 100644 --- a/sbin/unwind/libunbound/services/cache/infra.h +++ b/sbin/unwind/libunbound/services/cache/infra.h @@ -234,7 +234,7 @@ struct infra_cache* infra_adjust(struct infra_cache* infra, struct config_file* cfg); /** - * Plain find infra data function (used by the the other functions) + * Plain find infra data function (used by the other functions) * @param infra: infrastructure cache. * @param addr: host address. * @param addrlen: length of addr. diff --git a/sbin/unwind/libunbound/services/listen_dnsport.c b/sbin/unwind/libunbound/services/listen_dnsport.c index 7eb59a161..6c0691f2a 100644 --- a/sbin/unwind/libunbound/services/listen_dnsport.c +++ b/sbin/unwind/libunbound/services/listen_dnsport.c @@ -675,7 +675,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, int* reuseport, int transparent, int mss, int nodelay, int freebind, int use_systemd, int dscp) { - int s; + int s = -1; char* err; #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined(SO_BINDANY) int on = 1; diff --git a/sbin/unwind/libunbound/services/localzone.c b/sbin/unwind/libunbound/services/localzone.c index cd04c014e..c4e7e55df 100644 --- a/sbin/unwind/libunbound/services/localzone.c +++ b/sbin/unwind/libunbound/services/localzone.c @@ -242,7 +242,7 @@ lz_enter_zone_dname(struct local_zones* zones, uint8_t* nm, size_t len, } /** enter a new zone */ -static struct local_zone* +struct local_zone* lz_enter_zone(struct local_zones* zones, const char* name, const char* type, uint16_t dclass) { @@ -983,36 +983,39 @@ lz_enter_overrides(struct local_zones* zones, struct config_file* cfg) return 1; } -/** setup parent pointers, so that a lookup can be done for closest match */ -static void -init_parents(struct local_zones* zones) +/* return closest parent in the tree, NULL if none */ +static struct local_zone* find_closest_parent(struct local_zone* curr, + struct local_zone* prev) { - struct local_zone* node, *prev = NULL, *p; + struct local_zone* p; int m; - lock_rw_wrlock(&zones->lock); - RBTREE_FOR(node, struct local_zone*, &zones->ztree) { - lock_rw_wrlock(&node->lock); - node->parent = NULL; - if(!prev || prev->dclass != node->dclass) { - prev = node; - lock_rw_unlock(&node->lock); - continue; - } - (void)dname_lab_cmp(prev->name, prev->namelabs, node->name, - node->namelabs, &m); /* we know prev is smaller */ + if(!prev || prev->dclass != curr->dclass) return NULL; + (void)dname_lab_cmp(prev->name, prev->namelabs, curr->name, + curr->namelabs, &m); /* we know prev is smaller */ /* sort order like: . com. bla.com. zwb.com. net. */ /* find the previous, or parent-parent-parent */ - for(p = prev; p; p = p->parent) + for(p = prev; p; p = p->parent) { /* looking for name with few labels, a parent */ if(p->namelabs <= m) { /* ==: since prev matched m, this is closest*/ /* <: prev matches more, but is not a parent, * this one is a (grand)parent */ - node->parent = p; - break; + return p; + } + } + return NULL; } - prev = node; +/** setup parent pointers, so that a lookup can be done for closest match */ +void +lz_init_parents(struct local_zones* zones) +{ + struct local_zone* node, *prev = NULL; + lock_rw_wrlock(&zones->lock); + RBTREE_FOR(node, struct local_zone*, &zones->ztree) { + lock_rw_wrlock(&node->lock); + node->parent = find_closest_parent(node, prev); + prev = node; if(node->override_tree) addr_tree_init_parents(node->override_tree); lock_rw_unlock(&node->lock); @@ -1036,7 +1039,7 @@ lz_setup_implicit(struct local_zones* zones, struct config_file* cfg) int nmlabs = 0; int match = 0; /* number of labels match count */ - init_parents(zones); /* to enable local_zones_lookup() */ + lz_init_parents(zones); /* to enable local_zones_lookup() */ for(p = cfg->local_data; p; p = p->next) { uint8_t* rr_name; uint16_t rr_class, rr_type; @@ -1202,7 +1205,7 @@ local_zones_apply_cfg(struct local_zones* zones, struct config_file* cfg) } /* setup parent ptrs for lookup during data entry */ - init_parents(zones); + lz_init_parents(zones); /* insert local zone tags */ if(!lz_enter_zone_tags(zones, cfg)) { return 0; @@ -2028,7 +2031,9 @@ struct local_zone* local_zones_add_zone(struct local_zones* zones, uint8_t* name, size_t len, int labs, uint16_t dclass, enum localzone_type tp) { + int exact; /* create */ + struct local_zone *prev; struct local_zone* z = local_zone_create(name, len, labs, tp, dclass); if(!z) { free(name); @@ -2037,10 +2042,12 @@ struct local_zone* local_zones_add_zone(struct local_zones* zones, lock_rw_wrlock(&z->lock); /* find the closest parent */ - z->parent = local_zones_find(zones, name, len, labs, dclass); + prev = local_zones_find_le(zones, name, len, labs, dclass, &exact); + if(!exact) + z->parent = find_closest_parent(z, prev); /* insert into the tree */ - if(!rbtree_insert(&zones->ztree, &z->node)) { + if(exact||!rbtree_insert(&zones->ztree, &z->node)) { /* duplicate entry! */ lock_rw_unlock(&z->lock); local_zone_delete(z); diff --git a/sbin/unwind/libunbound/services/localzone.h b/sbin/unwind/libunbound/services/localzone.h index 0c67b3fe5..dd6aa3f57 100644 --- a/sbin/unwind/libunbound/services/localzone.h +++ b/sbin/unwind/libunbound/services/localzone.h @@ -641,4 +641,23 @@ local_zone_enter_rr(struct local_zone* z, uint8_t* nm, size_t nmlen, */ struct local_data* local_zone_find_data(struct local_zone* z, uint8_t* nm, size_t nmlen, int nmlabs); + +/** Enter a new zone; returns with WRlock + * Made public for unit testing + * @param zones: the local zones tree + * @param name: name of the zone + * @param type: type of the zone + * @param dclass: class of the zone + * @return local_zone (or duplicate), NULL on parse and malloc failures + */ +struct local_zone* +lz_enter_zone(struct local_zones* zones, const char* name, const char* type, + uint16_t dclass); + +/** Setup parent pointers, so that a lookup can be done for closest match + * Made public for unit testing + * @param zones: the local zones tree + */ +void +lz_init_parents(struct local_zones* zones); #endif /* SERVICES_LOCALZONE_H */ diff --git a/sbin/unwind/libunbound/services/mesh.c b/sbin/unwind/libunbound/services/mesh.c index e886c4b92..522118844 100644 --- a/sbin/unwind/libunbound/services/mesh.c +++ b/sbin/unwind/libunbound/services/mesh.c @@ -413,6 +413,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, int timeout = mesh->env->cfg->serve_expired? mesh->env->cfg->serve_expired_client_timeout:0; struct sldns_buffer* r_buffer = rep->c->buffer; + uint16_t mesh_flags = qflags&(BIT_RD|BIT_CD); if(rep->c->tcp_req_info) { r_buffer = rep->c->tcp_req_info->spool_buffer; } @@ -425,7 +426,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, return; } if(!unique) - s = mesh_area_find(mesh, cinfo, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_area_find(mesh, cinfo, qinfo, mesh_flags, 0, 0); /* does this create a new reply state? */ if(!s || s->list_select == mesh_no_list) { if(!mesh_make_new_space(mesh, rep->c->buffer)) { @@ -453,7 +454,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, struct rbnode_type* n; #endif s = mesh_state_create(mesh->env, qinfo, cinfo, - qflags&(BIT_RD|BIT_CD), 0, 0); + mesh_flags, 0, 0); if(!s) { log_err("mesh_state_create: out of memory; SERVFAIL"); if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL, @@ -565,6 +566,8 @@ servfail_mem: edns->opt_list_inplace_cb_out = NULL; error_encode(r_buffer, LDNS_RCODE_SERVFAIL, qinfo, qid, qflags, edns); + if(rep->c->use_h2) + http2_stream_remove_mesh_state(rep->c->h2_stream); comm_point_send_reply(rep); if(added) mesh_state_delete(&s->s); @@ -583,8 +586,9 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, int was_detached = 0; int was_noreply = 0; int added = 0; + uint16_t mesh_flags = qflags&(BIT_RD|BIT_CD); if(!unique) - s = mesh_area_find(mesh, NULL, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_area_find(mesh, NULL, qinfo, mesh_flags, 0, 0); /* there are no limits on the number of callbacks */ @@ -594,7 +598,7 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, struct rbnode_type* n; #endif s = mesh_state_create(mesh->env, qinfo, NULL, - qflags&(BIT_RD|BIT_CD), 0, 0); + mesh_flags, 0, 0); if(!s) { return 0; } @@ -673,8 +677,12 @@ static void mesh_schedule_prefetch(struct mesh_area* mesh, struct query_info* qinfo, uint16_t qflags, time_t leeway, int run, int rpz_passthru) { + /* Explicitly set the BIT_RD regardless of the client's flags. This is + * for a prefetch query (no client attached) but it needs to be treated + * as a recursion query. */ + uint16_t mesh_flags = BIT_RD|(qflags&BIT_CD); struct mesh_state* s = mesh_area_find(mesh, NULL, qinfo, - qflags&(BIT_RD|BIT_CD), 0, 0); + mesh_flags, 0, 0); #ifdef UNBOUND_DEBUG struct rbnode_type* n; #endif @@ -694,8 +702,7 @@ static void mesh_schedule_prefetch(struct mesh_area* mesh, return; } - s = mesh_state_create(mesh->env, qinfo, NULL, - qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_state_create(mesh->env, qinfo, NULL, mesh_flags, 0, 0); if(!s) { log_err("prefetch mesh_state_create: out of memory"); return; @@ -756,14 +763,17 @@ static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh, #ifdef UNBOUND_DEBUG struct rbnode_type* n; #endif + /* Explicitly set the BIT_RD regardless of the client's flags. This is + * for a prefetch query (no client attached) but it needs to be treated + * as a recursion query. */ + uint16_t mesh_flags = BIT_RD|(qflags&BIT_CD); if(!mesh_make_new_space(mesh, NULL)) { verbose(VERB_ALGO, "Too many queries. dropped prefetch."); mesh->stats_dropped ++; return; } - s = mesh_state_create(mesh->env, qinfo, NULL, - qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_state_create(mesh->env, qinfo, NULL, mesh_flags, 0, 0); if(!s) { log_err("prefetch_subnet mesh_state_create: out of memory"); return; @@ -966,6 +976,8 @@ mesh_state_cleanup(struct mesh_state* mstate) for(; rep; rep=rep->next) { infra_wait_limit_dec(mesh->env->infra_cache, &rep->query_reply, mesh->env->cfg); + if(rep->query_reply.c->use_h2) + http2_stream_remove_mesh_state(rep->h2_stream); comm_point_drop_reply(&rep->query_reply); log_assert(mesh->num_reply_addrs > 0); mesh->num_reply_addrs--; @@ -1522,6 +1534,8 @@ void mesh_query_done(struct mesh_state* mstate) infra_wait_limit_dec(mstate->s.env->infra_cache, &r->query_reply, mstate->s.env->cfg); mstate->reply_list = NULL; + if(r->query_reply.c->use_h2) + http2_stream_remove_mesh_state(r->h2_stream); comm_point_drop_reply(&r->query_reply); mstate->reply_list = reply_list; mstate->s.env->mesh->stats_dropped++; @@ -1554,6 +1568,9 @@ void mesh_query_done(struct mesh_state* mstate) infra_wait_limit_dec(mstate->s.env->infra_cache, &r->query_reply, mstate->s.env->cfg); mstate->reply_list = NULL; + if(r->query_reply.c->use_h2) { + http2_stream_remove_mesh_state(r->h2_stream); + } comm_point_drop_reply(&r->query_reply); mstate->reply_list = reply_list; } else { @@ -1568,6 +1585,8 @@ void mesh_query_done(struct mesh_state* mstate) tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate); r_buffer = NULL; } + /* mesh_send_reply removed mesh state from + * http2_stream. */ prev = r; prev_buffer = r_buffer; } @@ -1720,6 +1739,7 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, return 0; if(rep->c->use_h2) r->h2_stream = rep->c->h2_stream; + else r->h2_stream = NULL; /* Data related to local alias stored in 'qinfo' (if any) is ephemeral * and can be different for different original queries (even if the @@ -2243,6 +2263,8 @@ mesh_serve_expired_callback(void* arg) infra_wait_limit_dec(mstate->s.env->infra_cache, &r->query_reply, mstate->s.env->cfg); mstate->reply_list = NULL; + if(r->query_reply.c->use_h2) + http2_stream_remove_mesh_state(r->h2_stream); comm_point_drop_reply(&r->query_reply); mstate->reply_list = reply_list; mstate->s.env->mesh->stats_dropped++; @@ -2276,6 +2298,7 @@ mesh_serve_expired_callback(void* arg) r, r_buffer, prev, prev_buffer); if(r->query_reply.c->tcp_req_info) tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate); + /* mesh_send_reply removed mesh state from http2_stream. */ infra_wait_limit_dec(mstate->s.env->infra_cache, &r->query_reply, mstate->s.env->cfg); prev = r; diff --git a/sbin/unwind/libunbound/services/modstack.c b/sbin/unwind/libunbound/services/modstack.c index fc46286cd..97a23bee6 100644 --- a/sbin/unwind/libunbound/services/modstack.c +++ b/sbin/unwind/libunbound/services/modstack.c @@ -95,6 +95,16 @@ modstack_init(struct module_stack* stack) stack->mod = NULL; } +void +modstack_free(struct module_stack* stack) +{ + if(!stack) + return; + stack->num = 0; + free(stack->mod); + stack->mod = NULL; +} + int modstack_config(struct module_stack* stack, const char* module_conf) { @@ -223,17 +233,58 @@ module_func_block* module_factory(const char** str) } int -modstack_setup(struct module_stack* stack, const char* module_conf, +modstack_call_startup(struct module_stack* stack, const char* module_conf, struct module_env* env) { int i; if(stack->num != 0) - modstack_desetup(stack, env); + fatal_exit("unexpected already initialised modules"); /* fixed setup of the modules */ if(!modstack_config(stack, module_conf)) { return 0; } + for(i=0; inum; i++) { + if(stack->mod[i]->startup == NULL) + continue; + verbose(VERB_OPS, "startup module %d: %s", + i, stack->mod[i]->name); + fptr_ok(fptr_whitelist_mod_startup(stack->mod[i]->startup)); + if(!(*stack->mod[i]->startup)(env, i)) { + log_err("module startup for module %s failed", + stack->mod[i]->name); + return 0; + } + } + return 1; +} + +int +modstack_call_init(struct module_stack* stack, const char* module_conf, + struct module_env* env) +{ + int i, changed = 0; env->need_to_validate = 0; /* set by module init below */ + for(i=0; inum; i++) { + while(*module_conf && isspace(*module_conf)) + module_conf++; + if(strncmp(stack->mod[i]->name, module_conf, + strlen(stack->mod[i]->name))) { + if(stack->mod[i]->startup || stack->mod[i]->destartup) { + log_err("changed module ordering during reload not supported, for module that needs startup"); + return 0; + } else { + changed = 1; + } + } + module_conf += strlen(stack->mod[i]->name); + } + if(changed) { + modstack_free(stack); + if(!modstack_config(stack, module_conf)) { + return 0; + } + } + for(i=0; inum; i++) { verbose(VERB_OPS, "init module %d: %s", i, stack->mod[i]->name); @@ -248,16 +299,25 @@ modstack_setup(struct module_stack* stack, const char* module_conf, } void -modstack_desetup(struct module_stack* stack, struct module_env* env) +modstack_call_deinit(struct module_stack* stack, struct module_env* env) { int i; for(i=0; inum; i++) { fptr_ok(fptr_whitelist_mod_deinit(stack->mod[i]->deinit)); (*stack->mod[i]->deinit)(env, i); } - stack->num = 0; - free(stack->mod); - stack->mod = NULL; +} + +void +modstack_call_destartup(struct module_stack* stack, struct module_env* env) +{ + int i; + for(i=0; inum; i++) { + if(stack->mod[i]->destartup == NULL) + continue; + fptr_ok(fptr_whitelist_mod_destartup(stack->mod[i]->destartup)); + (*stack->mod[i]->destartup)(env, i); + } } int diff --git a/sbin/unwind/libunbound/services/modstack.h b/sbin/unwind/libunbound/services/modstack.h index 54c03d1e2..9abc40c27 100644 --- a/sbin/unwind/libunbound/services/modstack.h +++ b/sbin/unwind/libunbound/services/modstack.h @@ -60,6 +60,23 @@ struct module_stack { */ void modstack_init(struct module_stack* stack); +/** + * Free the stack of modules + * @param stack: stack that frees up memory. + */ +void modstack_free(struct module_stack* stack); + +/** + * Initialises modules and assignes ids. Calls module_startup(). + * @param stack: Expected empty, filled according to module_conf + * @param module_conf: string what modules to initialize + * @param env: module environment which is inited by the modules. + * environment should have a superalloc, cfg, + * @return on false a module init failed. + */ +int modstack_call_startup(struct module_stack* stack, const char* module_conf, + struct module_env* env); + /** * Read config file module settings and set up the modfunc block * @param stack: the stack of modules (empty before call). @@ -83,24 +100,31 @@ struct module_func_block* module_factory(const char** str); const char** module_list_avail(void); /** - * Setup modules. Assigns ids and calls module_init. - * @param stack: if not empty beforehand, it will be desetup()ed. - * It is then modstack_configged(). - * @param module_conf: string what modules to insert. + * Init modules. Calls module_init(). + * @param stack: It is modstack_setupped(). + * @param module_conf: module ordering to check against the ordering in stack. + * fails on changed ordering. * @param env: module environment which is inited by the modules. * environment should have a superalloc, cfg, * env.need_to_validate is set by the modules. * @return on false a module init failed. */ -int modstack_setup(struct module_stack* stack, const char* module_conf, +int modstack_call_init(struct module_stack* stack, const char* module_conf, struct module_env* env); /** - * Desetup the modules, deinit, delete. + * Deinit the modules. * @param stack: made empty. * @param env: module env for module deinit() calls. */ -void modstack_desetup(struct module_stack* stack, struct module_env* env); +void modstack_call_deinit(struct module_stack* stack, struct module_env* env); + +/** + * Destartup the modules, close, delete. + * @param stack: made empty. + * @param env: module env for module destartup() calls. + */ +void modstack_call_destartup(struct module_stack* stack, struct module_env* env); /** * Find index of module by name. diff --git a/sbin/unwind/libunbound/services/outside_network.c b/sbin/unwind/libunbound/services/outside_network.c index 0cc553d70..0ea01b005 100644 --- a/sbin/unwind/libunbound/services/outside_network.c +++ b/sbin/unwind/libunbound/services/outside_network.c @@ -2051,7 +2051,8 @@ select_id(struct outside_network* outnet, struct pending* pend, } /** return true is UDP connect error needs to be logged */ -static int udp_connect_needs_log(int err) +static int udp_connect_needs_log(int err, struct sockaddr_storage* addr, + socklen_t addrlen) { switch(err) { case ECONNREFUSED: @@ -2075,6 +2076,15 @@ static int udp_connect_needs_log(int err) if(verbosity >= VERB_ALGO) return 1; return 0; + case EINVAL: + /* Stop 'Invalid argument for fe80::/10' addresses appearing + * in the logs, at low verbosity. They cannot be sent to. */ + if(addr_is_ip6linklocal(addr, addrlen)) { + if(verbosity >= VERB_ALGO) + return 1; + return 0; + } + break; default: break; } @@ -2141,7 +2151,8 @@ select_ifport(struct outside_network* outnet, struct pending* pend, /* connect() to the destination */ if(connect(fd, (struct sockaddr*)&pend->addr, pend->addrlen) < 0) { - if(udp_connect_needs_log(errno)) { + if(udp_connect_needs_log(errno, + &pend->addr, pend->addrlen)) { log_err_addr("udp connect failed", strerror(errno), &pend->addr, pend->addrlen); @@ -3455,7 +3466,10 @@ outnet_serviced_query(struct outside_network* outnet, timenow = *env->now; if(!infra_ratelimit_inc(env->infra_cache, zone, zonelen, timenow, env->cfg->ratelimit_backoff, - &qstate->qinfo, qstate->reply)) { + &qstate->qinfo, + qstate->mesh_info->reply_list + ?&qstate->mesh_info->reply_list->query_reply + :NULL)) { /* Can we pass through with slip factor? */ if(env->cfg->ratelimit_factor == 0 || ub_random_max(env->rnd, diff --git a/sbin/unwind/libunbound/services/rpz.c b/sbin/unwind/libunbound/services/rpz.c index 7f3a00d09..0bcf78f49 100644 --- a/sbin/unwind/libunbound/services/rpz.c +++ b/sbin/unwind/libunbound/services/rpz.c @@ -242,10 +242,14 @@ rpz_action_to_localzone_type(enum rpz_action a) case RPZ_NODATA_ACTION: return local_zone_always_nodata; case RPZ_DROP_ACTION: return local_zone_always_deny; case RPZ_PASSTHRU_ACTION: return local_zone_always_transparent; - case RPZ_LOCAL_DATA_ACTION: /* fallthrough */ + case RPZ_LOCAL_DATA_ACTION: + ATTR_FALLTHROUGH + /* fallthrough */ case RPZ_CNAME_OVERRIDE_ACTION: return local_zone_redirect; case RPZ_TCP_ONLY_ACTION: return local_zone_truncate; - case RPZ_INVALID_ACTION: /* fallthrough */ + case RPZ_INVALID_ACTION: + ATTR_FALLTHROUGH + /* fallthrough */ default: return local_zone_invalid; } } @@ -258,10 +262,14 @@ rpz_action_to_respip_action(enum rpz_action a) case RPZ_NODATA_ACTION: return respip_always_nodata; case RPZ_DROP_ACTION: return respip_always_deny; case RPZ_PASSTHRU_ACTION: return respip_always_transparent; - case RPZ_LOCAL_DATA_ACTION: /* fallthrough */ + case RPZ_LOCAL_DATA_ACTION: + ATTR_FALLTHROUGH + /* fallthrough */ case RPZ_CNAME_OVERRIDE_ACTION: return respip_redirect; case RPZ_TCP_ONLY_ACTION: return respip_truncate; - case RPZ_INVALID_ACTION: /* fallthrough */ + case RPZ_INVALID_ACTION: + ATTR_FALLTHROUGH + /* fallthrough */ default: return respip_invalid; } } @@ -276,7 +284,9 @@ localzone_type_to_rpz_action(enum localzone_type lzt) case local_zone_always_transparent: return RPZ_PASSTHRU_ACTION; case local_zone_redirect: return RPZ_LOCAL_DATA_ACTION; case local_zone_truncate: return RPZ_TCP_ONLY_ACTION; - case local_zone_invalid: /* fallthrough */ + case local_zone_invalid: + ATTR_FALLTHROUGH + /* fallthrough */ default: return RPZ_INVALID_ACTION; } } @@ -291,7 +301,9 @@ respip_action_to_rpz_action(enum respip_action a) case respip_always_transparent: return RPZ_PASSTHRU_ACTION; case respip_redirect: return RPZ_LOCAL_DATA_ACTION; case respip_truncate: return RPZ_TCP_ONLY_ACTION; - case respip_invalid: /* fallthrough */ + case respip_invalid: + ATTR_FALLTHROUGH + /* fallthrough */ default: return RPZ_INVALID_ACTION; } } @@ -2435,11 +2447,10 @@ rpz_callback_from_iterator_module(struct module_qstate* ms, struct iter_qstate* if(ms->env == NULL || ms->env->auth_zones == NULL) { return 0; } az = ms->env->auth_zones; + lock_rw_rdlock(&az->rpz_lock); verbose(VERB_ALGO, "rpz: iterator module callback: have_rpz=%d", az->rpz_first != NULL); - lock_rw_rdlock(&az->rpz_lock); - /* precedence of RPZ works, loosely, like this: * CNAMEs in order of the CNAME chain. rpzs in the order they are * configured. In an RPZ: first client-IP addr, then QNAME, then @@ -2454,6 +2465,13 @@ rpz_callback_from_iterator_module(struct module_qstate* ms, struct iter_qstate* lock_rw_unlock(&a->lock); continue; } + if(r->taglist && (!ms->client_info || + !taglist_intersect(r->taglist, r->taglistlen, + ms->client_info->taglist, + ms->client_info->taglen))) { + lock_rw_unlock(&a->lock); + continue; + } /* the nsdname has precedence over the nsip triggers */ z = rpz_delegation_point_zone_lookup(is->dp, r->nsdname_zones, @@ -2512,6 +2530,13 @@ struct dns_msg* rpz_callback_from_iterator_cname(struct module_qstate* ms, lock_rw_unlock(&a->lock); continue; } + if(r->taglist && (!ms->client_info || + !taglist_intersect(r->taglist, r->taglistlen, + ms->client_info->taglist, + ms->client_info->taglen))) { + lock_rw_unlock(&a->lock); + continue; + } z = rpz_find_zone(r->local_zones, is->qchase.qname, is->qchase.qname_len, is->qchase.qclass, 0, 0, 0); if(z && r->action_override == RPZ_DISABLED_ACTION) { diff --git a/sbin/unwind/libunbound/sldns/parse.h b/sbin/unwind/libunbound/sldns/parse.h index 6e756674e..e545ac172 100644 --- a/sbin/unwind/libunbound/sldns/parse.h +++ b/sbin/unwind/libunbound/sldns/parse.h @@ -106,7 +106,7 @@ ssize_t sldns_bget_token(struct sldns_buffer *b, char *token, const char *delim, * \param[in] k_del keyword delimiter * \param[out] data the data found * \param[in] d_del the data delimiter - * \param[in] data_limit maximum size the the data buffer + * \param[in] data_limit maximum size the data buffer * \return the number of character read */ ssize_t sldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit); @@ -119,7 +119,7 @@ ssize_t sldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, * \param[in] k_del keyword delimiter * \param[out] data the data found * \param[in] d_del the data delimiter - * \param[in] data_limit maximum size the the data buffer + * \param[in] data_limit maximum size the data buffer * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) * \return the number of character read @@ -134,7 +134,7 @@ ssize_t sldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_de * \param[in] k_del keyword delimiter * \param[out] data the data found * \param[in] d_del the data delimiter - * \param[in] data_limit maximum size the the data buffer + * \param[in] data_limit maximum size the data buffer * \return the number of character read */ ssize_t sldns_bget_keyword_data(struct sldns_buffer *b, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit); diff --git a/sbin/unwind/libunbound/sldns/parseutil.c b/sbin/unwind/libunbound/sldns/parseutil.c index c891b0b61..f749aea4a 100644 --- a/sbin/unwind/libunbound/sldns/parseutil.c +++ b/sbin/unwind/libunbound/sldns/parseutil.c @@ -436,11 +436,13 @@ sldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz, /* ........ ........ ....4444 4....... ........ */ c = src[3] >> 7 ; + ATTR_FALLTHROUGH /* fallthrough */ case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c]; /* ........ .......3 3333.... ........ ........ */ c = src[2] >> 4 ; + ATTR_FALLTHROUGH /* fallthrough */ case 2: dst[3] = b32[(src[1] & 0x01) << 4 | c]; @@ -449,6 +451,7 @@ sldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz, /* .....111 11...... ........ ........ ........ */ c = src[1] >> 6 ; + ATTR_FALLTHROUGH /* fallthrough */ case 1: dst[1] = b32[(src[0] & 0x07) << 2 | c]; @@ -460,11 +463,14 @@ sldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz, switch (src_sz) { case 1: dst[2] = '='; dst[3] = '='; + ATTR_FALLTHROUGH /* fallthrough */ case 2: dst[4] = '='; + ATTR_FALLTHROUGH /* fallthrough */ case 3: dst[5] = '='; dst[6] = '='; + ATTR_FALLTHROUGH /* fallthrough */ case 4: dst[7] = '='; } @@ -577,17 +583,20 @@ sldns_b32_pton_base(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz, /* ........ ........ ........ .55555.. ........ */ /* ........ ........ ....4444 4....... ........ */ dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3; + ATTR_FALLTHROUGH /* fallthrough */ case 5: /* ........ ........ ....4444 4....... ........ */ /* ........ .......3 3333.... ........ ........ */ dst[2] = buf[3] << 4 | buf[4] >> 1; + ATTR_FALLTHROUGH /* fallthrough */ case 4: /* ........ .......3 3333.... ........ ........ */ /* ........ ..22222. ........ ........ ........ */ /* .....111 11...... ........ ........ ........ */ dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4; + ATTR_FALLTHROUGH /* fallthrough */ case 2: /* .....111 11...... ........ ........ ........ */ diff --git a/sbin/unwind/libunbound/sldns/rrdef.h b/sbin/unwind/libunbound/sldns/rrdef.h index c43b21dad..5fe6da89d 100644 --- a/sbin/unwind/libunbound/sldns/rrdef.h +++ b/sbin/unwind/libunbound/sldns/rrdef.h @@ -470,6 +470,11 @@ enum sldns_enum_ede_code LDNS_EDE_NO_REACHABLE_AUTHORITY = 22, LDNS_EDE_NETWORK_ERROR = 23, LDNS_EDE_INVALID_DATA = 24, + LDNS_EDE_SIGNATURE_EXPIRED_BEFORE_VALID = 25, + LDNS_EDE_TOO_EARLY = 26, + LDNS_EDE_UNSUPPORTED_NSEC3_ITERATIONS = 27, + LDNS_EDE_BADPROXYPOLICY = 28, + LDNS_EDE_SYNTHESIZED = 29 }; typedef enum sldns_enum_ede_code sldns_ede_code; diff --git a/sbin/unwind/libunbound/sldns/wire2str.c b/sbin/unwind/libunbound/sldns/wire2str.c index 2b5dc0513..ff8399947 100644 --- a/sbin/unwind/libunbound/sldns/wire2str.c +++ b/sbin/unwind/libunbound/sldns/wire2str.c @@ -228,6 +228,11 @@ static sldns_lookup_table sldns_edns_ede_codes_data[] = { { LDNS_EDE_NO_REACHABLE_AUTHORITY, "No Reachable Authority" }, { LDNS_EDE_NETWORK_ERROR, "Network Error" }, { LDNS_EDE_INVALID_DATA, "Invalid Data" }, + { LDNS_EDE_SIGNATURE_EXPIRED_BEFORE_VALID, "Signature Expired Before Valid" }, + { LDNS_EDE_TOO_EARLY, "Non-Replayable Transactions Received in 0-RTT Data" }, + { LDNS_EDE_UNSUPPORTED_NSEC3_ITERATIONS, "Unsupported NSEC3 Iterations Value" }, + { LDNS_EDE_BADPROXYPOLICY, "Unable to Conform to Policy" }, + { LDNS_EDE_SYNTHESIZED, "Synthesized Answer" }, { 0, NULL} }; sldns_lookup_table* sldns_edns_ede_codes = sldns_edns_ede_codes_data; @@ -1236,6 +1241,7 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl r = sldns_wire2str_svcparam_ech2str(s, slen, data_len, *d); break; case SVCB_KEY_DOHPATH: + ATTR_FALLTHROUGH /* fallthrough */ default: r = sldns_str_print(s, slen, "=\""); diff --git a/sbin/unwind/libunbound/util/alloc.c b/sbin/unwind/libunbound/util/alloc.c index 8f02ecf46..a0eb7006c 100644 --- a/sbin/unwind/libunbound/util/alloc.c +++ b/sbin/unwind/libunbound/util/alloc.c @@ -466,6 +466,18 @@ void *unbound_stat_realloc(void *ptr, size_t size) memcpy(res+8, &mem_special, sizeof(mem_special)); return res+16; } +/** strdup with stats */ +char *unbound_stat_strdup(const char* s) +{ + size_t len; + char* res; + if(!s) return NULL; + len = strlen(s); + res = unbound_stat_malloc(len+1); + if(!res) return NULL; + memmove(res, s, len+1); + return res; +} /** log to file where alloc was done */ void *unbound_stat_malloc_log(size_t size, const char* file, int line, @@ -507,6 +519,15 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, return unbound_stat_realloc(ptr, size); } +/** log to file where strdup was done */ +char *unbound_stat_strdup_log(const char *s, const char* file, int line, + const char* func) +{ + log_info("%s:%d %s strdup size %u", file, line, func, + (s?(unsigned)strlen(s)+1:0)); + return unbound_stat_strdup(s); +} + #endif /* UNBOUND_ALLOC_STATS */ #ifdef UNBOUND_ALLOC_LITE #undef malloc diff --git a/sbin/unwind/libunbound/util/config_file.c b/sbin/unwind/libunbound/util/config_file.c index 62d1eedf9..3f51353b7 100644 --- a/sbin/unwind/libunbound/util/config_file.c +++ b/sbin/unwind/libunbound/util/config_file.c @@ -42,6 +42,7 @@ #include "config.h" #include #include +#include #ifdef HAVE_TIME_H #include #endif @@ -386,6 +387,7 @@ config_create(void) memset(cfg->cookie_secret, 0, sizeof(cfg->cookie_secret)); cfg->cookie_secret_len = 16; init_cookie_secret(cfg->cookie_secret, cfg->cookie_secret_len); + cfg->cookie_secret_file = NULL; #ifdef USE_CACHEDB if(!(cfg->cachedb_backend = strdup("testframe"))) goto error_exit; if(!(cfg->cachedb_secret = strdup("default"))) goto error_exit; @@ -769,6 +771,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("dnstap-send-version:", dnstap_send_version) else S_STR("dnstap-identity:", dnstap_identity) else S_STR("dnstap-version:", dnstap_version) + else S_NUMBER_OR_ZERO("dnstap-sample-rate:", dnstap_sample_rate) else S_YNO("dnstap-log-resolver-query-messages:", dnstap_log_resolver_query_messages) else S_YNO("dnstap-log-resolver-response-messages:", @@ -837,6 +840,8 @@ int config_set_option(struct config_file* cfg, const char* opt, { IS_NUMBER_OR_ZERO; cfg->ipsecmod_max_ttl = atoi(val); } else S_YNO("ipsecmod-strict:", ipsecmod_strict) #endif + else S_YNO("answer-cookie:", do_answer_cookie) + else S_STR("cookie-secret-file:", cookie_secret_file) #ifdef USE_CACHEDB else S_YNO("cachedb-no-store:", cachedb_no_store) else S_YNO("cachedb-check-when-serve-expired:", cachedb_check_when_serve_expired) @@ -1248,6 +1253,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "dnstap-send-version", dnstap_send_version) else O_STR(opt, "dnstap-identity", dnstap_identity) else O_STR(opt, "dnstap-version", dnstap_version) + else O_UNS(opt, "dnstap-sample-rate", dnstap_sample_rate) else O_YNO(opt, "dnstap-log-resolver-query-messages", dnstap_log_resolver_query_messages) else O_YNO(opt, "dnstap-log-resolver-response-messages", @@ -1333,6 +1339,8 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LST(opt, "ipsecmod-whitelist", ipsecmod_whitelist) else O_YNO(opt, "ipsecmod-strict", ipsecmod_strict) #endif + else O_YNO(opt, "answer-cookie", do_answer_cookie) + else O_STR(opt, "cookie-secret-file", cookie_secret_file) #ifdef USE_CACHEDB else O_STR(opt, "backend", cachedb_backend) else O_STR(opt, "secret-seed", cachedb_secret) @@ -1718,6 +1726,7 @@ config_delete(struct config_file* cfg) free(cfg->ipsecmod_hook); config_delstrlist(cfg->ipsecmod_whitelist); #endif + free(cfg->cookie_secret_file); #ifdef USE_CACHEDB free(cfg->cachedb_backend); free(cfg->cachedb_secret); @@ -1772,6 +1781,39 @@ init_outgoing_availports(int* a, int num) } } +static int +extract_port_from_str(const char* str, int max_port) { + char* endptr; + long int value; + if (str == NULL || *str == '\0') { + log_err("str: '%s' is invalid", (str?str:"NULL")); + return -1; + } + + value = strtol(str, &endptr, 10); + if ((endptr == str) || (*endptr != '\0')) { + log_err("cannot parse port number '%s'", str); + return -1; + } + + if (errno == ERANGE) { + log_err("overflow occurred when parsing '%s'", str); + return -1; + } + + if (value == 0 && strcmp(str, "0") != 0) { + log_err("cannot parse port number '%s'", str); + return -1; + } + + if (value < 0 || value >= max_port) { + log_err(" '%s' is out of bounds [0, %d)", str, max_port); + return -1; + } + + return (int)value; +} + int cfg_mark_ports(const char* str, int allow, int* avail, int num) { @@ -1782,53 +1824,45 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num) "options"); #endif if(!mid) { - int port = atoi(str); + int port = extract_port_from_str(str, num); if(port < 0) { - log_err("port number is negative: %d", port); - return 0; - } - if(port == 0 && strcmp(str, "0") != 0) { - log_err("cannot parse port number '%s'", str); + log_err("Failed to parse the port number"); return 0; } if(port < num) avail[port] = (allow?port:0); } else { - int i, low, high = atoi(mid+1); char buf[16]; + int i, low; + int high = extract_port_from_str(mid+1, num); if(high < 0) { - log_err("port number is negative: %d", high); - return 0; - } - if(high == 0 && strcmp(mid+1, "0") != 0) { - log_err("cannot parse port number '%s'", mid+1); + log_err("Failed to parse the port number"); return 0; } + if( (int)(mid-str)+1 >= (int)sizeof(buf) ) { log_err("cannot parse port number '%s'", str); return 0; } + if(mid > str) memcpy(buf, str, (size_t)(mid-str)); buf[mid-str] = 0; - low = atoi(buf); + low = extract_port_from_str(buf, num); if(low < 0) { - log_err("port number is negative: %d", low); + log_err("Failed to parse the port number"); return 0; } - if(low == 0 && strcmp(buf, "0") != 0) { - log_err("cannot parse port number '%s'", buf); + + if (low > high) { + log_err("Low value is greater than high value"); return 0; } - if(high > num) { - /* Stop very high values from taking a long time. */ - high = num; - } + for(i=low; i<=high; i++) { if(i < num) avail[i] = (allow?i:0); } - return 1; } return 1; } diff --git a/sbin/unwind/libunbound/util/config_file.h b/sbin/unwind/libunbound/util/config_file.h index d3a2e268c..23aacc67a 100644 --- a/sbin/unwind/libunbound/util/config_file.h +++ b/sbin/unwind/libunbound/util/config_file.h @@ -592,6 +592,8 @@ struct config_file { char* dnstap_identity; /** dnstap "version", package version is used if "". */ char* dnstap_version; + /** dnstap sample rate */ + int dnstap_sample_rate; /** true to log dnstap RESOLVER_QUERY message events */ int dnstap_log_resolver_query_messages; @@ -748,6 +750,8 @@ struct config_file { uint8_t cookie_secret[40]; /** cookie secret length */ size_t cookie_secret_len; + /** path to cookie secret store */ + char* cookie_secret_file; /* ipset module */ #ifdef USE_IPSET diff --git a/sbin/unwind/libunbound/util/configlexer.c b/sbin/unwind/libunbound/util/configlexer.c index c32e52edf..90ddbc765 100644 --- a/sbin/unwind/libunbound/util/configlexer.c +++ b/sbin/unwind/libunbound/util/configlexer.c @@ -5,7 +5,7 @@ #define YY_INT_ALIGNED short int -/* $OpenBSD: configlexer.c,v 1.19 2024/06/14 07:45:44 florian Exp $ */ +/* $OpenBSD: configlexer.c,v 1.20 2024/09/05 08:22:47 florian Exp $ */ /* A lexical scanner generated by flex */ @@ -27,7 +27,7 @@ /* end standard C headers. */ -/* $OpenBSD: configlexer.c,v 1.19 2024/06/14 07:45:44 florian Exp $ */ +/* $OpenBSD: configlexer.c,v 1.20 2024/09/05 08:22:47 florian Exp $ */ /* flex integer type definitions */ @@ -368,8 +368,8 @@ static void yy_fatal_error (yyconst char msg[] ); *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 392 -#define YY_END_OF_BUFFER 393 +#define YY_NUM_RULES 394 +#define YY_END_OF_BUFFER 395 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -377,438 +377,439 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static yyconst flex_int16_t yy_accept[3905] = +static yyconst flex_int16_t yy_accept[3921] = { 0, - 1, 1, 366, 366, 370, 370, 374, 374, 378, 378, - 1, 1, 382, 382, 386, 386, 393, 390, 1, 364, - 364, 391, 2, 391, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 366, 367, 367, - 368, 391, 370, 371, 371, 372, 391, 377, 374, 375, - 375, 376, 391, 378, 379, 379, 380, 391, 389, 365, - 2, 369, 391, 389, 385, 382, 383, 383, 384, 391, - 386, 387, 387, 388, 391, 390, 0, 1, 2, 2, - 2, 2, 390, 390, 390, 390, 390, 390, 390, 390, + 1, 1, 368, 368, 372, 372, 376, 376, 380, 380, + 1, 1, 384, 384, 388, 388, 395, 392, 1, 366, + 366, 393, 2, 393, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 368, 369, 369, + 370, 393, 372, 373, 373, 374, 393, 379, 376, 377, + 377, 378, 393, 380, 381, 381, 382, 393, 391, 367, + 2, 371, 393, 391, 387, 384, 385, 385, 386, 393, + 388, 389, 389, 390, 393, 392, 0, 1, 2, 2, + 2, 2, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 366, 0, 370, 0, 377, 0, 374, 378, - 0, 389, 0, 2, 2, 389, 385, 0, 382, 386, - 0, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 368, 0, 372, 0, 379, 0, 376, 380, + 0, 391, 0, 2, 2, 391, 387, 0, 384, 388, + 0, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 389, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 391, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 362, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 137, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 147, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 364, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 137, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 147, 392, - 390, 390, 390, 390, 390, 390, 390, 389, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 119, 390, 390, 361, 390, + 392, 392, 392, 392, 392, 392, 392, 391, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 119, 392, 392, 363, 392, - 390, 390, 390, 390, 390, 390, 390, 8, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 138, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 152, 390, 390, 390, 389, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 8, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 138, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 152, 392, 392, 392, 391, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 352, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 353, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 389, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 71, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 391, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 71, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 273, 390, 14, 15, 390, 390, - 20, 19, 390, 390, 247, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 145, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 273, 392, 14, 15, 392, 392, + 20, 19, 392, 392, 247, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 145, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 245, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 3, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 389, 390, 390, 390, 390, - 390, 390, 390, 390, 341, 390, 390, 390, 340, 390, + 245, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 3, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 391, 392, 392, 392, 392, + 392, 392, 392, 392, 342, 392, 392, 392, 341, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 373, 390, 390, 390, 390, 390, 390, - 390, 390, 70, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 74, 390, 310, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 375, 392, 392, 392, 392, 392, 392, + 392, 392, 70, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 74, 392, 311, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 353, 354, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 75, 390, 390, 146, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 141, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 234, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 22, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 354, 355, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 75, 392, 392, 146, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 141, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 234, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 22, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 173, 390, 390, 390, 390, 390, 390, - 389, 373, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 117, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 318, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 16, 390, - 390, 390, 390, 390, 390, 390, 390, 201, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 173, 392, 392, 392, 392, 392, 392, + 391, 375, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 117, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 319, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 16, + 392, 392, 392, 392, 392, 392, 392, 392, 201, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 172, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 116, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 37, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 172, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 116, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 37, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 38, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 72, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 144, 390, 390, 390, - 389, 390, 390, 390, 390, 390, 390, 136, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 73, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 277, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 202, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 38, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 72, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 144, 392, 392, + 392, 391, 392, 392, 392, 392, 392, 392, 136, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 73, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 277, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 202, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 60, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 296, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 60, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 65, 390, 66, 390, 390, 390, 390, 390, 390, 120, - 390, 121, 390, 390, 390, 390, 390, 118, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 7, 390, 390, 390, 390, 390, 389, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 297, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 65, 392, 66, 392, 392, 392, 392, 392, + 392, 120, 392, 121, 392, 392, 392, 392, 392, 118, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 7, 392, 392, 392, 392, 392, 391, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 262, 390, 390, 390, 390, 390, 390, 176, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 278, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 51, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 61, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 225, 390, 224, 390, 390, 390, + 392, 392, 392, 262, 392, 392, 392, 392, 392, 392, + 176, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 278, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 51, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 61, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 225, 392, 224, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 17, 18, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 76, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 233, 390, 390, 390, 390, 390, 390, 390, - 123, 390, 122, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 215, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 17, 18, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 76, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 233, 392, 392, 392, 392, + 392, 392, 392, 123, 392, 122, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 153, - 390, 253, 390, 390, 390, 389, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 111, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 98, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 246, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 103, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 215, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 153, 392, 253, 392, 392, 392, 391, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 111, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 98, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 246, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 103, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 69, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 218, 219, - 390, 390, 390, 312, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 6, 390, 390, 390, 390, 390, 390, 390, 331, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 316, - 390, 390, 390, 390, 390, 390, 390, 342, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 69, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 218, 219, 392, 392, 392, 313, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 6, 392, 392, 392, 392, 392, + 392, 392, 332, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 317, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 48, 390, 390, 390, 390, 390, 50, - 390, 390, 390, 99, 390, 390, 390, 390, 390, 58, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 389, 390, 211, 390, 390, 390, 148, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 238, 390, 390, 212, 390, 390, - 390, 390, 390, 258, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 343, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 48, 392, 392, + 392, 392, 392, 50, 392, 392, 392, 99, 392, 392, + 392, 392, 392, 58, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 391, 392, 211, + 392, 392, 392, 148, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 238, 392, + 392, 212, 392, 392, 392, 392, 392, 258, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 59, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 150, 129, 390, 130, - 390, 390, 390, 390, 128, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 169, 390, 390, 56, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 294, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 213, - 390, 390, 390, 390, 390, 223, 216, 390, 222, 390, - 390, 390, 390, 390, 390, 390, 390, 257, 390, 390, - 390, 390, 390, 390, 261, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 59, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 150, 129, 392, 130, 392, 392, 392, 392, 128, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 169, 392, 392, 56, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 295, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 213, 392, 392, 392, 392, 392, + 223, 216, 392, 222, 392, 392, 392, 392, 392, 392, + 392, 392, 257, 392, 392, 392, 392, 392, 392, 261, - 390, 390, 390, 390, 390, 390, 115, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 142, 390, - 390, 390, 390, 390, 390, 390, 390, 67, 390, 390, - 390, 390, 31, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 21, 390, 390, 390, 390, - 390, 390, 390, 32, 41, 390, 181, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 209, 390, 390, 389, 390, 390, 390, - 390, 357, 390, 390, 84, 390, 87, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 115, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 142, 392, 392, 392, 392, 392, 392, + 392, 392, 67, 392, 392, 392, 392, 31, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 21, 392, 392, 392, 392, 392, 392, 392, 32, 41, + 392, 181, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 209, 392, + 392, 391, 392, 392, 392, 392, 358, 392, 392, 84, - 390, 390, 390, 390, 390, 390, 358, 390, 390, 390, - 390, 390, 390, 390, 390, 320, 390, 390, 390, 390, - 274, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 131, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 168, 390, 52, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 268, 390, 390, 390, 390, 390, 390, 390, 390, 335, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 87, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 359, 392, 392, 392, 392, 392, 392, 392, + 392, 321, 392, 392, 392, 392, 274, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 131, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 168, 392, 52, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 268, 392, 392, + 392, 392, 392, 392, 392, 392, 336, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 175, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 329, 390, 390, 390, 390, - 244, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 349, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 194, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 124, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 188, 390, 203, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 175, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 330, 392, 392, 392, 392, 244, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 350, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 194, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 124, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 188, 392, - 390, 390, 390, 389, 390, 156, 390, 390, 390, 390, - 390, 390, 390, 390, 110, 390, 390, 390, 390, 236, - 390, 390, 390, 390, 390, 390, 390, 390, 259, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 286, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 149, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 192, 390, 390, 390, - 390, 390, 390, 390, 88, 390, 89, 390, 390, 390, - 390, 390, 271, 390, 390, 390, 390, 390, 68, 338, + 203, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 391, 392, 156, 392, 392, 392, 392, 392, 392, 392, + 392, 110, 392, 392, 392, 392, 236, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 259, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 286, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 149, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 192, 392, 392, 392, 392, + 392, 392, 392, 88, 392, 89, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 97, 204, 390, 226, 390, - 263, 390, 390, 217, 313, 390, 390, 390, 390, 308, - 390, 390, 390, 80, 390, 206, 390, 390, 390, 390, - 390, 390, 9, 390, 390, 390, 390, 390, 114, 390, - 390, 390, 390, 390, 390, 300, 390, 390, 390, 390, - 390, 390, 235, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 271, 392, 392, 392, 392, 392, 68, 339, 392, + 392, 392, 392, 392, 97, 204, 392, 226, 392, 263, + 392, 392, 217, 314, 392, 392, 392, 392, 309, 392, + 392, 392, 80, 392, 206, 392, 392, 392, 392, 392, + 392, 9, 392, 392, 392, 392, 392, 114, 392, 392, + 392, 392, 392, 392, 301, 392, 392, 392, 392, 392, + 392, 235, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 389, 390, 390, 390, 390, 191, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 193, 252, 177, 390, 319, 390, 390, 390, 390, 390, - 285, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 248, 390, 390, 390, 390, 390, 390, 311, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 174, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 391, 392, 392, 392, 392, 191, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 193, 252, 177, 392, 320, 392, 392, 392, 392, 392, + 285, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 248, 392, 392, 392, 392, 392, 392, + 312, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 174, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 339, 390, 205, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 79, 81, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 113, 390, 390, 390, 390, 390, - 390, 298, 390, 390, 390, 390, 390, 390, 390, 315, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 240, 390, 39, 33, 35, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 40, 390, 34, 36, 390, 42, 390, 390, 390, - 390, 390, 390, 390, 109, 390, 187, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 389, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 340, 392, 205, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 79, 81, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 113, 392, 392, 392, 392, + 392, 392, 299, 392, 392, 392, 392, 392, 392, 392, + 316, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 240, 392, 39, 33, 35, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 40, 392, 34, 36, 392, 42, 392, 392, + 392, 392, 392, 392, 392, 109, 392, 187, 392, 392, - 390, 390, 390, 390, 390, 343, 390, 390, 390, 390, - 390, 242, 239, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 78, 390, 390, 390, 151, 390, 132, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 170, 53, 390, 390, 390, 381, 13, 390, 390, 390, - 390, 390, 390, 390, 157, 390, 390, 390, 390, 390, - 390, 390, 390, 333, 390, 336, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 12, - 390, 390, 23, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 392, 392, 392, 391, 392, 392, + 392, 392, 392, 392, 392, 392, 344, 392, 392, 392, + 392, 392, 242, 239, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 78, 392, 392, 392, 151, + 392, 132, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 170, 53, 392, 392, 392, 383, 13, + 392, 392, 392, 392, 392, 392, 392, 157, 392, 392, + 392, 392, 392, 392, 392, 392, 334, 392, 337, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 304, 390, 390, 351, 390, 390, 390, 390, 317, 390, - 390, 390, 390, 82, 390, 250, 390, 390, 390, 390, - 390, 241, 390, 390, 390, 390, 77, 390, 390, 390, - 390, 390, 390, 24, 390, 390, 49, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 186, - 185, 390, 390, 390, 390, 381, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 243, 237, 390, - 260, 390, 390, 321, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 199, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 12, 392, 392, 23, 392, 392, 392, 392, + 392, 392, 392, 305, 392, 392, 352, 392, 392, 392, + 392, 318, 392, 392, 392, 392, 82, 392, 250, 392, + 392, 392, 392, 392, 241, 392, 392, 392, 392, 77, + 392, 392, 392, 392, 392, 392, 24, 392, 392, 49, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 186, 185, 392, 392, 392, 392, 383, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 243, 237, 392, 392, 260, 392, 392, 322, 392, 392, + 392, 392, 392, 392, 293, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 90, 390, 390, 390, 390, 390, 390, 390, 390, - 299, 390, 390, 390, 390, 221, 390, 390, 390, 390, - 390, 390, 249, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 306, 390, 390, 390, 345, 390, 347, - 346, 183, 390, 390, 390, 83, 390, 390, 390, 390, - 195, 390, 390, 390, 390, 390, 125, 127, 126, 390, - 390, 390, 26, 390, 390, 178, 390, 180, 390, 227, - 390, 390, 390, 390, 184, 390, 390, 254, 390, 390, - 390, 390, 264, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 199, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 90, 392, 392, 392, + 392, 392, 392, 392, 392, 300, 392, 392, 392, 392, + 221, 392, 392, 392, 392, 392, 392, 249, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 307, 392, + 392, 392, 346, 392, 348, 347, 183, 392, 392, 392, + 83, 392, 392, 392, 392, 195, 392, 392, 392, 392, + 392, 125, 127, 126, 392, 392, 392, 26, 392, 392, + 178, 392, 180, 392, 227, 392, 392, 392, 392, 184, - 390, 390, 159, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 276, 390, 390, 390, 390, - 390, 390, 390, 359, 390, 28, 390, 314, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 95, 228, 390, 390, - 270, 390, 390, 390, 297, 390, 337, 390, 220, 390, - 390, 309, 390, 390, 390, 307, 62, 390, 390, 390, - 390, 390, 390, 390, 4, 390, 390, 390, 390, 390, - 140, 390, 158, 390, 390, 390, 200, 30, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 254, 392, 392, 392, 392, 264, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 159, 360, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 276, 392, 392, 392, 392, 392, 392, 392, 361, + 392, 28, 392, 315, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 95, 228, 392, 392, 270, 392, 392, 392, + 298, 392, 338, 392, 220, 392, 392, 310, 392, 392, + 392, 308, 62, 392, 392, 392, 392, 392, 392, 392, + 4, 392, 392, 392, 392, 392, 140, 392, 158, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 267, - 43, 44, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 322, 390, 390, 390, 390, 390, 390, 390, 284, - 390, 390, 390, 390, 390, 390, 390, 390, 231, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 94, 93, 390, 390, 63, 390, - 390, 295, 303, 390, 272, 390, 390, 390, 390, 390, - 11, 390, 390, 390, 390, 363, 390, 390, 390, 390, - 390, 139, 390, 390, 390, 390, 390, 390, 229, 100, - 390, 390, 46, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 200, 30, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 267, 43, 44, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 323, 392, 392, + 392, 392, 392, 392, 392, 284, 392, 392, 392, 392, + 392, 392, 392, 392, 231, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 94, 93, 392, 392, 63, 392, 392, 296, 304, 392, + 272, 392, 392, 392, 392, 392, 11, 392, 392, 392, + 392, 365, 392, 392, 392, 392, 392, 139, 392, 392, - 390, 190, 390, 255, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 161, 390, 390, 390, 390, 275, 390, - 390, 390, 390, 390, 283, 390, 390, 390, 390, 154, - 390, 390, 390, 133, 135, 134, 390, 390, 390, 102, - 106, 101, 390, 171, 390, 390, 390, 390, 91, 390, - 269, 305, 390, 390, 390, 390, 390, 390, 10, 390, - 390, 390, 390, 390, 301, 350, 390, 390, 390, 390, - 390, 390, 390, 390, 356, 45, 390, 390, 390, 390, - 390, 189, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, + 392, 392, 392, 392, 229, 100, 392, 392, 46, 392, + 392, 392, 392, 392, 392, 392, 392, 190, 392, 255, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 161, + 392, 392, 392, 392, 275, 392, 392, 392, 392, 392, + 283, 392, 392, 392, 392, 154, 392, 392, 392, 133, + 135, 134, 392, 392, 392, 102, 106, 101, 392, 171, + 392, 392, 392, 392, 91, 392, 269, 306, 392, 392, + 392, 392, 392, 392, 10, 392, 392, 392, 392, 392, + 302, 351, 392, 392, 392, 392, 392, 392, 392, 392, + 357, 45, 392, 392, 392, 392, 392, 189, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 107, 105, 390, 390, 57, 390, 390, 92, 390, 334, - 390, 390, 390, 390, 25, 390, 390, 390, 390, 390, - 214, 390, 390, 348, 390, 390, 390, 390, 230, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 210, - 390, 390, 179, 85, 86, 390, 390, 390, 390, 390, - 390, 323, 390, 390, 390, 390, 390, 390, 390, 280, - 390, 390, 279, 155, 390, 390, 104, 390, 54, 390, - 390, 162, 163, 166, 167, 164, 165, 96, 332, 390, - 390, 302, 143, 390, 390, 390, 390, 27, 390, 182, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 107, 105, 392, 392, + 57, 392, 392, 92, 392, 335, 392, 392, 392, 392, + 25, 392, 392, 392, 392, 392, 214, 392, 392, 349, + 392, 392, 392, 392, 230, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 210, 392, 392, 179, 85, + 86, 392, 392, 392, 392, 392, 392, 324, 392, 392, + 392, 392, 392, 392, 392, 280, 392, 392, 279, 155, + 392, 392, 104, 392, 54, 392, 392, 162, 163, 166, - 390, 390, 390, 390, 390, 208, 390, 266, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 197, 196, 232, 47, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 330, 390, 390, 390, 390, 112, 390, 390, 265, - 390, 390, 293, 327, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 360, 390, 108, 55, 64, - 5, 390, 390, 251, 390, 390, 390, 390, 328, 390, + 167, 164, 165, 96, 333, 392, 392, 303, 143, 392, + 392, 392, 392, 27, 392, 182, 392, 392, 392, 392, + 392, 208, 392, 266, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 197, 196, 232, + 47, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 331, 392, 392, + 392, 392, 112, 392, 392, 265, 392, 392, 294, 328, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, - 390, 390, 390, 390, 390, 390, 390, 390, 281, 29, - 390, 390, 390, 256, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 282, 390, 390, 390, 390, 160, - 390, 390, 390, 390, 390, 390, 390, 390, 198, 390, - 207, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 324, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 390, 390, 390, - 390, 355, 344, 390, 390, 289, 390, 390, 390, 390, - 390, 325, 390, 390, 390, 390, 390, 390, 326, 390, - 390, 390, 287, 390, 290, 291, 390, 390, 390, 390, + 392, 362, 392, 108, 55, 64, 5, 392, 392, 251, + 392, 392, 392, 392, 329, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 281, 29, 392, 392, 392, 256, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 282, 392, 392, 392, 392, 160, 392, 392, 392, 392, + 392, 392, 392, 392, 198, 392, 207, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 325, 392, + 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 356, 345, 392, + 392, 289, 392, 392, 392, 392, 392, 326, 392, 392, - 390, 288, 292, 0 + 392, 392, 392, 392, 327, 392, 392, 392, 287, 392, + 290, 291, 392, 392, 392, 392, 392, 288, 292, 0 } ; static yyconst flex_int32_t yy_ec[256] = @@ -851,17 +852,17 @@ static yyconst flex_int32_t yy_meta[41] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; -static yyconst flex_int16_t yy_base[3923] = +static yyconst flex_int16_t yy_base[3939] = { 0, 0, 0, 38, 41, 44, 46, 59, 65, 71, 77, - 90, 112, 96, 118, 124, 136, 3268, 3142, 81, 7612, - 7612, 7612, 129, 52, 137, 63, 130, 159, 70, 132, + 90, 112, 96, 118, 124, 136, 4305, 4135, 81, 7635, + 7635, 7635, 129, 52, 137, 63, 130, 159, 70, 132, 134, 146, 57, 88, 76, 166, 177, 95, 199, 155, - 187, 201, 210, 172, 156, 97, 148, 2842, 7612, 7612, - 7612, 189, 2313, 7612, 7612, 7612, 204, 2257, 2137, 7612, - 7612, 7612, 239, 1886, 7612, 7612, 7612, 228, 1806, 7612, - 243, 7612, 247, 193, 1718, 1695, 7612, 7612, 7612, 251, - 1535, 7612, 7612, 7612, 235, 1388, 257, 261, 0, 264, + 187, 201, 210, 172, 156, 97, 148, 3302, 7635, 7635, + 7635, 189, 3258, 7635, 7635, 7635, 204, 2724, 2475, 7635, + 7635, 7635, 239, 2125, 7635, 7635, 7635, 228, 1886, 7635, + 243, 7635, 247, 193, 1806, 1730, 7635, 7635, 7635, 251, + 1683, 7635, 7635, 7635, 235, 1535, 257, 261, 0, 264, 0, 0, 212, 258, 259, 183, 170, 251, 265, 267, 92, 260, 261, 272, 273, 274, 279, 287, 280, 285, @@ -870,8 +871,8 @@ static yyconst flex_int16_t yy_base[3923] = 139, 334, 342, 349, 351, 350, 356, 352, 357, 353, 362, 359, 360, 363, 376, 364, 384, 380, 388, 393, 369, 383, 370, 396, 397, 395, 398, 401, 404, 405, - 414, 415, 1269, 426, 1184, 428, 1103, 437, 996, 899, - 441, 707, 445, 449, 0, 441, 523, 455, 491, 426, + 414, 415, 1388, 426, 1269, 428, 1184, 437, 1115, 984, + 441, 899, 445, 449, 0, 441, 707, 455, 535, 479, 460, 419, 453, 434, 454, 223, 455, 456, 457, 458, 459, 461, 460, 464, 472, 482, 468, 473, 484, 492, @@ -887,15 +888,15 @@ static yyconst flex_int16_t yy_base[3923] = 688, 690, 697, 687, 696, 699, 700, 701, 703, 704, 712, 705, 714, 718, 720, 725, 713, 723, 726, 728, - 732, 734, 735, 736, 740, 738, 7612, 748, 741, 752, + 732, 734, 735, 736, 740, 738, 7635, 748, 741, 752, 751, 756, 754, 759, 761, 768, 769, 764, 765, 770, 730, 771, 773, 767, 774, 777, 779, 780, 782, 786, 787, 798, 790, 795, 808, 794, 801, 804, 829, 802, 810, 818, 811, 822, 836, 835, 840, 824, 837, 842, 843, 845, 849, 856, 859, 862, 865, 851, 853, 867, - 869, 870, 871, 873, 880, 882, 7612, 875, 879, 892, + 869, 870, 871, 873, 880, 882, 7635, 875, 879, 892, 893, 897, 900, 890, 912, 907, 878, 913, 915, 917, - 919, 929, 951, 911, 918, 920, 922, 927, 7612, 940, + 919, 929, 951, 911, 918, 920, 922, 927, 7635, 940, 934, 975, 945, 944, 962, 955, 958, 925, 877, 965, 957, 963, 979, 968, 969, 976, 983, 998, 999, 981, @@ -906,16 +907,16 @@ static yyconst flex_int16_t yy_base[3923] = 1066, 1089, 1096, 933, 1097, 1084, 1108, 1029, 1113, 1115, 1086, 1116, 1124, 1121, 1101, 1119, 1122, 1123, 1125, 1131, 1127, 1129, 1133, 1135, 1068, 1136, 1137, 1141, 1144, 1138, - 1152, 1154, 1145, 1155, 1158, 7612, 1167, 1162, 7612, 1160, + 1152, 1154, 1145, 1155, 1158, 7635, 1167, 1162, 7635, 1160, - 1164, 1165, 1168, 1169, 1170, 1171, 1173, 7612, 1174, 1178, + 1164, 1165, 1168, 1169, 1170, 1171, 1173, 7635, 1174, 1178, 1179, 1182, 1183, 1193, 1189, 1201, 1200, 1188, 1203, 1204, 1206, 1208, 1209, 1216, 1212, 1219, 1221, 1213, 1224, 1225, 1217, 1226, 1228, 1231, 1233, 1235, 1234, 1237, 1241, 1257, - 7612, 1242, 1243, 1244, 1249, 1251, 1255, 1252, 1274, 1275, + 7635, 1242, 1243, 1244, 1249, 1251, 1255, 1252, 1274, 1275, 1246, 1267, 1266, 1279, 1293, 1281, 1286, 1291, 1289, 1290, 1299, 1295, 1303, 1301, 1297, 1306, 1307, 1305, 1311, 1313, - 1314, 1315, 1317, 1319, 7612, 1326, 1322, 1335, 1336, 1343, + 1314, 1315, 1317, 1319, 7635, 1326, 1322, 1335, 1336, 1343, 1329, 1327, 1328, 1330, 1351, 1346, 1348, 1349, 1350, 1352, 1355, 1356, 1358, 1365, 1360, 1368, 1373, 1369, 1371, 1370, @@ -924,7 +925,7 @@ static yyconst flex_int16_t yy_base[3923] = 1416, 1415, 1424, 1425, 1430, 1427, 1429, 1436, 1437, 1438, 1439, 1441, 1442, 1446, 1444, 1449, 1451, 1452, 1454, 1453, 1455, 1462, 1461, 1463, 1468, 1465, 1481, 1467, 1470, 1484, - 1487, 1474, 1478, 7612, 1496, 1491, 1494, 1495, 1498, 1501, + 1487, 1474, 1478, 7635, 1496, 1491, 1494, 1495, 1498, 1501, 1502, 1503, 1504, 1507, 1509, 1510, 1513, 1511, 1515, 1519, 1522, 1524, 1512, 1526, 1527, 1530, 1532, 1542, 1545, 1534, 1549, 1538, 1550, 1552, 1548, 1555, 1556, 1558, 1559, 1567, @@ -938,792 +939,794 @@ static yyconst flex_int16_t yy_base[3923] = 1698, 1699, 1684, 1700, 1701, 1704, 1705, 1706, 1707, 1710, 1714, 1716, 1708, 1722, 1724, 1712, 1726, 1728, 1731, 1734, 1735, 1736, 1746, 1742, 1738, 1749, 1750, 1751, 1739, 1752, - 1756, 1757, 1759, 1762, 1767, 1768, 1765, 7612, 1769, 1781, + 1756, 1757, 1759, 1762, 1767, 1768, 1765, 7635, 1769, 1781, 1772, 1776, 1779, 1777, 1780, 1782, 1790, 1792, 1785, 1787, - 1795, 1797, 1798, 1823, 7612, 1799, 7612, 7612, 1804, 1802, - 7612, 7612, 1803, 1809, 7612, 1807, 1810, 1808, 1811, 1820, + 1795, 1797, 1798, 1823, 7635, 1799, 7635, 7635, 1804, 1802, + 7635, 7635, 1803, 1809, 7635, 1807, 1810, 1808, 1811, 1820, 1830, 1833, 1826, 1821, 1836, 1838, 1846, 1859, 1844, 1847, 1841, 1849, 1851, 1848, 1853, 1865, 1856, 1869, 1868, 1854, 1881, 1888, 1885, 1889, 1876, 1893, 1894, 1896, 1897, 1899, 1903, 1905, 1906, 1908, 1909, 1910, 1912, 1911, 1914, 1917, 1916, 1920, 1921, 1923, 1925, 1924, 1935, 1928, 1939, 1948, - 7612, 1940, 1949, 1926, 1950, 1951, 1958, 1954, 1961, 1953, + 7635, 1940, 1949, 1926, 1950, 1951, 1958, 1954, 1961, 1953, 1957, 1960, 1965, 1967, 1962, 1970, 1972, 1974, 1973, 1975, 1976, 1981, 1983, 1985, 1986, 1988, 1992, 1993, 1989, 1998, - 7612, 1999, 2000, 2001, 2003, 2005, 2004, 2011, 2015, 2012, + 7635, 1999, 2000, 2001, 2003, 2005, 2004, 2011, 2015, 2012, 2006, 2019, 2016, 2033, 2021, 2022, 2024, 2030, 2034, 2036, - 2037, 2041, 7612, 2038, 2046, 2042, 2048, 2047, 2051, 2050, + 2037, 2041, 7635, 2038, 2046, 2042, 2048, 2047, 2051, 2050, 2054, 2057, 2058, 2062, 2059, 2061, 2066, 2064, 2073, 2072, 2075, 2069, 2076, 2077, 2080, 2088, 2089, 2092, 2094, 2090, 2098, 2099, 2100, 2102, 2101, 2104, 2105, 2107, 2111, 2112, 2119, 2114, 2122, 2115, 2117, 2136, 2138, 2135, 2123, 2133, 2141, 2134, 2143, 2154, 2156, 2149, 2140, 2147, 2157, 2159, 2162, 2163, 2164, 2165, 2166, 2173, 2168, 2171, 2185, 2174, - 2178, 2176, 2187, 2180, 7612, 2188, 2189, 2190, 7612, 2194, + 2178, 2176, 2187, 2180, 7635, 2188, 2189, 2190, 7635, 2194, 2195, 2197, 2219, 2200, 2201, 2206, 2208, 2214, 2209, 2216, 2211, 2217, 2225, 2233, 2227, 2243, 2236, 2244, 2246, 2248, - 2249, 2247, 2251, 2252, 2261, 2253, 2255, 2267, 2265, 2271, - 2268, 2278, 2281, 2280, 2287, 2289, 2284, 2285, 2290, 2309, - 2286, 2288, 2291, 2295, 2296, 2294, 2292, 2302, 2303, 2311, - 2301, 2312, 2314, 2324, 2321, 2322, 2327, 2332, 2333, 2336, - 2338, 2339, 2340, 7612, 2347, 2226, 2342, 2344, 2346, 2356, - 2352, 2353, 7612, 2355, 2358, 2362, 2369, 2365, 2366, 2368, - 2370, 2375, 2376, 2371, 2380, 2379, 2384, 2381, 2382, 2400, - 7612, 2386, 7612, 2383, 2395, 2396, 2398, 2407, 2404, 2405, + 2251, 2247, 2249, 2253, 2261, 2255, 2257, 2264, 2265, 2268, + 2272, 2275, 2284, 2280, 2286, 2288, 2283, 2285, 2289, 2308, + 2287, 2290, 2292, 2291, 2293, 2296, 2302, 2297, 2313, 2298, + 2300, 2317, 2315, 2324, 2320, 2321, 2323, 2326, 2330, 2332, + 2338, 2335, 2340, 7635, 2349, 2226, 2344, 2346, 2345, 2353, + 2352, 2354, 7635, 2355, 2356, 2359, 2367, 2362, 2366, 2369, + 2368, 2370, 2376, 2372, 2378, 2380, 2382, 2381, 2379, 2399, + 7635, 2386, 7635, 2383, 2394, 2395, 2398, 2406, 2404, 2401, - 2406, 2410, 2408, 2409, 7612, 7612, 2411, 2412, 2418, 2428, - 2426, 2436, 2422, 2432, 2433, 7612, 2434, 2441, 7612, 2438, - 2437, 2445, 2443, 2444, 2449, 2451, 2453, 2454, 2455, 2462, - 2459, 2466, 2461, 2463, 2469, 7612, 2472, 2474, 2475, 2480, - 2481, 2478, 2482, 2484, 2487, 2488, 7612, 2493, 2490, 2495, - 2497, 2504, 2503, 2505, 2507, 2508, 2509, 2512, 2513, 2515, - 2516, 2520, 2523, 2527, 2528, 2524, 2526, 2540, 2536, 2543, - 7612, 2539, 2538, 2542, 2551, 2547, 2549, 2546, 2550, 2553, - 2554, 2557, 2560, 2561, 2566, 2565, 2567, 2568, 2569, 2579, - 2581, 2571, 2578, 2590, 2574, 2582, 2587, 2584, 2595, 2592, + 2407, 2409, 2405, 2408, 7635, 7635, 2411, 2412, 2418, 2421, + 2432, 2434, 2429, 2430, 2431, 7635, 2419, 2442, 7635, 2439, + 2433, 2446, 2437, 2447, 2450, 2452, 2453, 2455, 2454, 2462, + 2457, 2464, 2460, 2465, 2472, 7635, 2473, 2476, 2461, 2478, + 2480, 2481, 2484, 2487, 2489, 2488, 7635, 2490, 2491, 2495, + 2498, 2505, 2503, 2504, 2506, 2508, 2509, 2512, 2514, 2515, + 2517, 2516, 2527, 2528, 2531, 2518, 2532, 2540, 2536, 2544, + 7635, 2542, 2539, 2526, 2549, 2545, 2552, 2553, 2554, 2555, + 2548, 2556, 2558, 2564, 2559, 2568, 2565, 2569, 2571, 2578, + 2580, 2576, 2577, 2585, 2579, 2586, 2587, 2588, 2593, 2592, - 2594, 2597, 2598, 7612, 2600, 2604, 2606, 2601, 2607, 2615, - 2608, 295, 2611, 2614, 2618, 2617, 2624, 2621, 2627, 2631, - 2638, 2640, 2635, 2637, 2639, 2641, 2642, 2645, 2647, 2648, - 2649, 2653, 2656, 2657, 2658, 2659, 2663, 7612, 2667, 2664, - 2669, 2670, 2671, 2672, 2677, 2676, 2681, 7612, 2680, 2690, - 2688, 2699, 2685, 2694, 2701, 2702, 2705, 2703, 7612, 2706, - 2707, 2710, 2715, 2713, 2714, 2716, 2717, 7612, 2720, 2724, - 2725, 2731, 2732, 2734, 2733, 2735, 2739, 2740, 2741, 2743, - 2745, 2748, 2746, 2747, 2749, 2755, 2756, 2762, 2763, 2764, - 2766, 2769, 2770, 2772, 2775, 2774, 2776, 2777, 2788, 2779, + 2594, 2595, 2596, 7635, 2597, 2602, 2605, 2601, 2607, 2608, + 2615, 426, 2617, 2618, 2620, 2619, 2625, 2622, 2627, 2623, + 2636, 2644, 2639, 2640, 2629, 2641, 2648, 2649, 2628, 2651, + 2652, 2653, 2656, 2658, 2659, 2662, 2660, 7635, 2664, 2667, + 2669, 2671, 2670, 2672, 2676, 2674, 2684, 7635, 2686, 2691, + 2678, 2696, 2697, 2693, 2685, 2702, 2701, 2707, 2708, 7635, + 2709, 2710, 2711, 2718, 2716, 2713, 2715, 2719, 7635, 2731, + 2728, 2732, 2722, 2734, 2736, 2735, 2741, 2743, 2745, 2747, + 2746, 2748, 2751, 2749, 2752, 2753, 2754, 2757, 2765, 2775, + 2762, 2766, 2770, 2774, 2777, 2778, 2780, 2767, 2783, 2787, - 7612, 2789, 2780, 2790, 2794, 2796, 2781, 2798, 2800, 2811, - 2806, 2807, 2809, 2813, 2826, 2815, 2808, 2824, 2819, 2832, - 2829, 2838, 2836, 2841, 2843, 2850, 2823, 2852, 2854, 2840, - 2855, 2862, 2864, 2863, 2861, 2865, 2867, 2868, 2869, 2877, - 2874, 2881, 2878, 2884, 2876, 2886, 2891, 2879, 2897, 2910, - 2890, 7612, 2899, 2894, 2892, 2905, 2911, 2919, 2915, 2916, - 2914, 2917, 2921, 2928, 2926, 2927, 2929, 2938, 2930, 2939, - 2933, 2934, 2942, 2940, 2944, 2949, 2950, 2952, 2955, 2958, - 2959, 2962, 2964, 2963, 7612, 2967, 2966, 2972, 2973, 2976, - 2978, 2980, 2983, 2981, 2985, 2987, 2988, 2990, 2992, 2993, + 2784, 7635, 2791, 2788, 2793, 2794, 2795, 2797, 2800, 2806, + 2817, 2801, 2808, 2810, 2824, 2826, 2819, 2812, 2836, 2828, + 2809, 2833, 2838, 2846, 2843, 2850, 2841, 2844, 2851, 2853, + 2854, 2857, 2866, 2867, 2859, 2863, 2864, 2868, 2869, 2870, + 2877, 2876, 2885, 2881, 2887, 2880, 2889, 2890, 2878, 2896, + 2902, 2901, 7635, 2904, 2906, 2894, 2910, 2911, 2919, 2915, + 2916, 2917, 2922, 2923, 2926, 2929, 2930, 2931, 2938, 2933, + 2940, 2936, 2941, 2942, 2943, 2950, 2946, 2951, 2954, 2956, + 2963, 2958, 2965, 2966, 2968, 7635, 2972, 2976, 2967, 2974, + 2978, 2960, 2985, 2987, 2989, 2982, 2990, 2991, 2993, 2995, - 2994, 2995, 3002, 2999, 3005, 3001, 3000, 7612, 3013, 3007, - 3011, 3020, 3017, 3021, 3019, 3023, 3029, 3030, 3033, 3036, - 3037, 3038, 3039, 3040, 7612, 3048, 3049, 3045, 3047, 3057, - 3054, 3056, 3058, 3060, 3061, 3062, 7612, 3065, 3066, 3064, - 3068, 3067, 3071, 3078, 3079, 3080, 3077, 7612, 3091, 3076, - 3089, 3092, 3099, 3095, 3098, 3100, 3101, 3104, 3102, 3106, - 3107, 3108, 3111, 3117, 3112, 3118, 7612, 3120, 3124, 3121, - 3133, 3126, 3128, 3140, 3136, 3130, 3141, 3146, 3143, 3147, - 3153, 7612, 3161, 3158, 3157, 3166, 3163, 3164, 3169, 3170, - 3171, 3172, 3173, 3174, 3178, 3179, 7612, 3181, 3180, 3184, + 2996, 2997, 2998, 3005, 3001, 3007, 3002, 3008, 7635, 3014, + 3009, 3010, 3020, 3019, 3022, 3021, 3030, 3028, 3032, 3038, + 3036, 3034, 3040, 3042, 3043, 7635, 3050, 3051, 3048, 3054, + 3061, 3057, 3058, 3060, 3063, 3047, 3064, 7635, 3065, 3068, + 3069, 3072, 3073, 3074, 3081, 3082, 3083, 3080, 7635, 3094, + 3078, 3085, 3090, 3102, 3100, 3101, 3103, 3104, 3106, 3108, + 3109, 3111, 3110, 3112, 3119, 3114, 3116, 7635, 3123, 3124, + 3126, 3133, 3125, 3131, 3136, 3135, 3141, 3145, 3146, 3148, + 3150, 3147, 7635, 3159, 3155, 3158, 3164, 3173, 3165, 3166, + 3168, 3169, 3176, 3177, 3170, 3178, 3180, 3179, 7635, 3183, - 3185, 3188, 3189, 3193, 3203, 3196, 3200, 3201, 3204, 3206, - 3209, 3210, 3214, 3215, 3223, 3213, 3211, 3205, 3227, 3232, - 3230, 3234, 3217, 3238, 3241, 3246, 3242, 3247, 3250, 3251, - 3244, 3252, 3253, 3261, 3265, 3268, 3263, 3266, 7612, 3270, - 3271, 3272, 3274, 3277, 3276, 3278, 3280, 3282, 3279, 3294, - 3291, 3284, 3285, 3301, 3309, 3306, 3297, 3311, 3305, 3307, - 3313, 3314, 3315, 3316, 3320, 3327, 3318, 3325, 3328, 3329, - 3330, 3337, 3332, 3333, 3341, 3340, 3345, 3342, 3346, 3347, - 3349, 3350, 3352, 3355, 3357, 3360, 3353, 3362, 3367, 3375, - 3377, 3378, 3380, 3369, 3371, 3385, 3387, 3389, 7612, 3388, + 3187, 3189, 3190, 3196, 3193, 3194, 3201, 3202, 3203, 3204, + 3206, 3209, 3210, 3208, 3212, 3215, 3216, 3218, 3226, 3228, + 3229, 3230, 3232, 3233, 3234, 3243, 3241, 3245, 3237, 3252, + 3256, 3257, 3246, 3248, 3259, 3266, 3267, 3271, 3272, 3274, + 7635, 3277, 3278, 3270, 3250, 3280, 3281, 3283, 3284, 3285, + 3287, 3289, 3288, 3290, 3299, 3306, 3309, 3310, 3301, 3311, + 3313, 3315, 3316, 3317, 3319, 3320, 3323, 3330, 3326, 3327, + 3328, 3329, 3333, 3342, 3335, 3337, 3352, 3339, 3347, 3349, + 3350, 3351, 3353, 3357, 3355, 3360, 3361, 3363, 3364, 3365, + 3367, 3374, 3378, 3380, 3382, 3381, 3387, 3388, 3390, 3389, - 3390, 3392, 3396, 3398, 3399, 3402, 3404, 3413, 3405, 3403, - 3423, 3414, 3421, 3422, 3410, 3424, 3427, 3412, 3434, 3438, - 7612, 3429, 7612, 3439, 3431, 3435, 3443, 3451, 3441, 7612, - 3449, 7612, 3450, 3455, 3446, 3456, 3457, 7612, 3460, 3458, - 3464, 3459, 3465, 3466, 3471, 3469, 3470, 3475, 3474, 3482, - 3477, 3483, 3481, 3487, 3491, 3493, 3494, 3496, 3497, 3498, - 3504, 3501, 3505, 3506, 3507, 3511, 3512, 3514, 3517, 3518, - 3522, 7612, 3524, 3535, 3536, 3528, 3538, 3530, 3532, 3540, - 3542, 3544, 3520, 3547, 3548, 3552, 3551, 3555, 3553, 3563, - 3559, 3565, 3567, 3569, 3568, 3570, 3575, 3583, 3579, 3587, + 7635, 3392, 3393, 3399, 3398, 3400, 3401, 3406, 3407, 3415, + 3411, 3414, 3422, 3418, 3421, 3424, 3419, 3429, 3431, 3430, + 3438, 3434, 7635, 3435, 7635, 3442, 3437, 3441, 3443, 3451, + 3448, 7635, 3455, 7635, 3449, 3457, 3459, 3460, 3461, 7635, + 3462, 3463, 3466, 3464, 3467, 3469, 3474, 3471, 3472, 3478, + 3479, 3488, 3480, 3485, 3490, 3495, 3496, 3497, 3498, 3500, + 3501, 3502, 3503, 3505, 3509, 3506, 3511, 3515, 3516, 3520, + 3523, 3522, 3524, 7635, 3533, 3540, 3525, 3530, 3542, 3536, + 3538, 3544, 3545, 3546, 3548, 3550, 3553, 3557, 3549, 3561, + 3551, 3567, 3555, 3576, 3563, 3577, 3568, 3578, 3579, 3587, - 3584, 7612, 3582, 3586, 3590, 3591, 3592, 3594, 7612, 3593, - 3595, 3601, 3603, 3606, 3605, 3607, 3608, 3612, 3614, 3615, - 3616, 3625, 3624, 3621, 3630, 7612, 3629, 3634, 3617, 3637, - 3645, 3635, 3647, 3652, 3648, 3650, 3654, 3662, 3658, 3657, - 3660, 3661, 3664, 3665, 3672, 3673, 3675, 3671, 3683, 3674, - 3681, 3688, 3685, 3682, 3679, 3689, 3691, 3692, 3693, 3694, - 3695, 3696, 3698, 3701, 3711, 3702, 3715, 7612, 3706, 3716, - 3717, 3725, 3720, 3726, 3724, 3727, 3729, 3733, 3736, 7612, - 3738, 3731, 3743, 3735, 3752, 3739, 3746, 3749, 3756, 3755, - 3757, 3758, 3759, 3761, 7612, 3763, 7612, 3762, 3766, 3767, + 3583, 3591, 3589, 7635, 3586, 3593, 3590, 3595, 3596, 3598, + 7635, 3597, 3599, 3605, 3607, 3610, 3611, 3612, 3613, 3617, + 3615, 3619, 3620, 3632, 3622, 3636, 3621, 3625, 7635, 3637, + 3642, 3639, 3645, 3652, 3641, 3649, 3659, 3655, 3656, 3661, + 3669, 3666, 3654, 3658, 3668, 3670, 3672, 3679, 3680, 3683, + 3681, 3684, 3682, 3688, 3692, 3689, 3685, 3695, 3696, 3697, + 3698, 3699, 3700, 3706, 3701, 3702, 3704, 3707, 3710, 3717, + 7635, 3721, 3722, 3712, 3732, 3723, 3728, 3730, 3731, 3735, + 3736, 3739, 7635, 3741, 3742, 3746, 3747, 3752, 3749, 3754, + 3755, 3757, 3758, 3761, 3763, 3760, 3765, 7635, 3771, 7635, - 3776, 3782, 3784, 3769, 3785, 3790, 3779, 3786, 3793, 3794, - 3797, 3795, 3801, 3802, 3803, 3804, 3807, 3808, 3809, 3814, - 3818, 3811, 3815, 3824, 3825, 3827, 3828, 3830, 3835, 3831, - 3837, 7612, 7612, 3832, 3840, 3847, 3850, 3839, 3843, 3859, - 3861, 3854, 3851, 3867, 3865, 3869, 3870, 3878, 7612, 3871, - 3874, 3873, 3875, 3879, 3887, 3882, 3892, 3902, 3894, 3884, - 3903, 3901, 7612, 3886, 3904, 3905, 3914, 3909, 3912, 3916, - 7612, 3917, 7612, 3911, 3913, 3918, 3920, 3926, 3927, 3929, - 3934, 3933, 3935, 3938, 3940, 3947, 3950, 3945, 3951, 3954, - 3955, 3956, 3957, 3959, 3960, 3968, 3963, 3965, 3966, 7612, + 3766, 3773, 3774, 3783, 3788, 3778, 3785, 3789, 3794, 3795, + 3780, 3796, 3797, 3804, 3800, 3805, 3806, 3811, 3809, 3812, + 3814, 3813, 3815, 3822, 3820, 3828, 3829, 3817, 3832, 3833, + 3836, 3840, 3838, 3841, 7635, 7635, 3842, 3844, 3845, 3848, + 3854, 3855, 3856, 3858, 3860, 3863, 3865, 3871, 3874, 3875, + 3882, 7635, 3877, 3879, 3878, 3880, 3883, 3890, 3886, 3888, + 3898, 3896, 3899, 3908, 3903, 7635, 3905, 3906, 3907, 3916, + 3911, 3914, 3918, 7635, 3919, 7635, 3915, 3920, 3922, 3928, + 3930, 3929, 3931, 3933, 3932, 3937, 3940, 3947, 3949, 3956, + 3952, 3948, 3958, 3953, 3959, 3960, 3963, 3965, 3970, 3966, - 3970, 3967, 3978, 3972, 3971, 3983, 3989, 3986, 3979, 7612, - 3990, 7612, 3992, 3996, 3997, 3998, 3999, 4007, 4001, 4009, - 4008, 4012, 4013, 4015, 4016, 4019, 4017, 4022, 4025, 4026, - 7612, 4028, 4030, 4038, 4033, 4035, 4037, 4040, 4041, 4042, - 4049, 7612, 4051, 4058, 4054, 4055, 4063, 4060, 4061, 4065, - 4068, 4066, 4070, 4072, 4075, 4074, 4076, 4078, 4077, 4080, - 4083, 4082, 4085, 4094, 4096, 4097, 4103, 4113, 4098, 7612, - 4084, 4108, 4109, 4110, 4111, 4114, 4118, 4120, 4123, 4125, - 4115, 4130, 4136, 4117, 4133, 4139, 4141, 4142, 4149, 4144, - 7612, 4151, 4148, 4156, 4152, 4153, 4155, 4159, 4164, 4157, + 3967, 3969, 7635, 3972, 3974, 3976, 3981, 3975, 3984, 3985, + 3982, 3992, 7635, 3993, 7635, 3997, 4000, 3998, 3999, 4002, + 4004, 4005, 4006, 4010, 4013, 4014, 4016, 4020, 4021, 4025, + 4022, 4026, 4023, 7635, 4028, 4031, 4041, 4036, 4038, 4039, + 4050, 4052, 4040, 4054, 7635, 4057, 4064, 4044, 4061, 4069, + 4066, 4067, 4071, 4072, 4068, 4074, 4076, 4077, 4078, 4080, + 4081, 4086, 4082, 4084, 4087, 4091, 4099, 4102, 4101, 4093, + 4104, 4111, 4109, 7635, 4110, 4112, 4115, 4116, 4117, 4118, + 4122, 4123, 4128, 4140, 4121, 4143, 4144, 4125, 4129, 4133, + 4148, 4042, 4155, 4153, 7635, 4157, 4152, 4164, 4159, 4160, - 4165, 4168, 4161, 4169, 4173, 4174, 4171, 4181, 4188, 4183, - 4184, 4185, 4187, 4198, 4189, 4191, 4193, 4194, 7612, 4214, - 4201, 4205, 4210, 4206, 4216, 4224, 4219, 4221, 4222, 4226, - 4223, 4229, 4227, 4232, 4233, 4236, 4238, 4239, 7612, 7612, - 4245, 4240, 4242, 7612, 4246, 4248, 4256, 4252, 4257, 4253, - 4261, 4258, 4262, 4263, 4266, 4264, 4280, 4283, 4268, 4272, - 7612, 4284, 4286, 4293, 4276, 4285, 4295, 4297, 7612, 4298, - 4306, 4302, 4303, 4304, 4305, 4307, 4309, 4311, 4310, 4312, - 4316, 4318, 4323, 4325, 4321, 4332, 4329, 4330, 4331, 7612, - 4336, 4337, 4338, 4340, 4341, 4342, 4347, 7612, 4348, 4346, + 4161, 4163, 4168, 4169, 4171, 4173, 4162, 4174, 4175, 4178, + 4184, 4187, 4194, 4190, 4179, 4193, 4181, 4197, 4196, 4198, + 4200, 4205, 7635, 4214, 4206, 4212, 4215, 4219, 4221, 4228, + 4223, 4224, 4225, 4234, 4226, 4237, 4229, 4231, 4239, 4242, + 4248, 4235, 7635, 7635, 4251, 4243, 4245, 7635, 4256, 4257, + 4264, 4260, 4259, 4262, 4267, 4261, 4269, 4263, 4271, 4272, + 4273, 4286, 4277, 4281, 7635, 4289, 4287, 4294, 4290, 4293, + 4301, 4302, 7635, 4296, 4305, 4307, 4308, 4309, 4311, 4312, + 4314, 4316, 4317, 4320, 4321, 4322, 4324, 4334, 4330, 4337, + 4327, 4335, 4336, 7635, 4338, 4341, 4344, 4346, 4343, 4351, - 4352, 4354, 4355, 4358, 4363, 4366, 4368, 4374, 4369, 4371, - 4375, 4376, 4377, 4378, 4380, 4388, 4383, 4387, 4386, 4392, - 4396, 4403, 4389, 7612, 4399, 4406, 4407, 4409, 4411, 7612, - 4413, 4421, 4424, 7612, 4425, 4416, 4423, 4426, 4435, 7612, - 4431, 4430, 4432, 4436, 4433, 4445, 4440, 4447, 4446, 4448, - 4450, 4451, 4452, 4454, 4455, 7612, 4456, 4457, 4460, 7612, - 4464, 4466, 4473, 4478, 4479, 4482, 4489, 4471, 4475, 4490, - 4485, 4487, 4488, 4493, 7612, 4496, 4498, 7612, 4500, 4504, - 4499, 4505, 4506, 7612, 4509, 4510, 4511, 4513, 4514, 4519, - 4525, 4515, 4527, 4528, 4529, 4531, 4532, 4533, 4534, 4541, + 4353, 7635, 4352, 4355, 4360, 4366, 4364, 4375, 4369, 4376, + 4377, 4382, 4362, 4365, 4384, 4385, 4386, 4387, 4389, 4397, + 4392, 4396, 4394, 4395, 4401, 4404, 4398, 7635, 4412, 4413, + 4414, 4415, 4417, 7635, 4419, 4428, 4431, 7635, 4432, 4423, + 4430, 4433, 4442, 7635, 4438, 4437, 4439, 4443, 4440, 4452, + 4447, 4454, 4453, 4455, 4457, 4458, 4459, 4461, 4462, 7635, + 4463, 4464, 4467, 7635, 4471, 4354, 4480, 4485, 4486, 4489, + 4482, 4478, 4490, 4497, 4492, 4494, 4495, 4496, 7635, 4502, + 4509, 7635, 4511, 4500, 4506, 4512, 4515, 7635, 4513, 4517, + 4518, 4520, 4521, 4526, 4528, 4532, 4537, 4522, 4534, 4538, - 4536, 4543, 4540, 4542, 7612, 4545, 4544, 4550, 4555, 4547, - 4560, 4563, 4553, 4566, 4568, 4569, 7612, 7612, 4571, 7612, - 4574, 4575, 4576, 4578, 7612, 4580, 4579, 4589, 4581, 4584, - 4586, 4590, 4596, 4600, 4597, 7612, 4602, 4606, 7612, 4603, - 4609, 4616, 4608, 4611, 4612, 4613, 4619, 4623, 4617, 4625, - 4627, 4621, 4628, 4629, 4635, 4630, 4647, 4631, 4650, 7612, - 4642, 4643, 4648, 4658, 4649, 4651, 4661, 4663, 4659, 7612, - 4665, 4672, 4673, 4675, 4676, 7612, 7612, 4677, 7612, 4678, - 4681, 4682, 4685, 4684, 4688, 4695, 4692, 7612, 4697, 4693, - 4701, 4698, 4704, 4711, 7612, 4705, 4714, 4702, 4715, 4706, + 4539, 4546, 4541, 4544, 4553, 4548, 4550, 4551, 4554, 7635, + 4560, 4552, 4555, 4562, 4557, 4573, 4567, 4563, 4565, 4578, + 4579, 7635, 7635, 4581, 7635, 4582, 4584, 4587, 4588, 7635, + 4590, 4593, 4595, 4591, 4596, 4599, 4598, 4602, 4610, 4606, + 7635, 4616, 4617, 7635, 4611, 4613, 4627, 4622, 4623, 4624, + 4625, 4628, 4631, 4626, 4637, 4638, 4633, 4639, 4635, 4643, + 4641, 4659, 4642, 4660, 7635, 4644, 4654, 4655, 4669, 4657, + 4670, 4671, 4673, 4672, 7635, 4676, 4680, 4683, 4684, 4686, + 7635, 7635, 4685, 7635, 4687, 4688, 4691, 4696, 4695, 4699, + 4706, 4702, 7635, 4707, 4704, 4711, 4708, 4712, 4713, 7635, - 4722, 4718, 4717, 4725, 4735, 4728, 7612, 4721, 4727, 4731, - 4739, 4744, 4742, 4732, 4746, 4754, 4750, 4749, 4752, 4762, - 4757, 4759, 4760, 4763, 4767, 4769, 4771, 4761, 7612, 4777, - 4774, 4780, 4775, 4790, 4785, 4791, 4787, 7612, 4788, 4792, - 4793, 4802, 7612, 4795, 4803, 4805, 4810, 4794, 4806, 4813, - 4816, 4815, 4819, 4820, 4817, 7612, 4818, 4825, 4821, 4829, - 4838, 4827, 4826, 7612, 7612, 4839, 7612, 4842, 4828, 4846, - 4847, 4849, 4850, 4853, 4854, 4856, 4857, 4860, 4862, 4864, - 4867, 4868, 4870, 7612, 4872, 4877, 4873, 4882, 4884, 4892, - 4885, 7612, 4889, 4887, 7612, 4893, 7612, 4894, 4896, 4899, + 4716, 4720, 4723, 4724, 4726, 4733, 4730, 4731, 4728, 4738, + 4739, 7635, 4729, 4736, 4743, 4752, 4753, 4745, 4749, 4757, + 4765, 4758, 4760, 4761, 4772, 4767, 4769, 4770, 4773, 4780, + 4776, 4784, 4778, 7635, 4786, 4788, 4791, 4771, 4804, 4787, + 4801, 4794, 7635, 4795, 4802, 4807, 4811, 7635, 4805, 4809, + 4813, 4820, 4815, 4821, 4823, 4824, 4825, 4828, 4830, 4826, + 7635, 4832, 4834, 4827, 4838, 4848, 4849, 4836, 7635, 7635, + 4851, 7635, 4855, 4837, 4852, 4856, 4859, 4862, 4864, 4866, + 4869, 4865, 4872, 4873, 4876, 4879, 4878, 4880, 7635, 4882, + 4894, 4885, 4896, 4903, 4904, 4886, 7635, 4902, 4899, 7635, - 4900, 4902, 4904, 4905, 4908, 4909, 7612, 4916, 4918, 4912, - 4919, 4921, 4929, 4925, 4937, 7612, 4934, 4923, 4935, 4936, - 7612, 4940, 4941, 4944, 4942, 4945, 4948, 4947, 4949, 4953, - 4951, 4955, 4960, 4959, 4970, 4961, 4952, 4962, 4971, 4968, - 4972, 4976, 4981, 4985, 7612, 4982, 4986, 4988, 4991, 4992, - 4993, 4994, 4995, 4996, 4997, 5004, 5006, 7612, 5009, 7612, - 5001, 5011, 5020, 5019, 5002, 5028, 5029, 5030, 5023, 5031, - 5032, 5035, 5037, 5040, 5041, 5045, 5042, 5047, 5050, 5052, - 7612, 5059, 5060, 5049, 5065, 5067, 5069, 5071, 5072, 7612, - 5073, 5054, 5075, 5080, 5082, 5084, 5085, 5087, 5088, 5090, + 4905, 7635, 4906, 4908, 4912, 4913, 4909, 4916, 4920, 4922, + 4917, 4924, 7635, 4933, 4923, 4931, 4932, 4940, 4943, 4944, + 4952, 7635, 4950, 4936, 4953, 4945, 7635, 4947, 4955, 4948, + 4958, 4959, 4961, 4962, 4963, 4964, 4969, 4967, 4976, 4978, + 4968, 4981, 4970, 4985, 4987, 4990, 4991, 4992, 4993, 4994, + 4996, 7635, 4999, 4998, 5000, 5001, 5003, 5004, 5008, 5009, + 5013, 5014, 5021, 5022, 7635, 5018, 7635, 5023, 5024, 5031, + 5032, 5029, 5040, 5041, 5042, 5043, 5044, 5047, 5050, 5051, + 5054, 5055, 5059, 5060, 5062, 5065, 5066, 7635, 5072, 5073, + 5064, 5080, 5076, 5083, 5087, 5084, 7635, 5090, 5091, 5092, - 5093, 5091, 5098, 5100, 5101, 5003, 5102, 5094, 5110, 5105, - 5107, 7612, 5112, 5114, 5116, 5121, 5118, 5122, 5123, 5125, - 5130, 5133, 5124, 5134, 5137, 7612, 5138, 5140, 5142, 5150, - 7612, 5145, 5147, 5148, 5151, 5152, 5155, 5157, 5158, 5160, - 5167, 5168, 7612, 5173, 5161, 5170, 5174, 5175, 5178, 5179, - 5180, 5184, 5186, 5187, 5197, 7612, 5198, 5190, 5199, 5203, - 5205, 5191, 5201, 5207, 5209, 5219, 5211, 7612, 5220, 5221, - 5222, 5223, 5235, 5236, 5212, 5231, 5240, 5239, 5242, 5232, - 5241, 5245, 5243, 5249, 5250, 5251, 5252, 5253, 5262, 5270, - 5265, 7612, 5255, 7612, 5266, 5268, 5271, 5279, 5280, 5274, + 5093, 5097, 5099, 5094, 5101, 5102, 5104, 5106, 5109, 5108, + 5116, 5110, 5117, 5118, 5122, 5128, 5123, 5125, 7635, 5129, + 5131, 5132, 5136, 5138, 5140, 5141, 5143, 5148, 5153, 5142, + 5150, 5155, 7635, 5154, 5158, 5160, 5168, 7635, 5163, 5166, + 5167, 5170, 5171, 5173, 5174, 5179, 5176, 5182, 5186, 7635, + 5189, 5178, 5192, 5191, 5194, 5195, 5196, 5200, 5202, 5206, + 5207, 5214, 7635, 5210, 5208, 5216, 5218, 5219, 5222, 5225, + 5048, 5227, 5228, 5229, 7635, 5230, 5237, 5239, 5231, 5249, + 5251, 5240, 5241, 5254, 5252, 5253, 5250, 5259, 5260, 5262, + 5264, 5265, 5267, 5268, 5266, 5284, 5285, 5283, 7635, 5269, - 5276, 5282, 5283, 5287, 5288, 7612, 5290, 5293, 5295, 5296, - 5298, 5303, 5297, 5299, 7612, 5301, 5300, 5302, 5314, 7612, - 5315, 5319, 5320, 5321, 5323, 5328, 5330, 5331, 7612, 5335, - 5336, 5337, 5344, 5347, 5343, 5346, 5348, 5349, 5351, 5353, - 5354, 5355, 5364, 5357, 5360, 7612, 5366, 5369, 5375, 5376, - 5377, 5359, 5378, 5379, 5380, 5386, 5383, 7612, 5388, 5389, - 5390, 5391, 5392, 5394, 5395, 5397, 5407, 5408, 5403, 5412, - 5400, 5405, 5416, 5417, 5419, 5421, 7612, 5425, 5423, 5426, - 5433, 5434, 5430, 5441, 7612, 5436, 7612, 5432, 5442, 5447, - 5449, 5450, 7612, 5454, 5429, 5455, 5453, 5459, 7612, 7612, + 7635, 5270, 5286, 5291, 5294, 5296, 5293, 5298, 5299, 5301, + 5306, 5303, 7635, 5310, 5312, 5314, 5307, 5309, 5315, 5319, + 5316, 7635, 5317, 5320, 5330, 5331, 7635, 5332, 5333, 5334, + 5337, 5339, 5341, 5348, 5350, 5352, 7635, 5356, 5357, 5358, + 5365, 5367, 5362, 5369, 5364, 5372, 5370, 5374, 5366, 5376, + 5383, 5385, 5377, 5381, 7635, 5388, 5387, 5394, 5396, 5397, + 5389, 5399, 5400, 5403, 5405, 5406, 7635, 5409, 5410, 5411, + 5412, 5413, 5417, 5415, 5418, 5422, 5428, 5424, 5436, 5426, + 5429, 5433, 5438, 5439, 5441, 7635, 5442, 5445, 5446, 5453, + 5455, 5450, 5342, 7635, 5456, 7635, 5457, 5459, 5462, 5464, - 5461, 5468, 5463, 5467, 5464, 7612, 7612, 5470, 7612, 5471, - 7612, 5472, 5474, 7612, 7612, 5476, 5477, 5478, 5480, 7612, - 5482, 5483, 5485, 7612, 5492, 7612, 5499, 5494, 5497, 5495, - 5500, 5502, 7612, 5504, 5505, 5506, 5509, 5513, 7612, 5510, - 5515, 5519, 5533, 5516, 5517, 7612, 5529, 5535, 5537, 5530, - 5531, 5536, 7612, 5540, 5543, 5547, 5544, 5546, 5545, 5548, - 5557, 5556, 5560, 5561, 5563, 5564, 5565, 5566, 5576, 5567, - 5578, 5580, 5587, 5569, 5588, 5583, 5589, 5591, 5595, 5597, - 5593, 5599, 5600, 5602, 5603, 5604, 5607, 5608, 5610, 5614, - 5615, 5617, 5611, 5618, 5621, 5628, 5629, 5630, 5631, 5636, + 5468, 7635, 5472, 5466, 5474, 5470, 5478, 7635, 7635, 5476, + 5488, 5483, 5485, 5489, 7635, 7635, 5487, 7635, 5490, 7635, + 5491, 5493, 7635, 7635, 5492, 5494, 5499, 5500, 7635, 5501, + 5502, 5504, 7635, 5511, 7635, 5518, 5513, 5514, 5516, 5519, + 5522, 7635, 5523, 5525, 5524, 5526, 5530, 7635, 5531, 5534, + 5539, 5546, 5535, 5537, 7635, 5549, 5551, 5555, 5544, 5550, + 5556, 7635, 5558, 5561, 5562, 5564, 5566, 5565, 5568, 5577, + 5571, 5572, 5576, 5584, 5580, 5581, 5587, 5591, 5583, 5594, + 5596, 5603, 5597, 5604, 5599, 5605, 5607, 5611, 5613, 5615, + 5616, 5618, 5619, 5620, 5621, 5623, 5624, 5626, 5629, 5631, - 5632, 5638, 5639, 5640, 5642, 5643, 5644, 5645, 5647, 5646, - 5661, 5652, 5656, 5653, 5666, 5669, 7612, 5670, 5649, 5672, - 5673, 5675, 5676, 5677, 5679, 5682, 5685, 5692, 5696, 5697, - 7612, 7612, 7612, 5700, 7612, 5702, 5686, 5705, 5689, 5706, - 7612, 5707, 5710, 5709, 5712, 5711, 5713, 5715, 5714, 5718, - 5719, 5722, 7612, 5725, 5739, 5726, 5724, 5735, 5742, 7612, - 5743, 5748, 5745, 5749, 5750, 5751, 5754, 5753, 5755, 5756, - 5757, 5760, 5759, 5762, 5775, 5765, 5770, 5777, 7612, 5779, - 5781, 5790, 5782, 5786, 5787, 5789, 5791, 5792, 5794, 5795, - 5796, 5798, 5799, 5801, 5803, 5806, 5807, 5814, 5817, 5821, + 5633, 5634, 5638, 5635, 5640, 5644, 5648, 5650, 5652, 5653, + 5655, 5656, 5657, 5658, 5659, 5661, 5663, 5664, 5665, 5667, + 5666, 5673, 5679, 5680, 5681, 7635, 5684, 5685, 5686, 5689, + 5691, 5692, 5697, 5698, 5699, 5701, 5710, 5714, 5693, 5716, + 7635, 7635, 7635, 5718, 7635, 5720, 5711, 5722, 5723, 5724, + 7635, 5725, 5726, 5727, 5728, 5730, 5731, 5732, 5734, 5735, + 5738, 5741, 5746, 7635, 5753, 5761, 5737, 5743, 5754, 5767, + 7635, 5762, 5769, 5758, 5764, 5770, 5772, 5774, 5773, 5775, + 5778, 5777, 5780, 5783, 5786, 5798, 5781, 5787, 5800, 7635, + 5803, 5808, 5810, 5795, 5799, 5809, 5792, 5812, 5814, 5816, - 7612, 5822, 7612, 5824, 5825, 5826, 5827, 5829, 5828, 5830, - 5831, 5836, 7612, 7612, 5832, 5839, 5837, 5843, 5845, 5846, - 5850, 5854, 5853, 5858, 7612, 5856, 5859, 5861, 5866, 5873, - 5863, 7612, 5869, 5878, 5875, 5879, 5880, 5881, 5883, 7612, - 5885, 5887, 5886, 5891, 5894, 5889, 5900, 5902, 5903, 5904, - 5905, 5906, 5910, 7612, 5911, 7612, 7612, 7612, 5913, 5915, - 5916, 5919, 5921, 5922, 5923, 5928, 5930, 5931, 5942, 5925, - 5929, 7612, 5947, 7612, 7612, 5943, 7612, 5949, 5950, 5951, - 5952, 5953, 5957, 5955, 7612, 5958, 7612, 5962, 5965, 5959, - 5969, 5976, 5977, 5971, 5978, 5961, 5985, 5981, 5987, 5979, + 5818, 5820, 5821, 5822, 5823, 5825, 5827, 5828, 5836, 5829, + 5843, 7635, 5837, 7635, 5839, 5844, 5846, 5847, 5849, 5850, + 5852, 5851, 5853, 7635, 7635, 5855, 5859, 5861, 5866, 5868, + 5860, 5874, 5869, 5876, 5881, 7635, 5879, 5882, 5884, 5888, + 5887, 5889, 7635, 5893, 5896, 5898, 5900, 5899, 5901, 5904, + 7635, 5905, 5906, 5909, 5910, 5923, 5912, 5925, 5927, 5920, + 5914, 5916, 5926, 5934, 7635, 5935, 7635, 7635, 7635, 5936, + 5938, 5939, 5941, 5942, 5944, 5945, 5943, 5950, 5951, 5949, + 5953, 5954, 7635, 5963, 7635, 7635, 5965, 7635, 5966, 5964, + 5967, 5968, 5974, 5975, 5977, 7635, 5979, 7635, 5981, 5982, - 5989, 5933, 5990, 5991, 5994, 7612, 5998, 6000, 6001, 6003, - 6005, 7612, 7612, 6009, 6011, 6013, 6018, 6014, 6020, 6021, - 6029, 6024, 6026, 6027, 6030, 6032, 6033, 6043, 6044, 6034, - 6041, 6047, 7612, 6042, 6050, 6048, 7612, 6052, 7612, 6056, - 6057, 6058, 6059, 6060, 6065, 6066, 6067, 6069, 6072, 6079, - 7612, 7612, 6070, 6086, 6081, 7612, 7612, 6071, 6082, 6083, - 6085, 6092, 6089, 6093, 7612, 6097, 6098, 6094, 6099, 6100, - 6101, 6111, 6105, 7612, 6108, 7612, 6113, 6115, 6118, 6120, - 6127, 6128, 6125, 6129, 6132, 6131, 6134, 6135, 6136, 7612, - 6137, 6138, 7612, 6149, 6150, 6148, 6139, 6140, 6156, 6158, + 5980, 5989, 5991, 5992, 5983, 5996, 5999, 6003, 6000, 6004, + 6005, 6006, 6014, 6010, 6011, 6012, 7635, 6019, 6013, 6017, + 6030, 6032, 7635, 7635, 6033, 6021, 6036, 6037, 6045, 6041, + 6042, 6043, 6054, 6049, 6050, 6051, 6052, 6058, 6059, 6060, + 6068, 6069, 6065, 6064, 6072, 7635, 6075, 6074, 6077, 7635, + 6066, 7635, 6083, 6084, 6085, 6086, 6087, 6092, 6093, 6094, + 6096, 6099, 6106, 7635, 7635, 6091, 6113, 6108, 7635, 7635, + 6097, 6098, 6110, 6112, 6120, 6115, 6117, 7635, 6123, 6124, + 6125, 6127, 6128, 6129, 6135, 6121, 7635, 6138, 7635, 6139, + 6141, 6147, 6143, 6154, 6155, 6150, 6152, 6157, 6161, 6156, - 7612, 6161, 6159, 7612, 6164, 6165, 6167, 6169, 7612, 6171, - 6172, 6174, 6175, 7612, 6181, 7612, 6178, 6182, 6183, 6191, - 6189, 7612, 6186, 6192, 6193, 6196, 7612, 6200, 6203, 6205, - 6207, 6208, 6209, 7612, 6215, 6211, 7612, 6216, 6218, 6219, - 6224, 6225, 6227, 6228, 6230, 6231, 6238, 6234, 6235, 7612, - 7612, 6243, 6244, 6252, 6249, 123, 6256, 6251, 6253, 6257, - 6258, 6265, 6266, 6267, 6262, 6268, 6270, 7612, 7612, 6271, - 7612, 6275, 6278, 7612, 6263, 6279, 6284, 6280, 6286, 6289, - 6290, 6292, 6294, 6295, 6300, 6299, 6296, 6304, 7612, 6320, - 6322, 6305, 6302, 6317, 6325, 6327, 6329, 6331, 6323, 6333, + 6158, 6162, 7635, 6163, 6165, 7635, 6177, 6173, 6175, 6166, + 6174, 6181, 6182, 7635, 6185, 6187, 7635, 6190, 6191, 6193, + 6195, 7635, 6199, 6196, 6201, 6202, 7635, 6204, 7635, 6207, + 6208, 6209, 6216, 6212, 7635, 6217, 6218, 6219, 6222, 7635, + 6226, 6229, 6231, 6232, 6220, 6234, 7635, 6241, 6236, 7635, + 6242, 6244, 6245, 6249, 6250, 6252, 6253, 6255, 6256, 6263, + 6259, 6260, 7635, 7635, 6275, 6268, 6267, 6272, 295, 6282, + 6278, 6279, 6280, 6283, 6290, 6291, 6292, 6287, 6293, 6295, + 7635, 7635, 6303, 6304, 7635, 6288, 6305, 7635, 6298, 6307, + 6313, 6311, 6315, 6306, 123, 6316, 6317, 6319, 6321, 6322, - 6334, 6335, 6336, 6337, 6341, 6340, 6342, 6343, 6344, 6348, - 6349, 7612, 6356, 6358, 6350, 6360, 6363, 6365, 6367, 6366, - 7612, 6374, 6370, 6379, 6376, 7612, 6383, 6380, 6385, 6387, - 6388, 6390, 7612, 6391, 6393, 6396, 6398, 6401, 6400, 6403, - 6405, 6404, 6412, 7612, 6408, 6407, 6413, 7612, 6415, 7612, - 7612, 7612, 6418, 6426, 6422, 7612, 6428, 6429, 6431, 6432, - 7612, 6434, 6438, 6435, 6445, 6440, 7612, 7612, 7612, 6441, - 6442, 6446, 7612, 6448, 6457, 7612, 6449, 7612, 6453, 7612, - 6454, 6458, 6464, 6460, 7612, 6462, 6470, 7612, 6471, 6472, - 6473, 6475, 7612, 6478, 6481, 6489, 6483, 6486, 6490, 6493, + 6326, 6327, 6330, 7635, 6343, 6345, 6332, 6348, 6349, 6352, + 6354, 6356, 6358, 6360, 6361, 6362, 6341, 6363, 6364, 6365, + 6368, 6369, 6371, 6373, 6375, 6377, 7635, 6384, 6386, 6388, + 6379, 6390, 6392, 6396, 6381, 7635, 6403, 6400, 6405, 6406, + 7635, 6409, 6410, 6412, 6414, 6415, 6416, 7635, 6417, 6423, + 6427, 6428, 6420, 6418, 6430, 6431, 6433, 6440, 7635, 6436, + 6438, 6444, 7635, 6442, 7635, 7635, 7635, 6445, 6452, 6454, + 7635, 6456, 6458, 6459, 6443, 7635, 6463, 6465, 6460, 6473, + 6466, 7635, 7635, 7635, 6470, 6471, 6474, 7635, 6477, 6481, + 7635, 6479, 7635, 6480, 7635, 6482, 6485, 6488, 6493, 7635, - 6494, 6491, 7612, 6501, 6497, 6498, 6500, 6504, 6505, 6507, - 6509, 6508, 6521, 6511, 6519, 7612, 6516, 6524, 6525, 6531, - 6523, 6533, 6534, 7612, 6527, 7612, 6538, 7612, 6539, 6540, - 6541, 6546, 6535, 6543, 6545, 6555, 6551, 6557, 6558, 6560, - 6562, 6565, 6566, 6568, 6570, 6572, 7612, 7612, 6580, 6573, - 7612, 6575, 6585, 6589, 7612, 6576, 7612, 6594, 7612, 6582, - 6586, 7612, 6590, 6596, 6599, 7612, 7612, 6601, 6603, 6605, - 6613, 6606, 6609, 6611, 7612, 6615, 6610, 6617, 6619, 6621, - 7612, 6628, 7612, 6618, 6631, 6627, 7612, 7612, 6626, 6633, - 6635, 6640, 6641, 6642, 6644, 6646, 6645, 6647, 6655, 6650, + 6494, 6486, 7635, 6492, 6496, 6498, 6504, 7635, 6507, 6511, + 6514, 6515, 6516, 6517, 6519, 6520, 6518, 7635, 7635, 6527, + 6525, 6526, 6529, 6522, 6532, 6533, 6541, 6534, 6548, 6535, + 6550, 7635, 6543, 6551, 6553, 6561, 6545, 6555, 6557, 7635, + 6559, 7635, 6566, 7635, 6563, 6567, 6568, 6569, 6574, 6571, + 6575, 6577, 6584, 6578, 6582, 6590, 6586, 6588, 6592, 6597, + 6600, 6593, 7635, 7635, 6609, 6601, 7635, 6604, 6614, 6617, + 7635, 6605, 7635, 6620, 7635, 6607, 6611, 7635, 6624, 6621, + 6625, 7635, 7635, 6632, 6622, 6634, 6639, 6628, 6636, 6638, + 7635, 6640, 6644, 6645, 6647, 6649, 7635, 6652, 7635, 6650, - 6652, 6651, 6661, 6653, 6666, 6668, 6670, 6672, 6676, 7612, - 7612, 7612, 6674, 6678, 6679, 6680, 6687, 6689, 6690, 6697, - 6682, 7612, 6696, 6695, 6702, 6684, 6710, 6705, 6709, 7612, - 6706, 6711, 6692, 6712, 6714, 6715, 6716, 6719, 7612, 6721, - 6727, 6731, 6733, 6735, 6736, 6740, 6743, 6745, 6737, 6748, - 6750, 6751, 6758, 6754, 7612, 7612, 6756, 6753, 7612, 6761, - 6765, 7612, 7612, 6757, 7612, 6762, 6766, 6767, 6768, 6770, - 7612, 6773, 6774, 6775, 6778, 7612, 6779, 6780, 6782, 6796, - 6783, 7612, 6785, 6797, 6793, 6798, 6801, 6802, 7612, 7612, - 6804, 6809, 7612, 6811, 6814, 6812, 6821, 6816, 6822, 6824, + 6659, 6655, 7635, 7635, 6654, 6656, 6662, 6667, 6663, 6668, + 6672, 6669, 6674, 6673, 6681, 6677, 6685, 6679, 6687, 6684, + 6695, 6690, 6698, 6700, 6706, 7635, 7635, 7635, 6692, 6702, + 6708, 6709, 6716, 6712, 6715, 6719, 6717, 7635, 6720, 6724, + 6721, 6727, 6736, 6731, 6733, 7635, 6729, 6734, 6737, 6738, + 6740, 6742, 6743, 6744, 7635, 6755, 6757, 6764, 6745, 6758, + 6760, 6767, 6769, 6771, 6773, 6775, 6776, 6777, 6784, 6780, + 7635, 7635, 6787, 6779, 7635, 6791, 6793, 7635, 7635, 6781, + 7635, 6783, 6788, 6794, 6796, 6797, 7635, 6802, 6799, 6804, + 6806, 7635, 6807, 6808, 6812, 6815, 6822, 7635, 6816, 6830, - 6827, 7612, 6818, 7612, 6829, 6831, 6820, 6834, 6837, 6835, - 6839, 6841, 6843, 7612, 6844, 6845, 6846, 6848, 7612, 6853, - 6856, 6857, 6855, 6858, 7612, 6860, 6850, 6867, 6873, 7612, - 6862, 6877, 6879, 7612, 7612, 7612, 6884, 6886, 6887, 7612, - 7612, 7612, 6881, 7612, 6889, 6890, 6893, 6898, 7612, 6894, - 7612, 7612, 6900, 6904, 6908, 6911, 6916, 6903, 7612, 6915, - 6917, 6919, 6921, 6922, 7612, 7612, 6924, 6927, 6925, 6929, - 6930, 6932, 6933, 6934, 7612, 7612, 6937, 6940, 6938, 6941, - 6943, 7612, 6946, 6953, 6952, 6960, 6956, 6966, 6969, 6971, - 6973, 6961, 6948, 6974, 6975, 6982, 6986, 6977, 6978, 6985, + 6809, 6819, 6828, 6831, 7635, 7635, 6821, 6840, 7635, 6844, + 6832, 6835, 6847, 6845, 6846, 6851, 6848, 7635, 6852, 7635, + 6855, 6856, 6858, 6860, 6862, 6863, 6864, 6865, 6868, 7635, + 6869, 6866, 6870, 6871, 7635, 6879, 6873, 6881, 6882, 6887, + 7635, 6888, 6884, 6900, 6896, 7635, 6886, 6902, 6895, 7635, + 7635, 7635, 6910, 6912, 6913, 7635, 7635, 7635, 6907, 7635, + 6915, 6916, 6918, 6920, 7635, 6923, 7635, 7635, 6925, 6929, + 6933, 6935, 6942, 6928, 7635, 6936, 6943, 6945, 6946, 6947, + 7635, 7635, 6949, 6950, 6953, 6954, 6955, 6957, 6958, 6959, + 7635, 7635, 6962, 6963, 6965, 6966, 6967, 7635, 6968, 6025, - 6989, 6990, 6988, 6992, 7003, 6998, 7000, 7009, 6996, 7005, - 7612, 7612, 7013, 7001, 7612, 7017, 7014, 7612, 7018, 7612, - 7020, 7022, 7025, 7027, 7612, 7029, 7031, 7033, 7035, 7037, - 7612, 7038, 7040, 7612, 7042, 7043, 7044, 7045, 7612, 7046, - 7049, 7050, 7054, 7051, 7055, 7058, 7059, 7062, 7072, 7612, - 7064, 7076, 7612, 7612, 7612, 7073, 7067, 7077, 7057, 7081, - 7084, 7612, 7086, 7093, 7090, 7091, 7088, 7092, 7095, 7612, - 7094, 7097, 7612, 7612, 7099, 7098, 7612, 7108, 7612, 7101, - 7105, 7612, 7612, 7612, 7612, 7612, 7612, 7612, 7612, 7112, - 7115, 7612, 7612, 7116, 7120, 7122, 7124, 7612, 7131, 7612, + 6972, 6981, 6983, 6984, 6989, 6991, 6994, 6978, 6995, 6996, + 6997, 7004, 7005, 7002, 7007, 7008, 7011, 7012, 7013, 7015, + 7024, 7019, 7021, 7031, 7023, 7028, 7635, 7635, 7035, 7026, + 7635, 7037, 7039, 7635, 7041, 7635, 7043, 7045, 7047, 7050, + 7635, 7052, 7054, 7056, 7058, 7060, 7635, 7061, 7063, 7635, + 7065, 7066, 7067, 7068, 7635, 7069, 7072, 7073, 7077, 7074, + 7078, 7081, 7082, 7085, 7095, 7635, 7087, 7099, 7635, 7635, + 7635, 7096, 7090, 7100, 7080, 7104, 7107, 7635, 7109, 7116, + 7113, 7114, 7111, 7115, 7118, 7635, 7117, 7120, 7635, 7635, + 7122, 7121, 7635, 7131, 7635, 7124, 7128, 7635, 7635, 7635, - 7114, 7126, 7128, 7133, 7134, 7612, 7136, 7612, 7144, 7139, - 7140, 7141, 7143, 7142, 7147, 7152, 7154, 7156, 7155, 7158, - 7160, 7159, 7164, 7161, 7163, 7167, 7172, 7169, 7181, 7170, - 7182, 7612, 7612, 7612, 7612, 7178, 7185, 7194, 7186, 7196, - 7198, 7201, 7202, 7208, 7210, 7200, 7191, 7212, 7213, 7216, - 7189, 7217, 7226, 7222, 7223, 7224, 7228, 7225, 7231, 7234, - 7238, 7612, 7240, 7241, 7242, 7244, 7612, 7247, 7246, 7612, - 7248, 7249, 7612, 7612, 7251, 7252, 7255, 7254, 7264, 7265, - 7260, 7266, 7268, 7270, 7277, 7612, 7281, 7612, 7612, 7612, - 7612, 7269, 7271, 7612, 7278, 7283, 7284, 7285, 7612, 7286, + 7635, 7635, 7635, 7635, 7635, 7135, 7138, 7635, 7635, 7139, + 7143, 7145, 7147, 7635, 7154, 7635, 7137, 7149, 7151, 7156, + 7157, 7635, 7159, 7635, 7167, 7162, 7163, 7164, 7166, 7165, + 7170, 7175, 7177, 7179, 7178, 7181, 7183, 7182, 7187, 7184, + 7186, 7190, 7195, 7192, 7204, 7193, 7205, 7635, 7635, 7635, + 7635, 7201, 7208, 7217, 7209, 7219, 7221, 7224, 7225, 7231, + 7233, 7223, 7214, 7235, 7236, 7239, 7212, 7240, 7249, 7245, + 7246, 7247, 7251, 7248, 7254, 7257, 7261, 7635, 7263, 7264, + 7265, 7267, 7635, 7270, 7269, 7635, 7271, 7272, 7635, 7635, + 7274, 7275, 7278, 7277, 7287, 7288, 7283, 7289, 7291, 7293, - 7288, 7294, 7295, 7296, 7297, 7298, 7299, 7302, 7612, 7612, - 7305, 7310, 7307, 7612, 7311, 7315, 7312, 7324, 7321, 7327, - 7329, 7330, 7319, 7337, 7612, 7340, 7336, 7343, 7333, 7612, - 7344, 7345, 7346, 7347, 7349, 7356, 7352, 7354, 7612, 7357, - 7612, 7355, 7362, 7363, 7365, 7359, 7369, 7373, 7376, 7374, - 7380, 7381, 7612, 7382, 7383, 7387, 7389, 7391, 7394, 7395, - 7396, 7398, 7401, 7404, 7403, 7411, 7407, 7412, 7413, 7416, - 7417, 7612, 7612, 7423, 7418, 7612, 7420, 7424, 7426, 7427, - 7430, 7612, 7434, 7428, 7435, 7438, 7441, 7442, 7612, 7444, - 7451, 7448, 7612, 7452, 7612, 7612, 7453, 7456, 7459, 7461, + 7300, 7635, 7304, 7635, 7635, 7635, 7635, 7292, 7294, 7635, + 7301, 7306, 7307, 7308, 7635, 7309, 7311, 7317, 7318, 7319, + 7320, 7321, 7322, 7325, 7635, 7635, 7328, 7333, 7330, 7635, + 7334, 7338, 7335, 7347, 7344, 7350, 7352, 7353, 7342, 7360, + 7635, 7363, 7359, 7366, 7356, 7635, 7367, 7368, 7369, 7370, + 7372, 7379, 7375, 7377, 7635, 7380, 7635, 7378, 7385, 7386, + 7388, 7382, 7392, 7396, 7399, 7397, 7403, 7404, 7635, 7405, + 7406, 7410, 7412, 7414, 7417, 7418, 7419, 7421, 7424, 7427, + 7426, 7434, 7430, 7435, 7436, 7439, 7440, 7635, 7635, 7446, + 7441, 7635, 7443, 7447, 7449, 7450, 7453, 7635, 7457, 7451, - 7463, 7612, 7612, 7612, 7492, 7499, 7506, 7513, 7520, 7527, - 7534, 88, 7541, 7548, 7555, 7562, 7569, 7576, 7583, 7590, - 7597, 7604 + 7458, 7461, 7464, 7465, 7635, 7467, 7474, 7471, 7635, 7475, + 7635, 7635, 7476, 7479, 7482, 7484, 7486, 7635, 7635, 7635, + 7515, 7522, 7529, 7536, 7543, 7550, 7557, 88, 7564, 7571, + 7578, 7585, 7592, 7599, 7606, 7613, 7620, 7627 } ; -static yyconst flex_int16_t yy_def[3923] = +static yyconst flex_int16_t yy_def[3939] = { 0, - 3904, 1, 3905, 3905, 3906, 3906, 3907, 3907, 3908, 3908, - 3909, 3909, 3910, 3910, 3911, 3911, 3904, 3912, 3904, 3904, - 3904, 3904, 3913, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3914, 3904, 3904, - 3904, 3914, 3915, 3904, 3904, 3904, 3915, 3916, 3904, 3904, - 3904, 3904, 3916, 3917, 3904, 3904, 3904, 3917, 3918, 3904, - 3919, 3904, 3918, 3918, 3920, 3904, 3904, 3904, 3904, 3920, - 3921, 3904, 3904, 3904, 3921, 3912, 3912, 3904, 3922, 3913, - 3922, 3913, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3920, 1, 3921, 3921, 3922, 3922, 3923, 3923, 3924, 3924, + 3925, 3925, 3926, 3926, 3927, 3927, 3920, 3928, 3920, 3920, + 3920, 3920, 3929, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3930, 3920, 3920, + 3920, 3930, 3931, 3920, 3920, 3920, 3931, 3932, 3920, 3920, + 3920, 3920, 3932, 3933, 3920, 3920, 3920, 3933, 3934, 3920, + 3935, 3920, 3934, 3934, 3936, 3920, 3920, 3920, 3920, 3936, + 3937, 3920, 3920, 3920, 3937, 3928, 3928, 3920, 3938, 3929, + 3938, 3929, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3914, 3914, 3915, 3915, 3916, 3916, 3904, 3917, - 3917, 3918, 3918, 3919, 3919, 3918, 3920, 3920, 3904, 3921, - 3921, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3930, 3930, 3931, 3931, 3932, 3932, 3920, 3933, + 3933, 3934, 3934, 3935, 3935, 3934, 3936, 3936, 3920, 3937, + 3937, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3918, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3934, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3918, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3904, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3934, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3920, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3918, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3934, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3918, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3934, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3904, 3912, 3904, 3904, 3912, 3912, - 3904, 3904, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3920, 3928, 3920, 3920, 3928, 3928, + 3920, 3920, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3918, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3904, 3912, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3934, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3920, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3904, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3920, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3920, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, - 3918, 3918, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3934, 3934, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, - 3918, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3934, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3918, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3920, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3920, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3934, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3904, 3912, 3912, 3912, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3920, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3904, 3912, 3912, 3912, 3918, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3920, 3928, 3928, 3928, 3934, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3904, - 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3920, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3918, 3912, 3904, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3934, 3928, 3920, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3904, 3912, 3904, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3904, 3904, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3920, 3920, 3928, 3920, 3928, 3928, 3928, 3928, 3920, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3920, 3920, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3920, - 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3904, 3904, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3904, 3912, 3912, 3918, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3904, 3912, 3904, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3920, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, + 3928, 3934, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3920, - 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3920, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3920, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, - 3912, 3912, 3912, 3918, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3904, 3904, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3934, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3920, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3920, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3904, 3904, 3912, 3904, 3912, - 3904, 3912, 3912, 3904, 3904, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3904, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3920, 3920, 3928, + 3928, 3928, 3928, 3928, 3920, 3920, 3928, 3920, 3928, 3920, + 3928, 3928, 3920, 3920, 3928, 3928, 3928, 3928, 3920, 3928, + 3928, 3928, 3920, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3918, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3904, 3904, 3912, 3904, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3934, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3920, 3920, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3904, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3904, 3904, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3904, 3912, 3904, 3904, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3904, 3904, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3918, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3920, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3920, 3920, 3920, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3928, 3920, 3920, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3920, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3904, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3904, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3904, 3912, 3912, 3912, 3904, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3904, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3934, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, + 3928, 3928, 3920, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3920, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3920, 3928, 3928, 3928, 3920, 3920, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3920, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3904, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3904, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3904, 3912, 3912, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3904, 3912, 3912, 3912, 3912, 3918, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3904, 3912, - 3904, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3920, 3928, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3920, 3928, 3928, 3920, 3928, 3928, 3928, + 3928, 3920, 3928, 3928, 3928, 3928, 3920, 3928, 3920, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3920, + 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3920, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3920, 3928, 3928, 3928, 3928, 3934, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3920, 3928, 3928, 3920, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3904, 3912, 3904, - 3904, 3904, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3912, 3904, 3904, 3904, 3912, - 3912, 3912, 3904, 3912, 3912, 3904, 3912, 3904, 3912, 3904, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3904, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, + 3928, 3928, 3920, 3928, 3920, 3920, 3920, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3920, 3920, 3920, 3928, 3928, 3928, 3920, 3928, 3928, + 3920, 3928, 3920, 3928, 3920, 3928, 3928, 3928, 3928, 3920, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3904, 3912, 3904, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3904, 3912, 3912, - 3904, 3912, 3912, 3912, 3904, 3912, 3904, 3912, 3904, 3912, - 3912, 3904, 3912, 3912, 3912, 3904, 3904, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3904, 3912, 3912, 3912, 3904, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3920, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, + 3928, 3920, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3920, 3920, 3928, 3928, 3920, 3928, 3928, 3928, + 3920, 3928, 3920, 3928, 3920, 3928, 3928, 3920, 3928, 3928, + 3928, 3920, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3920, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3904, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3904, 3912, 3912, 3904, 3912, - 3912, 3904, 3904, 3912, 3904, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3904, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3920, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3920, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3920, 3928, 3928, 3920, 3928, 3928, 3920, 3920, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, - 3912, 3904, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3904, 3904, 3904, 3912, 3912, 3912, 3904, - 3904, 3904, 3912, 3904, 3912, 3912, 3912, 3912, 3904, 3912, - 3904, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3904, 3904, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3904, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, + 3928, 3928, 3928, 3928, 3920, 3920, 3928, 3928, 3920, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3920, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3920, + 3920, 3920, 3928, 3928, 3928, 3920, 3920, 3920, 3928, 3920, + 3928, 3928, 3928, 3928, 3920, 3928, 3920, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3920, 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3920, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3904, 3904, 3912, 3912, 3904, 3912, 3912, 3904, 3912, 3904, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, - 3904, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3904, 3904, 3904, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3904, 3904, 3912, 3912, 3904, 3912, 3904, 3912, - 3912, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3912, - 3912, 3904, 3904, 3912, 3912, 3912, 3912, 3904, 3912, 3904, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3920, 3928, 3928, + 3920, 3928, 3928, 3920, 3928, 3920, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3920, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3920, 3920, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3920, 3920, + 3928, 3928, 3920, 3928, 3920, 3928, 3928, 3920, 3920, 3920, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3904, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3904, 3904, 3904, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3904, - 3912, 3912, 3904, 3904, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3904, 3912, 3904, 3904, 3904, - 3904, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3904, 3912, + 3920, 3920, 3920, 3920, 3920, 3928, 3928, 3920, 3920, 3928, + 3928, 3928, 3928, 3920, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3920, 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3920, 3920, + 3920, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, + 3928, 3928, 3920, 3928, 3928, 3920, 3928, 3928, 3920, 3920, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3904, - 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3904, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, 3912, - 3912, 3904, 3904, 3912, 3912, 3904, 3912, 3912, 3912, 3912, - 3912, 3904, 3912, 3912, 3912, 3912, 3912, 3912, 3904, 3912, - 3912, 3912, 3904, 3912, 3904, 3904, 3912, 3912, 3912, 3912, + 3928, 3920, 3928, 3920, 3920, 3920, 3920, 3928, 3928, 3920, + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3920, 3928, 3928, 3928, 3920, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3920, 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3920, 3928, 3920, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3928, + 3928, 3928, 3928, 3928, 3928, 3928, 3928, 3920, 3920, 3928, + 3928, 3920, 3928, 3928, 3928, 3928, 3928, 3920, 3928, 3928, - 3912, 3904, 3904, 0, 3904, 3904, 3904, 3904, 3904, 3904, - 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, - 3904, 3904 + 3928, 3928, 3928, 3928, 3920, 3928, 3928, 3928, 3920, 3928, + 3920, 3920, 3928, 3928, 3928, 3928, 3928, 3920, 3920, 0, + 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, + 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920 } ; -static yyconst flex_int16_t yy_nxt[7653] = +static yyconst flex_int16_t yy_nxt[7676] = { 0, 18, 19, 20, 21, 22, 23, 22, 18, 18, 18, 18, 18, 22, 24, 25, 26, 27, 28, 29, 30, @@ -1739,7 +1742,7 @@ static yyconst flex_int16_t yy_nxt[7653] = 79, 87, 22, 73, 123, 87, 122, 111, 87, 80, 87, 161, 74, 19, 20, 21, 70, 71, 72, 76, 77, 78, 79, 191, 22, 73, 82, 83, 84, 132, - 91, 80, 91, 91, 74, 91, 173, 85, 82, 83, + 91, 80, 91, 91, 74, 91, 87, 85, 82, 83, 84, 91, 92, 87, 100, 87, 112, 87, 114, 85, 87, 101, 87, 93, 94, 102, 115, 95, 103, 87, 113, 87, 96, 117, 97, 238, 118, 116, 87, 87, @@ -1772,18 +1775,18 @@ static yyconst flex_int16_t yy_nxt[7653] = 261, 87, 263, 257, 270, 262, 87, 258, 87, 87, 87, 87, 272, 266, 87, 269, 276, 87, 87, 264, 275, 273, 265, 279, 267, 271, 277, 87, 87, 163, - 163, 165, 87, 274, 165, 278, 280, 283, 167, 181, + 163, 165, 87, 274, 165, 278, 280, 283, 167, 173, 167, 167, 281, 167, 170, 170, 172, 87, 172, 172, 91, 172, 91, 91, 173, 91, 177, 282, 177, 177, 284, 177, 175, 180, 180, 286, 87, 87, 87, 87, 87, 87, 87, 87, 87, 285, 289, 87, 292, 295, 291, 87, 287, 290, 87, 87, 87, 294, 297, 299, - 293, 302, 179, 296, 298, 87, 300, 87, 303, 305, + 293, 302, 181, 296, 298, 87, 300, 87, 303, 305, 304, 87, 306, 318, 87, 87, 301, 307, 87, 87, 314, 87, 309, 315, 316, 87, 319, 310, 87, 317, 87, 87, 311, 320, 308, 323, 87, 321, 312, 313, - 325, 87, 87, 87, 87, 87, 178, 326, 87, 87, + 325, 87, 87, 87, 87, 87, 179, 326, 87, 87, 87, 322, 87, 87, 333, 87, 87, 334, 328, 327, 329, 340, 330, 87, 324, 331, 332, 87, 335, 342, 343, 336, 87, 337, 345, 341, 87, 87, 344, 355, @@ -1804,7 +1807,7 @@ static yyconst flex_int16_t yy_nxt[7653] = 87, 87, 409, 87, 419, 87, 417, 411, 418, 87, 87, 413, 87, 87, 87, 420, 87, 87, 87, 427, - 173, 428, 423, 421, 425, 87, 87, 87, 424, 429, + 178, 428, 423, 421, 425, 87, 87, 87, 424, 429, 422, 87, 430, 87, 431, 432, 87, 434, 87, 87, 435, 87, 426, 87, 433, 87, 437, 87, 87, 87, 439, 87, 440, 87, 87, 444, 459, 436, 441, 446, @@ -1825,7 +1828,7 @@ static yyconst flex_int16_t yy_nxt[7653] = 87, 87, 87, 87, 515, 87, 520, 525, 521, 526, 538, 518, 516, 87, 517, 87, 87, 522, 524, 580, - 87, 527, 171, 87, 523, 528, 530, 532, 531, 533, + 87, 527, 173, 87, 523, 528, 530, 532, 531, 533, 87, 529, 540, 534, 87, 87, 87, 539, 87, 541, 87, 87, 87, 87, 556, 87, 535, 542, 173, 536, 87, 537, 87, 543, 555, 544, 87, 87, 558, 649, @@ -1833,7 +1836,7 @@ static yyconst flex_int16_t yy_nxt[7653] = 547, 563, 576, 548, 87, 549, 573, 550, 87, 574, 87, 87, 562, 572, 575, 87, 87, 577, 87, 582, 551, 87, 87, 552, 578, 553, 584, 554, 87, 87, - 564, 565, 87, 581, 87, 583, 87, 169, 87, 585, + 564, 565, 87, 581, 87, 583, 87, 171, 87, 585, 566, 567, 568, 569, 570, 589, 87, 571, 586, 587, 588, 87, 87, 87, 593, 590, 599, 591, 594, 87, @@ -1847,7 +1850,7 @@ static yyconst flex_int16_t yy_nxt[7653] = 629, 630, 631, 628, 87, 87, 641, 87, 643, 87, 646, 645, 87, 632, 644, 633, 87, 87, 647, 87, - 87, 634, 656, 648, 87, 650, 168, 651, 660, 635, + 87, 634, 656, 648, 87, 650, 169, 651, 660, 635, 636, 87, 652, 637, 638, 654, 87, 639, 87, 87, 657, 658, 87, 655, 87, 87, 87, 87, 87, 659, 87, 663, 87, 664, 87, 665, 87, 661, 87, 87, @@ -1855,7 +1858,7 @@ static yyconst flex_int16_t yy_nxt[7653] = 670, 675, 668, 676, 669, 87, 677, 87, 87, 680, 672, 87, 678, 87, 682, 87, 683, 87, 87, 679, 87, 87, 87, 87, 87, 685, 87, 87, 689, 696, - 687, 87, 87, 681, 684, 87, 87, 166, 691, 686, + 687, 87, 87, 681, 684, 87, 87, 168, 691, 686, 698, 87, 87, 688, 690, 692, 87, 693, 700, 694, 697, 699, 695, 87, 87, 702, 87, 87, 701, 87, @@ -1865,7 +1868,7 @@ static yyconst flex_int16_t yy_nxt[7653] = 87, 717, 713, 722, 87, 87, 87, 87, 719, 87, 716, 721, 87, 723, 87, 87, 737, 725, 87, 724, 87, 726, 736, 739, 744, 734, 727, 735, 728, 87, - 87, 740, 164, 738, 729, 745, 730, 87, 87, 731, + 87, 740, 166, 738, 729, 745, 730, 87, 87, 731, 732, 741, 87, 742, 87, 747, 733, 743, 748, 87, 750, 749, 87, 87, 87, 746, 87, 754, 87, 752, @@ -1879,7 +1882,7 @@ static yyconst flex_int16_t yy_nxt[7653] = 792, 87, 87, 87, 87, 790, 87, 794, 87, 87, 87, 87, 786, 798, 793, 797, 87, 795, 87, 799, - 800, 87, 87, 796, 807, 87, 804, 801, 808, 87, + 800, 164, 87, 796, 807, 87, 804, 801, 808, 87, 802, 805, 87, 810, 803, 806, 809, 87, 87, 87, 811, 87, 812, 87, 813, 87, 814, 87, 87, 87, 87, 815, 87, 87, 820, 816, 819, 87, 87, 818, @@ -1894,7 +1897,7 @@ static yyconst flex_int16_t yy_nxt[7653] = 858, 87, 859, 857, 87, 87, 87, 87, 863, 862, 87, 864, 87, 87, 87, 87, 87, 871, 87, 867, 861, 869, 87, 865, 860, 87, 868, 87, 866, 87, - 87, 872, 874, 87, 870, 87, 875, 87, 181, 880, + 87, 872, 874, 87, 870, 87, 875, 87, 87, 880, 882, 87, 878, 876, 873, 87, 877, 879, 87, 883, 884, 87, 87, 87, 881, 87, 886, 885, 87, 87, 887, 87, 87, 87, 893, 895, 891, 87, 894, 888, @@ -1910,12 +1913,12 @@ static yyconst flex_int16_t yy_nxt[7653] = 929, 933, 930, 931, 932, 87, 938, 934, 942, 945, 940, 939, 87, 944, 87, 87, 941, 943, 87, 87, 87, 87, 87, 87, 87, 87, 952, 87, 947, 87, - 948, 87, 946, 87, 87, 962, 179, 87, 949, 954, + 948, 87, 946, 87, 87, 962, 181, 87, 949, 954, 951, 950, 953, 955, 87, 956, 957, 961, 958, 960, 959, 87, 87, 87, 87, 963, 965, 87, 87, 87, 87, 87, 968, 87, 966, 87, 964, 87, 967, 87, - 972, 178, 973, 971, 969, 87, 974, 87, 970, 87, + 972, 179, 973, 971, 969, 87, 974, 87, 970, 87, 976, 87, 977, 978, 87, 975, 979, 87, 87, 87, 980, 87, 87, 985, 987, 173, 982, 983, 981, 87, 986, 984, 87, 87, 87, 87, 988, 991, 992, 87, @@ -1924,7 +1927,7 @@ static yyconst flex_int16_t yy_nxt[7653] = 87, 994, 87, 87, 87, 87, 1006, 1010, 87, 1011, 87, 1002, 1007, 87, 1004, 87, 1012, 1013, 87, 1005, - 87, 87, 87, 1009, 1025, 87, 87, 87, 1008, 173, + 87, 87, 87, 1009, 1025, 87, 87, 87, 1008, 178, 87, 87, 87, 87, 87, 1027, 1014, 1024, 1028, 1030, 1031, 1016, 1026, 87, 87, 1015, 87, 1033, 1017, 87, 1032, 1018, 1029, 87, 1034, 1019, 87, 1035, 1020, 87, @@ -1932,7 +1935,7 @@ static yyconst flex_int16_t yy_nxt[7653] = 87, 87, 87, 1038, 87, 1050, 87, 87, 1053, 87, 1055, 1039, 87, 1041, 1042, 1051, 1043, 1049, 87, 1044, 1052, 87, 87, 1057, 1045, 1054, 1056, 1059, 1058, 87, - 1046, 1047, 1061, 1048, 87, 1063, 1060, 1062, 87, 171, + 1046, 1047, 1061, 1048, 87, 1063, 1060, 1062, 87, 173, 1064, 87, 87, 1066, 1067, 1065, 87, 87, 1069, 87, 87, 1068, 87, 1071, 1070, 1073, 87, 1072, 87, 87, @@ -1959,7 +1962,7 @@ static yyconst flex_int16_t yy_nxt[7653] = 1163, 87, 87, 87, 1166, 87, 1171, 87, 1165, 1168, 1170, 87, 87, 87, 87, 87, 1169, 87, 87, 1182, 87, 1174, 1172, 1176, 87, 87, 1183, 87, 87, 1185, - 87, 1173, 87, 1175, 1177, 87, 87, 1179, 169, 1178, + 87, 1173, 87, 1175, 1177, 87, 87, 1179, 171, 1178, 1180, 1184, 1186, 1188, 1181, 1189, 87, 87, 87, 87, 1187, 87, 1190, 87, 87, 1191, 87, 1196, 1192, 1194, 87, 1197, 87, 1198, 1202, 1199, 1193, 87, 1195, 87, @@ -1971,605 +1974,607 @@ static yyconst flex_int16_t yy_nxt[7653] = 87, 1217, 1220, 87, 87, 1235, 1222, 1224, 1234, 87, 1225, 87, 87, 1236, 87, 1221, 1238, 87, 1226, 87, 87, 1227, 87, 1240, 1241, 1228, 1237, 1229, 87, 87, - 87, 1230, 1305, 1231, 1242, 1243, 87, 1239, 1232, 87, + 87, 1230, 1306, 1231, 1242, 1243, 87, 1239, 1232, 87, 1247, 1245, 1244, 1233, 1246, 1248, 87, 87, 1249, 87, - 87, 87, 87, 1251, 87, 87, 87, 1254, 87, 1257, - 168, 1250, 1256, 1259, 87, 1252, 1253, 1255, 87, 1258, - 87, 87, 1261, 1263, 87, 1266, 1265, 1260, 1267, 1262, - 1264, 87, 1268, 87, 87, 1269, 1270, 87, 87, 87, + 87, 87, 87, 1251, 87, 1254, 87, 1258, 87, 1255, + 87, 1250, 1257, 1260, 87, 1252, 1253, 87, 87, 1256, + 1259, 87, 1267, 1264, 1262, 87, 1263, 1265, 87, 1261, + 1266, 1268, 1269, 87, 1270, 1271, 87, 87, 87, 87, - 87, 87, 87, 87, 87, 87, 1282, 87, 87, 87, - 1285, 1281, 1286, 1287, 87, 87, 87, 1272, 1283, 1271, - 1284, 1273, 87, 1274, 87, 87, 166, 87, 1275, 1288, - 1276, 1294, 1289, 1291, 87, 87, 1277, 87, 1290, 1295, - 87, 1278, 1279, 1293, 1292, 87, 87, 1296, 1280, 87, - 1301, 87, 87, 87, 1304, 87, 1302, 87, 1297, 87, - 87, 1298, 1307, 1309, 1299, 87, 87, 1300, 87, 87, - 1310, 87, 1308, 1303, 1306, 87, 1315, 1312, 87, 87, - 1313, 87, 87, 87, 87, 1311, 1318, 1316, 87, 87, - 1321, 1314, 87, 87, 87, 87, 87, 87, 1317, 87, + 87, 87, 87, 87, 87, 87, 87, 1286, 1283, 87, + 87, 87, 1282, 87, 1287, 87, 1285, 1273, 1272, 1284, + 1274, 87, 1275, 1288, 1289, 1291, 87, 1276, 87, 1277, + 87, 1295, 1292, 87, 87, 1278, 87, 87, 1296, 87, + 1279, 1280, 1290, 87, 1294, 87, 1297, 1281, 87, 1293, + 1302, 87, 1303, 87, 1298, 1299, 1305, 87, 87, 87, + 1310, 1300, 87, 1301, 1308, 87, 87, 87, 87, 87, + 1311, 1309, 87, 1304, 1316, 87, 1307, 1313, 1314, 87, + 87, 87, 87, 87, 1317, 87, 1312, 1319, 1315, 87, + 1322, 87, 87, 87, 87, 87, 87, 1321, 1318, 87, - 1326, 1324, 1320, 1319, 1322, 1323, 1325, 1328, 87, 87, - 1330, 87, 1327, 87, 1334, 1329, 1333, 87, 87, 87, - 87, 87, 87, 87, 87, 87, 1339, 1340, 1331, 1341, - 1342, 87, 1336, 1345, 1332, 87, 1335, 1337, 1338, 87, - 1343, 87, 1344, 1346, 1347, 87, 87, 87, 1351, 87, - 87, 87, 1353, 1352, 87, 1354, 87, 87, 87, 1349, - 1348, 1356, 87, 1350, 87, 1355, 87, 87, 87, 1364, - 1357, 1360, 87, 1366, 87, 87, 87, 1358, 1359, 87, - 1362, 1368, 87, 1363, 1361, 87, 1370, 87, 87, 1367, - 1371, 87, 1365, 87, 87, 87, 1369, 87, 1373, 1374, + 1327, 1320, 1325, 1324, 1326, 1323, 1329, 87, 87, 1328, + 1331, 87, 87, 1335, 87, 1330, 1334, 87, 87, 87, + 87, 87, 87, 1340, 87, 87, 1341, 1332, 1337, 1342, + 1343, 87, 87, 1333, 87, 1345, 1336, 1339, 1338, 1346, + 1344, 1347, 87, 87, 87, 87, 87, 87, 1351, 1352, + 87, 1348, 87, 1354, 1353, 87, 1355, 1350, 1349, 87, + 87, 1356, 1357, 87, 1358, 87, 87, 87, 87, 1365, + 87, 1367, 1361, 87, 87, 87, 169, 87, 87, 1360, + 1359, 1363, 1364, 1369, 1362, 87, 87, 1371, 1368, 87, + 1366, 87, 1372, 87, 87, 1373, 1374, 87, 1375, 1370, - 87, 87, 1377, 87, 1376, 1378, 87, 1375, 87, 1372, - 87, 1384, 1380, 1379, 1382, 1385, 87, 87, 87, 1381, - 87, 87, 87, 1389, 1388, 87, 87, 1386, 87, 87, - 1395, 1383, 1393, 87, 1396, 1397, 87, 87, 1387, 87, - 87, 87, 1398, 1390, 1399, 1391, 1394, 1400, 1392, 87, - 1402, 87, 87, 87, 1401, 87, 87, 1403, 1406, 87, - 87, 1408, 87, 87, 87, 1407, 87, 87, 1409, 1404, - 87, 1411, 1410, 87, 87, 1405, 1414, 1415, 87, 87, - 87, 87, 87, 1417, 87, 1412, 1421, 87, 1422, 1413, - 1416, 87, 87, 1419, 87, 87, 1424, 87, 1418, 1423, + 87, 87, 87, 87, 87, 1378, 1377, 1379, 87, 1381, + 1376, 87, 1385, 1380, 1383, 1386, 87, 87, 87, 87, + 1382, 87, 87, 1390, 1389, 87, 1387, 87, 87, 87, + 87, 87, 1384, 1394, 1396, 1397, 1399, 1388, 1398, 87, + 87, 87, 1395, 1391, 87, 87, 1392, 1401, 1393, 87, + 1400, 1403, 87, 87, 1402, 87, 1407, 87, 87, 1406, + 1404, 87, 87, 1408, 1409, 87, 87, 87, 87, 87, + 1405, 87, 87, 1412, 1415, 1410, 1411, 87, 87, 1413, + 1416, 87, 87, 1417, 87, 1422, 1418, 1423, 1414, 87, + 87, 87, 87, 87, 1420, 1425, 1419, 1426, 87, 87, - 87, 1420, 1425, 87, 1430, 87, 1426, 87, 87, 1427, - 87, 87, 1428, 87, 87, 1429, 1432, 87, 1437, 87, - 87, 173, 1438, 1431, 87, 1439, 1436, 87, 87, 1433, - 87, 87, 1435, 1440, 87, 1445, 1434, 87, 1442, 1448, - 87, 1441, 1443, 1444, 87, 1450, 1446, 1451, 87, 1447, - 87, 87, 87, 87, 87, 87, 1452, 1456, 87, 1455, - 87, 87, 87, 1457, 1449, 1453, 87, 1460, 1454, 87, - 87, 87, 87, 1463, 1458, 1459, 87, 87, 1464, 1467, - 87, 1461, 87, 87, 87, 87, 1469, 1465, 1462, 87, - 87, 1468, 1470, 87, 87, 1466, 1473, 1479, 87, 1475, + 87, 87, 1431, 1421, 1424, 87, 87, 87, 87, 87, + 87, 1427, 1429, 1428, 87, 87, 1433, 1438, 87, 1430, + 87, 87, 1439, 1432, 1437, 1440, 1441, 1434, 173, 1436, + 87, 87, 87, 87, 1435, 87, 87, 1446, 87, 1449, + 87, 87, 87, 1451, 1443, 1445, 1444, 1447, 1442, 87, + 1448, 1452, 87, 87, 87, 1459, 1450, 87, 1455, 1456, + 1453, 87, 87, 1457, 87, 87, 87, 1458, 1454, 87, + 1461, 87, 87, 87, 1464, 87, 1468, 87, 1460, 1465, + 87, 1462, 87, 87, 87, 87, 1470, 87, 1463, 87, + 1466, 87, 1467, 1471, 1469, 1474, 1482, 87, 87, 87, - 1472, 87, 1471, 87, 1480, 1483, 1481, 87, 1476, 1474, - 1477, 1482, 87, 1478, 87, 87, 87, 1485, 87, 87, - 87, 1484, 1492, 87, 1489, 1488, 87, 87, 87, 87, - 87, 1493, 1497, 87, 1486, 1491, 1487, 87, 87, 1490, - 1495, 1494, 1498, 1499, 87, 87, 87, 87, 87, 1496, - 1501, 1502, 87, 87, 87, 1503, 87, 1507, 87, 87, - 87, 87, 87, 1504, 1500, 1510, 1508, 1505, 87, 87, - 1518, 1509, 1506, 1511, 1515, 87, 87, 87, 1512, 87, - 1514, 1513, 87, 87, 1516, 87, 1517, 87, 87, 87, - 87, 1521, 87, 87, 87, 1528, 1530, 1519, 1522, 1520, + 1473, 1472, 1476, 1480, 87, 1481, 87, 1475, 1483, 87, + 87, 1477, 1486, 1478, 87, 87, 1479, 1484, 1487, 1485, + 87, 87, 87, 87, 87, 1494, 87, 1491, 87, 87, + 1490, 87, 87, 1488, 1495, 87, 1493, 168, 1489, 1497, + 1496, 87, 1492, 1499, 87, 87, 1500, 87, 87, 87, + 1501, 1498, 1503, 1504, 87, 1502, 87, 1505, 87, 87, + 87, 87, 87, 1509, 87, 87, 87, 87, 1512, 1506, + 87, 1507, 1510, 1517, 1511, 87, 1513, 1508, 87, 87, + 87, 1514, 1520, 87, 1516, 1518, 1515, 87, 87, 1519, + 87, 87, 1523, 87, 1530, 1521, 87, 87, 1532, 1522, - 1524, 87, 87, 87, 1523, 1527, 1525, 87, 1531, 87, - 1535, 87, 1529, 87, 1526, 1533, 1536, 1532, 1538, 87, - 87, 87, 87, 1539, 87, 1537, 87, 1543, 87, 1534, - 1552, 1553, 87, 1554, 1541, 1542, 87, 87, 1540, 87, - 1544, 1551, 87, 1558, 1545, 87, 1556, 1546, 1547, 87, - 1555, 87, 1548, 87, 87, 164, 87, 1562, 1549, 1559, - 1557, 1560, 1550, 87, 1561, 87, 1563, 87, 87, 1568, - 1564, 1569, 1565, 1566, 87, 87, 87, 87, 87, 1570, - 87, 87, 87, 1571, 1576, 1573, 1567, 87, 1578, 87, - 87, 87, 87, 1577, 87, 1574, 1579, 87, 1572, 87, + 87, 87, 1524, 1526, 87, 1528, 87, 87, 87, 1525, + 87, 1529, 1527, 87, 87, 1535, 1533, 1531, 1538, 87, + 1534, 87, 87, 87, 1540, 87, 1537, 1557, 1536, 1541, + 87, 1539, 87, 1542, 1554, 1543, 1544, 87, 1545, 87, + 1546, 87, 1556, 1555, 1547, 1553, 87, 1548, 1549, 87, + 1558, 87, 1550, 1560, 87, 1563, 87, 87, 1551, 87, + 1559, 1561, 1552, 87, 87, 1565, 87, 87, 1562, 1566, + 87, 1567, 87, 1570, 1571, 1572, 87, 87, 1564, 87, + 87, 87, 87, 87, 1578, 1573, 1575, 1568, 1569, 87, + 87, 87, 1580, 87, 87, 1579, 1576, 1574, 87, 1581, - 1575, 1580, 1581, 87, 87, 87, 1588, 87, 1582, 1587, - 87, 1589, 87, 1583, 1592, 1584, 1593, 1585, 87, 1586, - 1590, 1591, 1594, 87, 87, 1595, 1598, 87, 87, 87, - 87, 1599, 87, 1597, 87, 1603, 1596, 1600, 1601, 87, - 87, 87, 87, 87, 1610, 1609, 87, 87, 1604, 1602, - 1605, 87, 87, 87, 1612, 87, 1608, 87, 1606, 1607, - 1614, 1613, 87, 87, 1611, 87, 1616, 1615, 87, 1617, - 1621, 87, 87, 1620, 1623, 87, 87, 87, 1625, 87, - 87, 1618, 1624, 1626, 1627, 87, 87, 1622, 1630, 87, - 1619, 87, 1632, 87, 87, 1629, 87, 1633, 87, 1634, + 87, 1577, 87, 87, 1582, 1590, 1583, 87, 1589, 87, + 1591, 1584, 1592, 1593, 87, 87, 1585, 87, 1586, 87, + 1587, 1595, 1588, 87, 87, 1594, 1600, 1597, 87, 87, + 87, 1601, 87, 1599, 1596, 87, 87, 1602, 1603, 87, + 1605, 1598, 87, 87, 87, 1611, 87, 1612, 1607, 87, + 1606, 87, 1604, 87, 87, 87, 87, 1614, 1610, 87, + 1616, 1608, 1609, 87, 87, 1613, 1619, 87, 1615, 87, + 1617, 87, 1618, 87, 1622, 1623, 87, 1625, 87, 87, + 87, 87, 1620, 1627, 1626, 87, 1624, 87, 1628, 87, + 1632, 87, 1621, 1633, 1629, 87, 1631, 1634, 87, 1630, - 87, 87, 1638, 87, 1628, 87, 87, 87, 87, 1643, - 1641, 1631, 87, 87, 87, 87, 1646, 1644, 87, 1635, - 87, 1636, 1637, 1640, 87, 1639, 87, 1645, 1642, 1648, - 87, 1647, 87, 87, 87, 1649, 87, 1650, 1651, 1653, - 1654, 1655, 87, 87, 1652, 1656, 87, 1658, 1657, 87, - 87, 87, 87, 87, 1659, 1664, 1665, 1661, 87, 1662, - 87, 87, 87, 1666, 1668, 1667, 1663, 87, 1660, 87, - 87, 87, 1672, 87, 87, 87, 1669, 87, 87, 87, - 87, 173, 1671, 1675, 87, 1681, 1682, 1677, 1670, 87, - 87, 87, 87, 87, 1673, 1674, 1678, 1676, 1685, 1683, + 87, 1635, 87, 87, 87, 1640, 87, 1636, 87, 87, + 87, 87, 1645, 1643, 87, 87, 1637, 1648, 87, 1646, + 87, 87, 87, 87, 1638, 1639, 1642, 87, 1641, 1647, + 1650, 1644, 87, 87, 87, 87, 1652, 1651, 1653, 1649, + 1655, 87, 1656, 87, 1658, 87, 1654, 87, 1657, 87, + 1659, 87, 1660, 87, 1661, 87, 87, 1666, 1667, 1663, + 87, 87, 1664, 87, 87, 1662, 1668, 87, 1670, 1665, + 87, 87, 1669, 87, 87, 1674, 87, 87, 87, 1671, + 1675, 87, 87, 1677, 1673, 173, 87, 87, 1683, 1684, + 1672, 87, 1679, 87, 87, 87, 87, 1676, 87, 1678, - 1679, 1684, 87, 1686, 87, 87, 1691, 1680, 87, 1687, - 1690, 87, 87, 87, 87, 87, 1688, 87, 1696, 87, - 87, 87, 1689, 1693, 87, 87, 1700, 1694, 1692, 1702, - 87, 87, 1695, 87, 87, 1697, 1704, 87, 1699, 87, - 1708, 87, 1701, 87, 1698, 1709, 87, 1707, 1703, 87, - 1711, 1706, 1705, 87, 87, 87, 87, 1710, 1714, 87, - 87, 1712, 1720, 1713, 1717, 1719, 87, 1718, 1722, 1715, - 87, 87, 1716, 1725, 87, 1723, 87, 87, 1726, 87, - 1721, 1724, 87, 87, 87, 87, 87, 87, 1730, 1731, - 1732, 87, 87, 87, 87, 1727, 1735, 87, 87, 1740, + 1680, 1687, 1685, 87, 1686, 1688, 1681, 87, 1692, 1693, + 1682, 1689, 1690, 87, 87, 87, 87, 87, 1691, 87, + 1698, 87, 87, 87, 87, 87, 1695, 87, 1702, 87, + 1696, 1704, 87, 1694, 1706, 1697, 87, 87, 87, 87, + 1710, 1699, 1701, 1703, 87, 1711, 87, 1700, 87, 87, + 1705, 1708, 1709, 1713, 87, 1707, 1712, 1714, 87, 87, + 87, 87, 1715, 87, 1719, 1722, 1724, 1720, 87, 1716, + 1721, 87, 87, 1717, 1723, 1726, 1718, 87, 87, 87, + 1728, 87, 87, 87, 1725, 1729, 87, 1733, 1727, 87, + 87, 87, 87, 87, 1734, 1735, 87, 1730, 1738, 1732, - 1729, 87, 87, 1728, 1733, 1741, 87, 1734, 1737, 87, - 1744, 1738, 1736, 87, 87, 1739, 87, 87, 87, 87, - 1742, 1745, 87, 87, 87, 1743, 87, 87, 87, 1746, - 87, 1748, 1752, 1747, 1749, 1753, 87, 1750, 1756, 1757, - 87, 1754, 1751, 87, 1755, 87, 1759, 87, 1764, 1758, - 1762, 87, 1763, 1765, 87, 87, 1761, 87, 1760, 87, - 87, 1767, 1768, 87, 87, 87, 87, 3904, 1773, 1766, - 1769, 1772, 1774, 1770, 87, 1775, 87, 1776, 87, 87, - 1777, 87, 1780, 87, 87, 87, 1771, 87, 1781, 87, - 87, 87, 87, 87, 1782, 87, 1788, 87, 87, 1778, + 87, 1736, 87, 87, 1743, 1731, 87, 87, 1747, 87, + 1740, 1737, 1739, 1744, 87, 87, 87, 87, 1741, 87, + 1742, 87, 87, 87, 1745, 87, 1746, 1748, 87, 87, + 1755, 87, 1749, 1751, 1757, 1756, 1750, 1752, 1753, 87, + 1754, 87, 87, 87, 1762, 87, 87, 87, 1767, 1758, + 87, 1761, 1768, 1759, 87, 1764, 87, 1766, 87, 87, + 1763, 87, 1760, 87, 1769, 87, 1770, 1765, 1771, 87, + 87, 166, 87, 1776, 1777, 1773, 1772, 1775, 1778, 87, + 87, 1786, 1774, 87, 87, 87, 1779, 87, 1780, 1783, + 87, 87, 1785, 87, 87, 1784, 87, 87, 87, 1791, - 1787, 1779, 1784, 1785, 87, 1783, 1786, 87, 1794, 1791, - 87, 1792, 1789, 1795, 87, 1790, 1796, 1793, 87, 87, - 87, 1797, 87, 1798, 87, 1800, 87, 87, 87, 87, - 1799, 87, 1804, 87, 1808, 1803, 1809, 1801, 87, 1802, - 87, 87, 87, 87, 1814, 87, 87, 1805, 1817, 1806, - 87, 1807, 1816, 87, 87, 87, 1810, 1812, 87, 87, - 87, 1811, 87, 87, 1815, 87, 87, 1819, 87, 1813, - 87, 1827, 1818, 87, 1820, 87, 1828, 1824, 1821, 1822, - 87, 1823, 87, 1826, 87, 1829, 1825, 1832, 87, 1833, - 87, 87, 1831, 87, 1830, 1836, 1834, 1835, 87, 1837, + 87, 87, 87, 87, 1790, 1787, 1794, 1781, 1788, 1782, + 1793, 1789, 87, 1797, 87, 164, 1799, 1795, 1798, 87, + 1792, 1800, 87, 87, 87, 1803, 87, 1801, 87, 87, + 87, 1796, 87, 87, 1802, 1807, 87, 1811, 1806, 87, + 87, 87, 87, 87, 1812, 1804, 87, 1805, 87, 1817, + 87, 1808, 87, 1809, 1810, 87, 1819, 1815, 1813, 1820, + 87, 1814, 87, 87, 87, 87, 87, 1818, 87, 1822, + 87, 1821, 1816, 87, 87, 1830, 87, 87, 87, 1831, + 87, 1823, 1824, 1825, 1827, 1826, 1835, 87, 1829, 1828, + 1836, 87, 1834, 87, 87, 87, 1832, 1833, 1837, 1838, - 87, 87, 87, 87, 1840, 87, 1844, 1838, 1841, 87, - 1845, 87, 87, 1839, 1849, 87, 87, 87, 87, 1843, - 1851, 1842, 1850, 87, 1846, 87, 87, 87, 1848, 1853, - 1854, 1847, 1855, 1852, 87, 87, 87, 87, 1856, 1857, - 87, 1862, 87, 1858, 87, 1861, 1865, 87, 87, 1860, - 1863, 87, 87, 1867, 87, 1859, 87, 1868, 1869, 87, - 1864, 1871, 87, 87, 87, 1866, 1872, 1873, 87, 87, - 87, 87, 87, 87, 1870, 1874, 1877, 87, 87, 87, - 1882, 1880, 87, 87, 87, 1875, 1876, 87, 87, 1888, - 87, 1889, 1878, 1886, 87, 87, 87, 1879, 1881, 1883, + 87, 87, 87, 87, 1843, 87, 87, 1839, 1844, 1847, + 1841, 87, 87, 87, 87, 1840, 1842, 1848, 1852, 87, + 87, 1845, 1854, 1846, 87, 1853, 1849, 87, 87, 1857, + 1851, 87, 87, 1850, 87, 87, 1858, 87, 1859, 1855, + 1856, 1860, 87, 87, 87, 1865, 1866, 87, 87, 1868, + 87, 87, 1861, 1863, 87, 87, 87, 1871, 1872, 1870, + 1862, 87, 87, 1864, 87, 1875, 1867, 1874, 87, 1876, + 87, 1869, 87, 87, 87, 87, 87, 87, 1880, 87, + 87, 1873, 87, 1885, 87, 87, 1883, 87, 1877, 1878, + 1879, 87, 87, 87, 1892, 1891, 1889, 1881, 87, 1882, - 87, 1887, 1885, 1884, 87, 1890, 87, 87, 1895, 87, - 87, 87, 1891, 1900, 87, 1892, 1898, 87, 87, 87, - 87, 1903, 1901, 1896, 87, 87, 1894, 87, 1897, 1893, - 87, 87, 1899, 87, 1907, 87, 1910, 87, 1906, 1902, - 1909, 87, 1911, 173, 1905, 87, 1904, 1912, 87, 87, - 1908, 87, 1913, 87, 1914, 87, 1915, 87, 1922, 1916, - 87, 87, 1924, 1917, 87, 87, 87, 1918, 87, 1923, - 1925, 1921, 87, 1927, 1919, 1920, 87, 1931, 87, 1929, - 87, 87, 87, 87, 1926, 1935, 1928, 1933, 87, 1932, - 1937, 1930, 87, 1936, 1939, 87, 87, 87, 1942, 87, + 1884, 87, 1886, 87, 1888, 1887, 1890, 1893, 87, 87, + 87, 87, 1898, 87, 87, 87, 87, 1903, 87, 87, + 1901, 1894, 87, 1895, 87, 1906, 1904, 1899, 87, 87, + 1897, 1902, 1900, 87, 1896, 87, 87, 87, 87, 1905, + 1910, 1916, 1912, 87, 1909, 1913, 87, 1914, 1908, 173, + 1907, 87, 1915, 87, 1911, 87, 1917, 87, 87, 87, + 1918, 87, 87, 87, 87, 1919, 87, 1927, 87, 1920, + 87, 1921, 1926, 1924, 87, 1928, 87, 1922, 1923, 1930, + 87, 87, 1929, 1932, 1931, 1935, 1925, 1933, 1934, 87, + 87, 87, 87, 1938, 1940, 1936, 87, 1939, 1942, 87, - 87, 1934, 1940, 87, 87, 87, 87, 87, 87, 1941, - 1945, 1947, 1938, 1946, 87, 1949, 87, 1950, 87, 87, - 87, 87, 1943, 1944, 1954, 87, 1955, 87, 87, 87, - 87, 1962, 1948, 1951, 87, 1953, 1952, 87, 87, 1963, - 1957, 1959, 87, 87, 1960, 1956, 1964, 87, 87, 1958, - 87, 1966, 1967, 1969, 1972, 1968, 1961, 1970, 87, 1973, - 87, 87, 1965, 87, 1975, 87, 1974, 87, 1976, 1977, - 87, 87, 1971, 87, 87, 87, 1978, 87, 87, 1984, - 1985, 1983, 1986, 1979, 87, 87, 87, 87, 87, 1987, - 1988, 1980, 87, 1981, 87, 87, 87, 1982, 87, 1990, + 87, 1937, 87, 87, 87, 1945, 87, 1943, 87, 87, + 87, 87, 87, 1944, 1948, 1950, 1941, 1949, 87, 1952, + 87, 1953, 1946, 87, 87, 87, 87, 1947, 87, 1957, + 87, 1958, 87, 87, 87, 87, 1951, 1954, 87, 1967, + 1956, 1968, 1955, 1966, 1960, 87, 1959, 1965, 1962, 87, + 87, 1963, 87, 1961, 87, 87, 1976, 1969, 87, 1970, + 1971, 1973, 87, 1964, 1974, 87, 1977, 87, 87, 87, + 1979, 87, 87, 1978, 87, 1980, 1981, 1972, 1975, 87, + 1983, 87, 87, 87, 1982, 87, 1988, 1989, 1987, 1984, + 1990, 1992, 87, 87, 87, 87, 87, 87, 87, 1991, - 1991, 87, 87, 1992, 87, 87, 87, 87, 87, 87, - 1989, 87, 1994, 1993, 87, 87, 3904, 1995, 2003, 87, - 1998, 1999, 2000, 1996, 87, 1997, 2004, 2001, 87, 87, - 87, 2007, 2010, 87, 2005, 2006, 2002, 87, 87, 87, - 87, 2008, 87, 2009, 87, 2015, 87, 2017, 87, 87, - 2019, 87, 87, 2011, 2014, 2012, 87, 2013, 2018, 87, - 2022, 2021, 87, 2016, 2020, 87, 2023, 2024, 87, 87, - 87, 87, 87, 2025, 87, 87, 87, 2028, 2030, 87, - 87, 2031, 87, 2038, 2032, 2029, 2026, 2027, 2039, 87, - 2033, 2034, 87, 2036, 2040, 87, 2035, 87, 87, 87, + 1985, 87, 87, 1986, 1995, 87, 1994, 1996, 87, 87, + 87, 87, 87, 87, 87, 87, 1997, 87, 1993, 87, + 87, 2007, 2008, 87, 1999, 87, 2002, 2003, 1998, 2000, + 87, 2001, 2005, 2004, 87, 87, 87, 2010, 2013, 2014, + 2006, 87, 2009, 87, 87, 87, 2011, 2012, 87, 87, + 2021, 2019, 87, 2023, 87, 87, 2015, 2016, 2018, 87, + 87, 2022, 87, 2017, 2025, 87, 2027, 87, 87, 2020, + 87, 87, 2026, 87, 87, 2024, 87, 2028, 87, 87, + 2032, 2029, 2035, 2034, 87, 2036, 87, 87, 2031, 2033, + 2042, 87, 2030, 87, 2037, 2043, 87, 2040, 87, 2038, - 2042, 2043, 2044, 87, 2037, 2045, 87, 87, 87, 2041, - 87, 2047, 2048, 2049, 87, 87, 87, 87, 2046, 2051, - 87, 87, 87, 2061, 87, 2060, 2054, 87, 87, 2050, - 2056, 87, 2053, 2057, 2052, 2062, 2059, 87, 87, 2055, - 87, 87, 2068, 87, 87, 87, 2058, 2069, 87, 2070, - 87, 2064, 87, 87, 3904, 2066, 87, 2063, 2065, 2067, - 87, 2074, 2071, 87, 87, 2077, 2075, 87, 2076, 2084, - 2072, 2073, 87, 2078, 87, 2080, 2082, 2079, 87, 2083, - 87, 2085, 87, 87, 87, 2089, 87, 87, 87, 2081, - 2090, 87, 87, 2094, 2096, 87, 2086, 87, 2091, 87, + 2044, 87, 87, 2045, 2039, 2047, 2048, 87, 87, 87, + 87, 2041, 2050, 87, 2051, 2052, 2046, 87, 87, 87, + 2053, 2049, 87, 2055, 87, 87, 87, 87, 87, 2064, + 87, 2058, 2065, 87, 2054, 87, 2060, 2063, 2056, 2061, + 2057, 87, 87, 2068, 2059, 87, 87, 2072, 2066, 87, + 2062, 87, 2073, 87, 87, 87, 2074, 87, 87, 2078, + 2070, 87, 2067, 2069, 2079, 2071, 2075, 87, 87, 87, + 2082, 87, 2084, 87, 2083, 2077, 87, 2081, 87, 2089, + 2076, 2088, 2086, 2080, 87, 2087, 2085, 87, 87, 2093, + 87, 87, 87, 87, 2094, 87, 87, 2100, 2098, 87, - 87, 2088, 2092, 2087, 2098, 87, 2095, 87, 2093, 2099, - 2102, 2101, 2100, 2097, 87, 87, 87, 87, 87, 2104, - 2103, 2107, 87, 2111, 87, 87, 87, 87, 2109, 87, - 87, 87, 2106, 87, 2110, 2108, 3904, 2105, 2112, 87, - 87, 2116, 87, 2113, 2117, 2114, 87, 87, 87, 2118, - 2115, 87, 2124, 87, 2126, 2119, 2120, 2127, 87, 2121, - 87, 2128, 2122, 87, 87, 2123, 2130, 87, 87, 87, - 87, 2134, 87, 87, 2125, 2136, 87, 2129, 87, 87, - 87, 87, 2140, 87, 87, 87, 2135, 2132, 2131, 2133, - 2143, 87, 87, 3904, 2138, 2142, 87, 2139, 2137, 87, + 2102, 87, 2090, 87, 2095, 2103, 2092, 2096, 2091, 87, + 2099, 87, 87, 2097, 2104, 2106, 87, 2101, 87, 87, + 87, 87, 2107, 2111, 87, 2115, 2105, 87, 87, 87, + 2113, 87, 87, 87, 2110, 87, 2114, 2112, 2108, 2109, + 2116, 87, 87, 87, 87, 87, 87, 2117, 2121, 2120, + 87, 2122, 2118, 87, 2119, 2124, 2130, 2123, 2125, 2128, + 87, 87, 87, 2131, 2126, 87, 87, 2127, 2132, 87, + 2134, 87, 87, 87, 2133, 2138, 87, 2140, 87, 87, + 87, 2129, 87, 87, 2144, 87, 2135, 87, 87, 87, + 2136, 2139, 2137, 2146, 87, 87, 2142, 87, 87, 2147, - 2141, 2145, 87, 87, 2144, 87, 2149, 2146, 2147, 87, - 87, 173, 87, 2153, 87, 2148, 2151, 2150, 2152, 2156, - 87, 87, 87, 2154, 2160, 87, 87, 2155, 87, 87, - 87, 2161, 87, 2157, 2158, 87, 2163, 2165, 87, 87, - 2159, 87, 2162, 87, 2164, 2171, 87, 2166, 87, 2167, - 87, 87, 2175, 87, 87, 87, 2174, 2176, 2172, 2168, - 2169, 2178, 87, 2170, 87, 2180, 2173, 87, 87, 2179, - 2183, 87, 2184, 87, 87, 2177, 87, 2182, 87, 87, - 2186, 87, 2181, 87, 2187, 87, 2185, 87, 87, 87, - 87, 87, 2192, 87, 2193, 87, 87, 87, 87, 2188, + 2143, 2141, 2149, 2150, 2151, 87, 87, 2145, 2148, 2153, + 87, 87, 173, 87, 2157, 87, 2160, 87, 87, 87, + 2154, 2155, 2156, 87, 2158, 2164, 87, 87, 2152, 87, + 2159, 2162, 2165, 87, 87, 87, 87, 2161, 87, 87, + 2167, 87, 2163, 2166, 87, 2169, 2168, 2170, 2175, 87, + 2171, 87, 87, 87, 87, 87, 2172, 87, 2178, 2231, + 2173, 2176, 2179, 87, 2174, 87, 2182, 87, 2180, 2177, + 87, 2184, 2185, 2181, 87, 2183, 2187, 87, 2188, 87, + 87, 87, 87, 2186, 87, 87, 2190, 87, 2191, 87, + 87, 87, 2189, 87, 87, 87, 2196, 87, 2197, 87, - 2194, 2197, 2195, 2190, 2198, 2189, 2191, 87, 2196, 87, - 87, 87, 2201, 2208, 2203, 2205, 87, 2199, 2200, 2202, - 2206, 87, 87, 87, 87, 2204, 87, 87, 87, 2213, - 87, 87, 2207, 87, 2216, 2217, 87, 2218, 87, 2211, - 2209, 2210, 2220, 87, 2212, 2214, 87, 2215, 2219, 87, - 2221, 2222, 87, 2225, 87, 87, 2227, 87, 2229, 2226, - 2228, 87, 87, 2231, 87, 87, 87, 2223, 87, 87, - 87, 2233, 87, 2224, 87, 2235, 2236, 87, 87, 2230, - 2239, 87, 87, 2238, 87, 2244, 87, 87, 2232, 2240, - 2237, 2242, 2243, 2234, 87, 2246, 87, 87, 87, 2245, + 87, 2192, 2201, 2198, 87, 2202, 87, 2194, 2195, 2193, + 2200, 2199, 87, 2203, 87, 87, 2210, 87, 2211, 2208, + 2206, 2209, 87, 87, 87, 87, 2204, 2207, 87, 87, + 87, 87, 2205, 2218, 87, 87, 87, 2221, 87, 2213, + 2222, 87, 87, 2212, 2214, 2216, 87, 2215, 87, 2219, + 2217, 2220, 2223, 87, 2224, 2225, 87, 87, 2226, 2227, + 2230, 87, 2232, 2228, 2234, 87, 87, 2229, 87, 2233, + 87, 2236, 87, 87, 87, 87, 87, 87, 2238, 2240, + 2241, 87, 87, 2235, 87, 2244, 87, 87, 87, 2243, + 2245, 87, 87, 2247, 87, 2237, 2248, 87, 2249, 2239, - 87, 87, 87, 2241, 87, 2254, 87, 87, 2247, 2248, - 2249, 87, 2258, 2257, 87, 2250, 2252, 2251, 87, 87, - 2253, 2259, 2255, 87, 2256, 2263, 2260, 87, 2261, 87, - 2264, 2266, 87, 2262, 87, 87, 87, 87, 2270, 87, - 87, 2267, 87, 2272, 2265, 87, 87, 2275, 2276, 87, - 2277, 87, 87, 87, 2268, 87, 2269, 2279, 87, 87, - 2273, 87, 2271, 2284, 2281, 87, 87, 2274, 2282, 87, - 87, 87, 2278, 2288, 87, 87, 87, 87, 2280, 87, - 2287, 87, 2283, 2291, 2285, 87, 2286, 3904, 2292, 87, - 2290, 2298, 2289, 87, 2294, 2295, 87, 87, 87, 87, + 87, 2251, 2242, 87, 2259, 2250, 87, 87, 2246, 87, + 87, 87, 2256, 87, 2258, 2252, 2253, 2254, 87, 87, + 2262, 2264, 2255, 2263, 2257, 87, 2265, 87, 87, 2260, + 2268, 2261, 87, 2266, 87, 2271, 87, 87, 87, 87, + 2267, 87, 87, 2269, 87, 2272, 2275, 87, 87, 2270, + 87, 2277, 87, 2280, 2281, 87, 87, 2273, 87, 2274, + 2282, 87, 2278, 2284, 87, 2276, 2279, 2286, 2283, 87, + 87, 2289, 87, 87, 87, 87, 87, 87, 2287, 2293, + 87, 2285, 87, 2296, 87, 87, 87, 2299, 2291, 2292, + 87, 2288, 2290, 2297, 87, 2294, 2303, 2295, 2300, 87, - 2300, 2297, 2303, 2293, 2299, 2302, 87, 2296, 87, 2301, - 87, 87, 2304, 2306, 2307, 87, 87, 87, 87, 87, - 87, 2308, 87, 87, 87, 87, 2309, 2313, 2315, 87, - 2305, 87, 2319, 2310, 87, 2314, 87, 2318, 87, 2321, - 2311, 2312, 87, 87, 87, 87, 2320, 2316, 2324, 87, - 87, 87, 2329, 87, 87, 87, 2328, 2317, 2323, 87, - 87, 87, 2322, 2334, 2325, 87, 2335, 87, 87, 2326, - 2338, 87, 2327, 2336, 2331, 2332, 87, 2337, 2330, 87, - 2333, 87, 87, 2340, 87, 2339, 2343, 87, 87, 87, - 87, 87, 2341, 87, 2347, 2351, 87, 2342, 2345, 87, + 87, 2305, 87, 87, 3920, 2304, 87, 87, 2308, 87, + 2302, 2298, 2311, 2307, 87, 87, 2301, 2309, 87, 2312, + 87, 87, 87, 2306, 87, 87, 2313, 87, 2310, 87, + 87, 2314, 2318, 87, 87, 87, 2320, 87, 2323, 2315, + 87, 2324, 2319, 87, 2326, 2316, 2317, 87, 87, 87, + 87, 87, 2321, 2329, 87, 2325, 87, 87, 2334, 87, + 2327, 2322, 2333, 2328, 87, 87, 87, 87, 87, 2330, + 2398, 2331, 2339, 87, 2340, 87, 2332, 87, 87, 87, + 2335, 2337, 87, 2336, 2338, 2341, 2342, 2343, 87, 87, + 87, 2344, 2350, 2345, 2348, 87, 2349, 87, 87, 87, - 87, 87, 87, 2344, 2354, 87, 2358, 2346, 2356, 87, - 2348, 2349, 87, 2350, 2352, 2353, 87, 2357, 2355, 87, - 87, 2359, 87, 2364, 87, 2365, 87, 2363, 2366, 87, - 2360, 2368, 2369, 2367, 87, 2361, 87, 87, 87, 87, - 2362, 2371, 2373, 87, 87, 87, 87, 2375, 87, 87, - 2377, 2372, 2379, 87, 2381, 2370, 2374, 2376, 87, 87, - 87, 87, 2384, 87, 87, 87, 2383, 173, 87, 87, - 87, 2378, 2387, 87, 2382, 2380, 2392, 87, 2391, 87, - 2388, 2389, 2393, 2385, 87, 2386, 87, 2394, 87, 2390, - 2395, 87, 87, 2396, 2397, 87, 2398, 2401, 87, 2399, + 87, 2346, 87, 2352, 2356, 87, 2347, 87, 87, 87, + 87, 87, 2359, 2361, 87, 2363, 2351, 87, 2362, 2353, + 2354, 2360, 2355, 2357, 2358, 87, 87, 87, 87, 2369, + 87, 2370, 87, 2368, 2364, 2371, 87, 2365, 2373, 2374, + 2372, 87, 2366, 87, 87, 87, 87, 2367, 2376, 2378, + 87, 87, 87, 87, 2380, 87, 87, 2382, 2377, 2384, + 87, 2386, 2375, 2379, 2381, 87, 87, 87, 87, 2389, + 87, 87, 87, 2388, 173, 87, 87, 87, 2383, 2392, + 87, 2387, 2385, 2397, 87, 2396, 3920, 2393, 2394, 2403, + 2390, 87, 2391, 87, 2399, 87, 2395, 2400, 87, 87, - 87, 87, 87, 87, 2402, 2403, 87, 2404, 2400, 87, - 2407, 87, 87, 87, 2406, 2405, 2408, 87, 87, 87, - 2412, 2409, 87, 87, 87, 2416, 87, 87, 87, 2415, - 2411, 2420, 87, 2410, 2413, 2414, 2417, 2418, 87, 2421, - 87, 87, 87, 2419, 87, 87, 87, 87, 2428, 87, - 2426, 2423, 2427, 87, 87, 87, 87, 87, 87, 2433, - 87, 2422, 2424, 87, 2425, 2430, 87, 2429, 87, 2432, - 2434, 2431, 2436, 87, 2439, 2435, 87, 2437, 2441, 87, - 2438, 87, 87, 2445, 87, 2440, 2443, 87, 87, 87, - 2446, 87, 87, 87, 87, 2444, 2452, 87, 2454, 87, + 2401, 2402, 87, 87, 2406, 87, 2404, 87, 87, 87, + 87, 2407, 2408, 87, 2409, 87, 2412, 2415, 2410, 87, + 2411, 2413, 87, 2405, 87, 87, 87, 2414, 87, 2418, + 87, 87, 2422, 87, 87, 87, 2421, 2417, 2419, 87, + 2416, 87, 2420, 2423, 2424, 87, 2425, 87, 2426, 2427, + 87, 87, 87, 2432, 87, 2428, 2429, 87, 2433, 87, + 2435, 87, 2434, 87, 87, 87, 87, 87, 87, 2430, + 87, 2431, 2437, 87, 2440, 87, 87, 2443, 87, 2436, + 87, 2439, 2438, 2442, 2444, 2441, 87, 2446, 2448, 2447, + 2445, 87, 87, 2452, 87, 87, 2450, 87, 2453, 2449, - 2442, 2455, 87, 87, 2447, 2448, 2451, 2449, 2450, 87, - 87, 2453, 2458, 87, 2460, 87, 87, 2456, 2459, 87, - 2461, 87, 87, 2464, 87, 87, 87, 2457, 2463, 87, - 87, 2466, 87, 2469, 87, 2465, 87, 2470, 87, 2462, - 87, 87, 87, 87, 87, 2471, 2468, 2467, 87, 2475, - 2473, 2472, 2474, 2476, 2480, 87, 87, 2478, 2479, 2481, - 87, 87, 87, 87, 87, 2483, 2484, 2482, 2477, 2485, - 2490, 87, 87, 2489, 87, 2487, 87, 2493, 87, 2488, - 2491, 2494, 2486, 2496, 2492, 87, 87, 2497, 87, 87, - 87, 87, 2495, 2499, 87, 87, 2500, 87, 87, 2501, + 87, 87, 2459, 87, 87, 2451, 87, 3920, 87, 87, + 2461, 87, 87, 2454, 2462, 87, 2455, 2456, 2457, 87, + 2458, 2460, 2465, 87, 87, 2463, 87, 2466, 2467, 87, + 87, 2468, 2470, 2464, 2471, 87, 87, 87, 87, 87, + 87, 87, 2476, 2473, 87, 2477, 87, 2469, 87, 2472, + 87, 87, 87, 2478, 87, 87, 87, 87, 2475, 2474, + 2479, 2482, 2480, 2481, 2483, 2485, 2487, 87, 87, 2486, + 87, 2488, 87, 87, 2484, 2490, 2491, 2494, 2489, 2492, + 2496, 2497, 87, 87, 87, 87, 87, 2500, 2498, 87, + 2495, 2501, 2493, 87, 2503, 2504, 87, 87, 87, 87, - 2505, 87, 2508, 2503, 2498, 87, 87, 2504, 87, 2502, - 87, 87, 2510, 2512, 87, 87, 2506, 87, 87, 87, - 2511, 2507, 2514, 2516, 87, 2509, 2515, 87, 87, 2521, - 87, 87, 2517, 2518, 87, 87, 2522, 2513, 87, 2520, - 87, 87, 2525, 2523, 87, 87, 2519, 2526, 87, 2527, - 2524, 2531, 87, 2528, 2529, 87, 2530, 87, 2532, 87, - 2534, 2536, 87, 87, 2538, 87, 2533, 87, 2537, 2540, - 87, 2543, 87, 87, 87, 87, 87, 2545, 2541, 2535, - 87, 2546, 87, 2539, 87, 2544, 2542, 87, 87, 2548, - 87, 2547, 2549, 87, 2550, 2553, 2551, 2555, 87, 2552, + 87, 87, 2506, 2499, 87, 2502, 2507, 2508, 87, 87, + 2510, 2512, 87, 2515, 2505, 87, 2511, 87, 2509, 87, + 87, 87, 2517, 2519, 87, 87, 87, 2513, 2522, 87, + 2521, 2518, 2514, 87, 2523, 2516, 87, 87, 2524, 87, + 2528, 87, 87, 87, 87, 2532, 87, 2520, 2529, 87, + 2533, 87, 87, 2531, 2525, 2526, 87, 2530, 87, 2527, + 2534, 2535, 87, 2536, 2538, 87, 87, 2539, 2537, 2540, + 87, 87, 2543, 87, 87, 2545, 2544, 2541, 87, 2547, + 87, 2550, 87, 87, 87, 87, 87, 2552, 2548, 87, + 2542, 87, 2546, 87, 2553, 2551, 2549, 87, 2554, 87, - 87, 87, 2556, 87, 87, 87, 87, 87, 87, 2554, - 2557, 2562, 2559, 2558, 2560, 87, 87, 2561, 87, 87, - 2563, 2564, 2568, 87, 2565, 2569, 87, 2567, 87, 87, - 87, 87, 87, 87, 87, 2576, 2566, 2570, 87, 87, - 87, 87, 87, 2577, 2571, 2572, 2574, 2580, 2575, 2582, - 2578, 87, 87, 2573, 2579, 87, 2581, 2583, 2584, 87, - 87, 2586, 87, 87, 2587, 2592, 87, 87, 2594, 87, - 87, 2585, 2591, 87, 2588, 87, 2593, 87, 2589, 2597, - 87, 87, 2598, 87, 2603, 87, 173, 2590, 2595, 2605, - 87, 2607, 2596, 2599, 2606, 87, 2600, 87, 87, 2608, + 87, 87, 2555, 2557, 87, 2561, 2560, 87, 87, 2556, + 2558, 2562, 2564, 2559, 87, 87, 2563, 87, 87, 2566, + 87, 2567, 87, 2565, 87, 2569, 87, 2568, 87, 2570, + 2572, 2571, 2575, 87, 87, 2574, 87, 87, 87, 87, + 87, 87, 2573, 87, 2583, 87, 2576, 87, 3920, 87, + 87, 87, 2577, 2579, 2578, 2581, 2587, 2584, 2582, 2585, + 2586, 87, 87, 2580, 87, 87, 2588, 2590, 87, 87, + 2591, 2589, 87, 2594, 2593, 87, 2599, 87, 87, 87, + 2595, 2601, 87, 2592, 2598, 87, 87, 2596, 2600, 87, + 2604, 87, 87, 87, 2605, 87, 2602, 2597, 173, 87, - 87, 2609, 87, 2601, 2602, 87, 87, 87, 2604, 87, - 2610, 2615, 87, 87, 2616, 87, 2620, 87, 87, 2621, - 2611, 87, 87, 2624, 2619, 87, 2612, 2614, 2617, 87, - 2613, 87, 87, 2622, 87, 2628, 87, 2627, 87, 2618, - 2623, 2629, 87, 2630, 2631, 2626, 2625, 87, 87, 87, - 87, 2632, 2634, 87, 87, 87, 2633, 87, 87, 2637, - 87, 87, 87, 2640, 87, 87, 87, 2646, 87, 2635, - 2639, 2644, 87, 87, 87, 87, 2642, 2647, 2636, 2641, - 2638, 87, 2643, 87, 87, 87, 2645, 2648, 2649, 87, - 2655, 2651, 2650, 2652, 87, 87, 2653, 2658, 87, 87, + 3920, 2610, 2616, 2612, 2603, 2606, 2607, 87, 2613, 87, + 2614, 2615, 87, 2608, 2609, 87, 87, 87, 87, 87, + 2611, 87, 87, 2617, 2622, 87, 87, 2623, 2627, 87, + 87, 2626, 2618, 87, 2628, 87, 87, 87, 2619, 2621, + 2632, 2624, 2620, 2631, 87, 87, 87, 2629, 2630, 87, + 2635, 2633, 2625, 87, 2636, 2637, 87, 87, 87, 2639, + 87, 87, 2638, 87, 2634, 87, 87, 2640, 87, 2641, + 2642, 87, 87, 2645, 87, 87, 87, 87, 2643, 2649, + 87, 87, 87, 87, 2646, 2644, 2647, 2653, 2655, 87, + 2648, 87, 2651, 2650, 87, 2656, 2657, 2652, 87, 2658, - 2654, 87, 2656, 2659, 87, 87, 87, 87, 87, 87, - 87, 2669, 2657, 2670, 87, 87, 87, 87, 2660, 87, - 2661, 2667, 87, 2662, 87, 2717, 2665, 2672, 2663, 2666, - 2664, 2668, 87, 87, 2675, 2676, 87, 2671, 2673, 2674, - 2677, 87, 87, 87, 87, 87, 2679, 2678, 87, 2680, - 87, 2684, 2685, 87, 87, 87, 2686, 2687, 87, 2682, - 87, 2683, 87, 87, 3904, 87, 2691, 87, 2681, 2692, - 2688, 2693, 87, 87, 2694, 2689, 2690, 2695, 87, 2696, - 87, 2699, 87, 2700, 87, 87, 87, 2703, 87, 2697, - 2701, 2702, 2698, 87, 2706, 87, 2707, 87, 87, 2709, + 87, 2659, 2654, 87, 87, 87, 87, 87, 2667, 87, + 2664, 87, 87, 87, 87, 2662, 87, 87, 2661, 2665, + 2668, 87, 87, 2663, 2660, 2666, 87, 87, 2678, 2679, + 2669, 87, 2670, 2671, 87, 87, 87, 87, 2676, 2672, + 2674, 2673, 87, 2675, 87, 87, 2680, 2684, 2677, 2681, + 2683, 2682, 2686, 87, 87, 87, 87, 87, 2688, 2687, + 87, 87, 2685, 87, 87, 2693, 2694, 87, 87, 2689, + 2695, 2696, 87, 87, 2691, 87, 2692, 87, 87, 87, + 2700, 2690, 2783, 2701, 2702, 87, 87, 2703, 2697, 87, + 2698, 2699, 2704, 87, 2705, 2708, 87, 87, 2706, 2709, - 87, 87, 2711, 87, 87, 2705, 87, 87, 2704, 2713, - 2714, 87, 2715, 87, 87, 87, 2718, 2708, 87, 2710, - 87, 2712, 2720, 87, 2719, 87, 2724, 87, 2716, 87, - 2723, 87, 2721, 2726, 87, 87, 87, 87, 87, 2722, - 2728, 2730, 2729, 87, 2731, 2733, 87, 87, 2725, 2727, - 87, 87, 2736, 87, 2739, 87, 2734, 2740, 87, 2732, - 87, 87, 2735, 87, 87, 87, 2737, 2746, 87, 2745, - 87, 87, 2738, 87, 87, 2742, 2748, 2749, 2741, 2744, - 87, 87, 2751, 87, 2743, 2753, 87, 87, 87, 2747, - 2755, 87, 87, 87, 2754, 2750, 2752, 87, 2761, 87, + 87, 2707, 2710, 87, 87, 87, 87, 87, 2711, 2715, + 87, 2716, 87, 2718, 87, 87, 2720, 87, 2714, 87, + 2723, 87, 87, 87, 2712, 2713, 2717, 2722, 2724, 87, + 87, 87, 2727, 2719, 2721, 87, 87, 2725, 87, 2726, + 2729, 87, 87, 2733, 87, 87, 3920, 2732, 2735, 87, + 2730, 87, 2728, 87, 87, 87, 87, 2731, 2737, 2739, + 2738, 87, 2740, 87, 2734, 2742, 87, 87, 87, 2736, + 2745, 87, 2748, 87, 2743, 2749, 87, 2741, 2744, 87, + 87, 87, 2746, 87, 87, 2755, 87, 87, 2754, 87, + 2747, 87, 87, 2758, 2751, 87, 2750, 2757, 2753, 87, - 87, 2756, 2763, 87, 87, 2767, 2757, 2759, 2762, 2758, - 87, 87, 87, 2764, 87, 2768, 87, 2769, 87, 2760, - 87, 2770, 87, 2771, 87, 87, 3904, 2773, 2765, 2772, - 2766, 2775, 87, 87, 87, 87, 87, 2776, 2778, 2779, - 2780, 2774, 2782, 2783, 87, 87, 2784, 2786, 87, 87, - 2777, 2781, 87, 87, 87, 87, 87, 2787, 87, 2785, - 2788, 2791, 87, 87, 87, 87, 87, 2790, 87, 2798, - 2789, 2793, 2794, 2795, 2796, 87, 2792, 2799, 87, 87, - 2797, 87, 2800, 87, 87, 2804, 2805, 87, 2801, 87, - 2803, 2809, 87, 87, 2806, 87, 87, 2811, 2808, 2802, + 2760, 2762, 87, 2752, 87, 87, 2756, 87, 87, 87, + 2759, 2763, 2764, 87, 2761, 87, 2770, 2776, 2765, 87, + 87, 87, 2772, 87, 2768, 2766, 2767, 87, 2771, 87, + 2773, 87, 87, 2777, 2778, 87, 2779, 2780, 87, 2769, + 87, 87, 87, 87, 87, 2774, 2785, 2775, 2787, 2784, + 87, 2782, 87, 87, 87, 2788, 2791, 2789, 2792, 2790, + 2781, 2795, 87, 87, 87, 87, 87, 87, 2786, 2794, + 2796, 2797, 87, 87, 2793, 87, 2800, 87, 87, 87, + 87, 87, 87, 87, 3920, 2799, 2802, 2803, 2798, 2804, + 2805, 2807, 2808, 2806, 3920, 2801, 87, 87, 87, 87, - 173, 87, 2807, 87, 2810, 2812, 87, 2817, 87, 87, - 87, 87, 87, 87, 87, 87, 87, 2822, 2821, 2815, - 2819, 2813, 2816, 2814, 2818, 2820, 2823, 87, 87, 2824, - 2825, 2827, 87, 87, 87, 2831, 87, 2828, 3904, 2826, - 2832, 87, 2833, 87, 87, 2834, 2830, 2835, 87, 87, - 87, 2838, 2836, 2829, 2839, 2837, 87, 87, 2841, 87, - 87, 87, 87, 2843, 87, 2840, 87, 87, 87, 2847, - 87, 2848, 87, 87, 3904, 2842, 2844, 87, 2850, 87, - 2845, 2856, 87, 2851, 2849, 2852, 2846, 2853, 87, 87, - 87, 87, 87, 87, 2854, 2855, 87, 2859, 2860, 87, + 2809, 2814, 2810, 2811, 87, 2813, 87, 87, 2812, 87, + 2815, 87, 87, 2818, 87, 2820, 87, 2817, 2816, 173, + 87, 2819, 87, 87, 2821, 87, 2826, 87, 87, 87, + 87, 2828, 87, 87, 2831, 2827, 2822, 2829, 2823, 2824, + 2830, 2825, 2832, 87, 87, 87, 87, 87, 2836, 2833, + 87, 2837, 87, 2841, 87, 87, 2835, 2897, 2834, 2839, + 2842, 87, 2843, 87, 2840, 87, 2844, 2838, 2845, 87, + 87, 87, 2848, 2846, 2849, 87, 2847, 87, 87, 87, + 87, 2851, 87, 87, 2850, 87, 2853, 87, 2855, 87, + 87, 2852, 2859, 2856, 87, 2854, 87, 2858, 87, 2861, - 2857, 87, 87, 87, 87, 87, 2862, 87, 87, 2861, - 87, 2867, 2858, 87, 2870, 2869, 87, 2872, 87, 2866, - 87, 87, 2863, 2864, 2865, 87, 2873, 2871, 2868, 87, - 87, 2874, 87, 2879, 87, 2877, 87, 2875, 87, 87, - 2883, 2884, 87, 87, 2882, 87, 87, 87, 2876, 87, - 2880, 2885, 2881, 2878, 87, 87, 2886, 2894, 2887, 2888, - 87, 2890, 87, 87, 2892, 2891, 87, 87, 87, 2889, - 2893, 2895, 87, 2897, 87, 2899, 87, 87, 2898, 2901, - 87, 87, 2903, 87, 87, 87, 2902, 87, 2900, 87, - 87, 87, 2896, 87, 2907, 87, 87, 2913, 87, 2905, + 87, 87, 87, 2863, 2860, 2862, 2864, 87, 2857, 87, + 87, 2867, 87, 87, 2865, 2866, 87, 2871, 87, 87, + 2870, 2868, 87, 87, 87, 87, 87, 2873, 87, 2881, + 87, 87, 2872, 2869, 2878, 87, 2880, 87, 2883, 87, + 2877, 87, 87, 2874, 2875, 2876, 87, 2882, 2879, 87, + 2884, 87, 87, 2890, 87, 87, 2888, 2885, 87, 87, + 2894, 2886, 2895, 87, 2893, 2887, 87, 2891, 87, 87, + 87, 2896, 87, 2889, 2892, 87, 2901, 87, 2898, 87, + 2902, 87, 2903, 87, 2899, 87, 2900, 87, 2904, 87, + 2906, 87, 2908, 2909, 2905, 2910, 87, 2912, 87, 2914, - 2911, 2912, 2904, 2906, 2914, 87, 2915, 87, 87, 2909, - 87, 2917, 87, 87, 2910, 87, 2908, 87, 87, 87, - 2920, 2922, 87, 87, 2918, 2925, 87, 2916, 87, 87, - 87, 2923, 87, 3904, 2924, 2919, 2921, 2927, 2928, 2926, - 2929, 2932, 87, 87, 87, 2931, 87, 2930, 87, 87, - 87, 2933, 2934, 87, 2939, 2940, 87, 87, 87, 87, - 87, 87, 2935, 2936, 2937, 2941, 2945, 2938, 2943, 87, - 87, 2944, 2946, 87, 87, 2942, 87, 87, 87, 87, - 87, 2950, 87, 2947, 2953, 3904, 2949, 2948, 2954, 87, - 2956, 87, 2957, 87, 2959, 2955, 87, 2951, 2952, 2958, + 87, 87, 87, 87, 87, 87, 87, 87, 2911, 2907, + 2918, 2913, 87, 87, 87, 87, 2924, 87, 2916, 2922, + 2923, 2915, 2917, 2925, 87, 2926, 87, 87, 2928, 87, + 2920, 87, 87, 2919, 2921, 87, 87, 87, 87, 87, + 2931, 2933, 2936, 87, 87, 2929, 2927, 87, 87, 2934, + 87, 2935, 87, 2940, 2930, 2932, 2938, 87, 2939, 87, + 2937, 2943, 87, 87, 87, 2942, 2941, 2944, 87, 87, + 2945, 87, 2950, 2951, 87, 87, 2946, 87, 87, 87, + 2952, 87, 2947, 2948, 87, 87, 2956, 2949, 2954, 87, + 87, 2955, 2957, 87, 87, 2953, 87, 87, 2958, 2959, - 87, 87, 87, 2960, 87, 2963, 87, 2962, 87, 2964, - 87, 2965, 87, 87, 2961, 87, 87, 87, 2966, 2972, - 87, 87, 2974, 87, 87, 2968, 2975, 87, 87, 2977, - 87, 87, 2967, 2971, 87, 2969, 2978, 2970, 2979, 2976, - 2973, 87, 87, 87, 87, 87, 2980, 2982, 2985, 87, - 2987, 87, 87, 87, 2986, 87, 87, 87, 87, 87, - 87, 2981, 87, 2983, 2984, 173, 87, 2993, 2990, 87, - 2998, 2992, 2994, 2989, 87, 2999, 2996, 2997, 2988, 87, - 2991, 2995, 87, 87, 3003, 87, 87, 3006, 87, 87, - 87, 3005, 87, 3008, 3000, 87, 3904, 3001, 87, 87, + 87, 2960, 2961, 2965, 87, 2964, 2967, 87, 2968, 87, + 87, 2966, 87, 2962, 2963, 2969, 87, 87, 87, 2971, + 87, 2974, 2970, 2973, 87, 2975, 87, 2976, 87, 87, + 2972, 87, 87, 87, 87, 2983, 87, 87, 2985, 87, + 2977, 2986, 87, 2979, 87, 2988, 87, 87, 87, 2978, + 2982, 87, 2980, 87, 2981, 2987, 2984, 87, 2990, 2989, + 2991, 87, 2993, 87, 2996, 87, 87, 2998, 87, 87, + 87, 87, 87, 2992, 87, 2997, 87, 87, 87, 173, + 87, 2994, 3007, 2995, 3001, 3004, 87, 3009, 3003, 3005, + 3000, 3008, 87, 87, 87, 2999, 3002, 87, 87, 87, - 3010, 3002, 87, 3011, 3012, 87, 3009, 3004, 3013, 87, - 87, 3014, 3007, 87, 3015, 87, 3016, 3017, 87, 87, - 87, 3019, 87, 87, 87, 87, 87, 87, 87, 3018, - 3027, 87, 87, 3025, 3020, 87, 3031, 87, 87, 87, - 3021, 3022, 3032, 3904, 3023, 3024, 3026, 3028, 87, 3029, - 3030, 3033, 87, 3034, 3037, 87, 87, 3036, 87, 3035, - 3039, 87, 87, 87, 87, 3038, 87, 87, 87, 87, - 87, 3043, 87, 87, 3051, 87, 3040, 3049, 87, 3050, - 3041, 3042, 3044, 87, 3045, 3047, 3046, 3052, 87, 3048, - 87, 3056, 87, 3057, 87, 87, 3055, 3058, 3053, 87, + 3006, 3010, 87, 3017, 87, 87, 87, 3016, 3011, 3012, + 87, 87, 87, 3019, 87, 3013, 3920, 3021, 3025, 3022, + 3014, 3015, 3023, 87, 87, 3020, 3024, 87, 3018, 87, + 3026, 87, 3027, 87, 3028, 87, 87, 87, 87, 87, + 87, 87, 3029, 87, 87, 87, 3030, 87, 87, 3040, + 87, 87, 3032, 3038, 87, 3031, 87, 3034, 3033, 87, + 3044, 3036, 3035, 3037, 3047, 3039, 87, 87, 3041, 3042, + 3045, 87, 3043, 3046, 87, 87, 3049, 87, 3048, 3050, + 87, 3052, 87, 87, 3051, 87, 87, 87, 87, 3053, + 87, 87, 3056, 87, 87, 3054, 87, 3062, 3064, 87, - 87, 3054, 87, 87, 87, 87, 3065, 87, 87, 87, - 3064, 87, 87, 3059, 87, 3061, 87, 3060, 3063, 87, - 87, 3062, 3073, 3069, 3072, 3070, 3074, 87, 3066, 3067, - 87, 3068, 3075, 3076, 87, 87, 3071, 87, 87, 87, - 87, 87, 87, 87, 87, 87, 3078, 3082, 3084, 87, - 87, 3080, 87, 3089, 3077, 3090, 87, 3079, 87, 87, - 3081, 3083, 3093, 87, 3085, 3087, 87, 87, 3086, 87, - 3088, 87, 87, 3091, 87, 3096, 87, 3092, 3094, 87, - 3099, 3095, 87, 3100, 3097, 3101, 87, 3098, 87, 3102, - 3104, 87, 87, 87, 87, 3109, 87, 3103, 87, 87, + 87, 3055, 3057, 3063, 3058, 87, 3059, 3060, 87, 3061, + 3065, 87, 87, 87, 3066, 3069, 87, 3071, 3067, 3068, + 3070, 87, 87, 87, 3075, 87, 3072, 87, 3078, 87, + 3073, 87, 3077, 87, 87, 87, 87, 3074, 87, 3076, + 87, 87, 87, 3086, 3088, 3085, 3082, 3083, 3087, 87, + 87, 3079, 87, 3080, 3081, 3089, 87, 87, 3084, 87, + 87, 3091, 87, 87, 87, 87, 87, 3095, 87, 3090, + 3097, 3093, 87, 87, 87, 3920, 3092, 3102, 3103, 87, + 3094, 87, 87, 3096, 3098, 3099, 3106, 87, 3100, 87, + 3101, 3105, 87, 3107, 87, 87, 3104, 87, 3109, 3114, - 87, 3107, 87, 3112, 87, 3113, 3114, 87, 3105, 3111, - 3110, 3106, 3116, 87, 3108, 87, 87, 87, 87, 87, - 3117, 3115, 3122, 87, 87, 3118, 87, 3124, 87, 87, - 3120, 3127, 87, 3119, 87, 87, 87, 3125, 87, 3121, - 3161, 87, 87, 87, 87, 3123, 87, 3128, 3129, 3130, - 3131, 3126, 3132, 3133, 3134, 87, 87, 3136, 3135, 3137, - 87, 3138, 87, 87, 87, 87, 87, 3139, 87, 3141, - 87, 87, 87, 3142, 87, 87, 3145, 3140, 87, 3144, - 3147, 3150, 87, 3148, 87, 3143, 3146, 3149, 3151, 87, - 87, 87, 87, 3155, 87, 3152, 3154, 3156, 173, 3153, + 87, 87, 87, 3112, 3108, 3113, 87, 3110, 3117, 87, + 3111, 87, 87, 87, 87, 3115, 3122, 87, 87, 87, + 3120, 3116, 87, 87, 3126, 87, 3125, 87, 3124, 87, + 3123, 3118, 3119, 87, 3121, 3127, 87, 3129, 87, 87, + 87, 3133, 3131, 3132, 3128, 3130, 3135, 87, 87, 87, + 3137, 87, 87, 3140, 87, 87, 87, 87, 87, 3134, + 3138, 3147, 87, 87, 87, 3144, 87, 87, 3141, 3136, + 3142, 3143, 3145, 3146, 3139, 3150, 87, 87, 87, 87, + 87, 87, 3149, 3151, 3152, 3154, 3148, 87, 87, 3155, + 87, 3153, 87, 87, 87, 87, 87, 3157, 3158, 3160, - 87, 3157, 87, 87, 87, 3158, 3904, 87, 3162, 3163, - 3159, 87, 3165, 87, 87, 3168, 87, 3169, 87, 3167, - 3160, 3164, 87, 3171, 87, 3173, 87, 87, 3166, 3172, - 3174, 87, 3175, 87, 87, 3170, 3178, 87, 3176, 87, - 87, 3179, 87, 87, 3180, 87, 87, 87, 3177, 3181, - 3185, 3186, 3187, 3183, 87, 87, 87, 87, 3182, 3189, - 87, 87, 3190, 87, 3192, 87, 3188, 3184, 3191, 87, - 87, 87, 87, 87, 3194, 3195, 3196, 3193, 87, 87, - 87, 3201, 87, 87, 87, 87, 3198, 3199, 3200, 3203, - 3197, 3202, 87, 3206, 87, 87, 87, 3204, 87, 87, + 3161, 3163, 87, 3164, 87, 87, 3156, 3159, 3162, 87, + 3165, 3166, 87, 87, 3167, 3169, 173, 87, 87, 87, + 3170, 3174, 3171, 87, 87, 87, 87, 87, 3175, 3176, + 87, 3168, 87, 3178, 87, 3180, 3172, 3173, 87, 3177, + 3664, 3179, 3181, 87, 3182, 87, 87, 3184, 3185, 87, + 87, 3183, 3187, 3186, 87, 87, 87, 3188, 87, 3189, + 3190, 3192, 87, 87, 87, 87, 3193, 87, 3194, 3195, + 3191, 87, 87, 87, 3196, 3200, 3201, 87, 87, 87, + 3198, 87, 87, 3202, 3204, 87, 3197, 87, 87, 3203, + 87, 3208, 3206, 3207, 3199, 3205, 87, 87, 87, 87, - 3207, 3205, 87, 3208, 3212, 87, 87, 87, 3217, 3213, - 87, 87, 87, 87, 87, 3209, 3210, 3211, 87, 3215, - 3216, 87, 3219, 3221, 87, 3214, 87, 3218, 87, 3220, - 3226, 87, 3225, 87, 3228, 3229, 3223, 3222, 87, 3232, - 87, 87, 87, 3233, 87, 87, 3224, 87, 87, 87, - 87, 87, 87, 87, 3236, 3234, 3239, 3230, 3227, 3237, - 3231, 87, 87, 87, 3238, 3241, 3240, 3243, 3244, 87, - 3242, 87, 87, 3235, 87, 3246, 3248, 87, 87, 3250, - 87, 3251, 87, 3252, 87, 87, 3245, 87, 87, 3253, - 3247, 87, 3254, 3256, 87, 87, 87, 3255, 3260, 87, + 87, 3209, 3210, 3211, 87, 87, 87, 87, 3216, 87, + 87, 87, 87, 3213, 3214, 3215, 3218, 3212, 3217, 87, + 3221, 87, 3220, 87, 3219, 87, 87, 3222, 87, 3223, + 87, 3224, 3227, 87, 87, 3228, 87, 87, 87, 3232, + 87, 87, 87, 3225, 3226, 3230, 3231, 3236, 87, 3229, + 3234, 87, 87, 3237, 87, 3233, 87, 3235, 3240, 3241, + 87, 3243, 3244, 87, 3247, 87, 3238, 87, 87, 87, + 87, 87, 3239, 3248, 87, 87, 87, 3249, 87, 87, + 3251, 3242, 3245, 3246, 3254, 3252, 87, 87, 87, 3255, + 87, 3253, 3256, 3259, 87, 87, 3250, 3257, 87, 3261, - 3258, 3249, 87, 3261, 87, 87, 87, 3904, 3259, 87, - 3266, 3257, 3267, 87, 3262, 3268, 87, 3269, 87, 3263, - 87, 87, 87, 3270, 87, 3264, 3265, 3273, 87, 87, - 3276, 87, 87, 3277, 3271, 3272, 3278, 87, 87, 3280, - 87, 87, 3274, 87, 87, 3284, 3285, 87, 87, 3275, - 3287, 87, 3286, 3279, 3281, 3288, 87, 87, 3283, 3290, - 3289, 3282, 87, 3292, 87, 87, 87, 3291, 3293, 87, - 87, 87, 3298, 3299, 3300, 87, 87, 3297, 87, 87, - 87, 87, 3303, 87, 87, 3302, 3295, 3294, 87, 3304, - 3296, 87, 87, 87, 3306, 3308, 3305, 87, 3309, 87, + 87, 3258, 3263, 87, 87, 3265, 87, 3266, 87, 87, + 3260, 3267, 87, 3268, 87, 87, 3271, 87, 3262, 3269, + 87, 87, 87, 3275, 3270, 87, 3273, 3264, 3276, 87, + 87, 87, 87, 87, 3274, 87, 3281, 3277, 3282, 87, + 3272, 3283, 87, 3284, 87, 87, 3286, 87, 3285, 87, + 3278, 3279, 3280, 3288, 87, 87, 3291, 87, 87, 3292, + 3287, 3293, 87, 87, 3295, 87, 87, 3289, 87, 87, + 3299, 3300, 87, 87, 3305, 3290, 87, 3301, 3294, 3296, + 87, 87, 3302, 3298, 3304, 87, 3297, 3303, 87, 3307, + 3306, 87, 87, 87, 3308, 87, 87, 3313, 3314, 3315, - 3301, 3307, 87, 87, 3312, 87, 3316, 87, 87, 87, - 3310, 3311, 87, 87, 3328, 87, 3318, 87, 87, 3315, - 3313, 3904, 3317, 3314, 3319, 3322, 3320, 3323, 3321, 3325, - 87, 3329, 3324, 87, 3326, 87, 87, 3327, 87, 3330, - 87, 3331, 87, 3332, 87, 3333, 87, 87, 87, 87, - 87, 3335, 3334, 87, 87, 87, 87, 87, 3338, 3340, - 3342, 87, 87, 87, 3339, 3343, 3349, 3336, 3347, 87, - 3348, 87, 3341, 87, 3337, 3351, 87, 3344, 87, 87, - 87, 3345, 3346, 87, 3352, 3353, 3355, 87, 3350, 87, - 3356, 3357, 87, 87, 3358, 3359, 87, 3354, 87, 3362, + 87, 87, 3312, 87, 87, 87, 87, 3318, 87, 3321, + 3317, 87, 3310, 3311, 3309, 3319, 87, 87, 87, 87, + 87, 3322, 3320, 3324, 87, 3316, 87, 3325, 87, 87, + 87, 3332, 87, 3328, 87, 87, 3323, 3329, 3334, 87, + 87, 3326, 3327, 87, 3331, 87, 3335, 3920, 3333, 3330, + 3339, 3338, 3341, 3336, 87, 3340, 87, 3342, 87, 3337, + 3344, 87, 87, 3345, 3343, 87, 3346, 87, 3347, 87, + 3348, 87, 3349, 87, 87, 87, 87, 87, 87, 3351, + 3353, 87, 87, 3356, 87, 3354, 87, 3358, 87, 3350, + 87, 3355, 87, 3359, 87, 3352, 3363, 87, 3364, 87, - 87, 87, 3360, 87, 87, 3366, 87, 3361, 3367, 87, - 3363, 87, 3364, 87, 87, 3368, 87, 87, 87, 3374, - 87, 87, 3365, 3369, 3375, 87, 87, 3371, 87, 3377, - 3378, 87, 3370, 3372, 3376, 87, 3380, 3373, 3381, 87, - 3383, 87, 87, 3379, 87, 87, 3387, 87, 87, 3382, - 3388, 87, 3390, 87, 87, 87, 3384, 3389, 87, 87, - 3393, 87, 87, 3386, 3396, 3391, 87, 87, 3394, 3385, - 87, 87, 3399, 87, 3397, 87, 3400, 87, 3401, 3392, - 3403, 3395, 3402, 87, 87, 87, 87, 3398, 87, 3408, - 3410, 87, 3409, 3411, 87, 3405, 87, 3404, 3406, 87, + 3357, 87, 3367, 87, 3365, 87, 3360, 3366, 3361, 87, + 3362, 3368, 3370, 87, 3369, 3371, 87, 3373, 87, 87, + 3372, 3375, 87, 87, 3374, 87, 3378, 87, 87, 87, + 87, 87, 3376, 87, 3377, 3382, 87, 3379, 3380, 3383, + 87, 87, 3385, 87, 87, 3384, 87, 3390, 3381, 87, + 3386, 87, 3391, 87, 3387, 87, 87, 87, 87, 3388, + 3393, 3394, 3392, 3396, 3397, 87, 3389, 87, 3399, 87, + 3395, 87, 87, 87, 3402, 3403, 87, 3404, 87, 87, + 3406, 3398, 3405, 87, 87, 3400, 87, 87, 3412, 3409, + 87, 3407, 87, 87, 87, 87, 3410, 3401, 87, 87, - 3407, 3412, 87, 87, 87, 3413, 87, 87, 3419, 3418, - 87, 87, 3422, 87, 87, 3420, 3421, 87, 87, 3414, - 87, 87, 87, 3415, 87, 3416, 3417, 3426, 3428, 87, - 3424, 3430, 87, 3431, 87, 3423, 87, 87, 87, 3427, - 87, 3425, 3432, 3433, 87, 3434, 87, 87, 87, 3429, - 3439, 87, 87, 87, 87, 3435, 87, 3444, 87, 87, - 3438, 3436, 3437, 3443, 87, 3440, 3441, 3442, 87, 3448, - 87, 87, 3445, 87, 3451, 87, 3447, 3446, 87, 87, - 3455, 87, 3456, 87, 3452, 87, 87, 3458, 87, 87, - 3449, 3450, 3459, 87, 3461, 87, 3453, 3462, 87, 87, + 3415, 87, 3417, 3416, 3413, 87, 87, 87, 3408, 87, + 3411, 87, 3419, 3420, 3414, 3418, 3421, 87, 3424, 3426, + 87, 3425, 3422, 3427, 87, 3423, 3428, 87, 87, 87, + 87, 87, 87, 87, 3435, 87, 3434, 3429, 87, 87, + 87, 3438, 87, 3436, 3437, 87, 87, 87, 87, 3430, + 3431, 3432, 3433, 3439, 87, 3444, 87, 3440, 87, 3442, + 3447, 87, 3446, 87, 87, 3443, 87, 3441, 87, 3448, + 87, 3449, 87, 3445, 87, 3450, 87, 3451, 3455, 87, + 87, 87, 87, 3452, 87, 3453, 3459, 87, 87, 3456, + 87, 87, 3454, 3457, 3458, 87, 3460, 87, 3463, 87, - 3460, 3463, 87, 87, 3457, 3454, 3465, 87, 3468, 87, - 3464, 3466, 87, 3471, 87, 3467, 87, 3470, 87, 87, - 3474, 3476, 87, 87, 87, 3469, 87, 3473, 87, 3478, - 87, 87, 87, 3482, 87, 3483, 3472, 3479, 3485, 87, - 87, 87, 3475, 3477, 87, 3486, 87, 3489, 87, 3480, - 3481, 3484, 3490, 87, 87, 87, 3493, 87, 87, 87, - 87, 3487, 3498, 87, 87, 87, 87, 3496, 87, 3491, - 3495, 3503, 3488, 3502, 87, 3492, 3494, 3500, 3504, 87, - 3497, 87, 3499, 87, 3501, 87, 3506, 87, 3507, 87, - 3508, 87, 87, 87, 3513, 87, 3505, 87, 3512, 3509, + 3461, 87, 3464, 87, 3467, 87, 87, 3462, 3468, 3471, + 87, 3465, 3472, 87, 87, 3466, 3474, 87, 87, 3469, + 87, 3475, 87, 3477, 87, 3473, 3478, 87, 3476, 3479, + 87, 3470, 3481, 87, 87, 87, 3482, 87, 87, 3480, + 3483, 87, 3484, 3486, 3487, 87, 3490, 87, 3492, 87, + 3485, 87, 87, 87, 3494, 3488, 3489, 87, 87, 3499, + 87, 3498, 87, 87, 3491, 87, 3501, 87, 87, 87, + 3493, 3495, 87, 3502, 3505, 87, 87, 3496, 3497, 3506, + 87, 87, 87, 3500, 3509, 87, 87, 87, 3514, 3503, + 87, 3507, 87, 3511, 87, 3504, 3512, 87, 87, 3518, - 87, 3514, 87, 87, 3516, 87, 3515, 3519, 87, 87, - 87, 3510, 3511, 3517, 3518, 87, 3521, 3522, 87, 87, - 3520, 3525, 87, 87, 87, 87, 3530, 87, 87, 87, - 3528, 3526, 87, 3534, 87, 3523, 3524, 3904, 3529, 3535, - 87, 3533, 3527, 3536, 87, 3532, 87, 3531, 87, 87, - 87, 3537, 3540, 87, 3539, 3541, 87, 3542, 87, 3543, - 3544, 87, 3538, 87, 87, 3547, 87, 87, 3549, 87, - 87, 87, 3548, 3551, 87, 87, 3545, 3552, 87, 87, - 87, 87, 3550, 87, 3558, 3559, 87, 87, 87, 3553, - 3546, 87, 87, 87, 3565, 87, 87, 3554, 87, 3556, + 87, 3508, 3519, 87, 3510, 87, 3513, 3520, 87, 3515, + 3516, 87, 3517, 87, 3522, 87, 3523, 3525, 3521, 87, + 3524, 87, 87, 3529, 3530, 87, 3532, 3528, 87, 87, + 87, 3531, 87, 87, 87, 3526, 3535, 87, 3534, 3536, + 87, 3527, 87, 3538, 87, 3541, 87, 87, 3533, 87, + 87, 87, 3546, 87, 3542, 87, 87, 87, 87, 3537, + 3920, 3539, 3540, 3553, 3545, 3543, 3549, 3550, 87, 3551, + 87, 87, 3548, 87, 3547, 3544, 3552, 87, 3555, 3556, + 87, 3557, 87, 3558, 87, 3554, 87, 3560, 87, 87, + 87, 3563, 87, 87, 87, 3559, 87, 87, 3564, 3565, - 3567, 3555, 3564, 3557, 3569, 3562, 87, 3561, 3566, 87, - 87, 87, 3563, 3560, 87, 87, 3568, 87, 3904, 3572, - 3573, 3575, 87, 3576, 87, 87, 3570, 87, 3579, 87, - 3571, 87, 3577, 87, 87, 87, 3582, 87, 3574, 3578, - 87, 3580, 87, 3581, 87, 3583, 3585, 87, 87, 3586, - 87, 3584, 87, 3587, 87, 3589, 87, 87, 87, 87, - 3590, 87, 3593, 87, 3591, 3594, 87, 3588, 87, 87, - 87, 87, 3592, 87, 3606, 87, 3603, 3595, 3604, 3596, - 87, 3597, 3904, 3605, 3598, 3599, 87, 3600, 3601, 3602, - 87, 3607, 87, 3609, 87, 3608, 3611, 87, 3612, 87, + 87, 87, 3561, 3567, 87, 3568, 87, 87, 3566, 87, + 87, 3574, 87, 3569, 3575, 87, 3562, 87, 3570, 87, + 87, 87, 87, 3571, 3581, 87, 3572, 3582, 87, 87, + 3580, 3573, 87, 3578, 87, 87, 3577, 3585, 3576, 3583, + 3579, 87, 3586, 87, 87, 87, 3588, 3584, 87, 3589, + 3593, 3587, 3591, 87, 3595, 3590, 3592, 87, 87, 87, + 87, 87, 3594, 3598, 87, 87, 3599, 3597, 87, 87, + 3596, 87, 3601, 87, 3602, 87, 87, 87, 87, 87, + 3605, 87, 87, 87, 87, 3600, 87, 3609, 3606, 3607, + 3610, 3603, 87, 3604, 87, 87, 3608, 87, 3611, 87, - 87, 3615, 87, 87, 3613, 3610, 87, 87, 3616, 3614, - 3618, 87, 3620, 87, 3621, 3622, 87, 87, 3623, 3624, - 3628, 87, 3619, 3625, 87, 3617, 3626, 3627, 87, 87, - 87, 3631, 87, 3629, 87, 87, 3634, 87, 87, 3630, - 87, 3635, 87, 87, 3639, 87, 87, 87, 3638, 3633, - 87, 87, 3632, 87, 87, 3644, 87, 3904, 3636, 87, - 3643, 87, 3637, 3645, 3640, 87, 87, 3641, 3648, 87, - 3649, 3646, 3650, 87, 87, 3642, 3657, 3647, 3651, 87, - 3652, 3653, 87, 3654, 87, 3655, 87, 87, 87, 3661, - 87, 87, 3658, 3663, 3662, 87, 3656, 3659, 87, 87, + 87, 87, 3615, 3612, 3613, 3619, 3620, 3622, 87, 87, + 3614, 3616, 3617, 87, 3623, 87, 3618, 3621, 3625, 3624, + 87, 3626, 3627, 87, 3628, 87, 87, 3631, 87, 87, + 3629, 87, 3634, 87, 3632, 3630, 87, 3636, 87, 3637, + 3638, 87, 87, 3639, 3640, 3644, 87, 3641, 87, 87, + 3633, 3635, 3642, 3643, 3645, 87, 87, 3647, 87, 87, + 87, 3650, 87, 87, 3651, 3646, 87, 87, 87, 3655, + 87, 87, 87, 3654, 3649, 87, 87, 3648, 87, 87, + 87, 87, 3660, 3659, 3920, 87, 3652, 3653, 3661, 3656, + 3665, 87, 3657, 3666, 87, 3662, 87, 87, 3668, 3663, - 3660, 87, 87, 87, 3670, 87, 3665, 3667, 3668, 87, - 3671, 87, 3673, 87, 87, 3664, 87, 3672, 87, 3666, - 3669, 3674, 87, 3676, 3675, 3677, 87, 87, 3678, 3679, - 87, 87, 3682, 87, 3683, 87, 3680, 3684, 87, 3685, - 87, 3686, 87, 3687, 87, 3688, 87, 3689, 87, 3681, - 87, 87, 3692, 87, 3693, 87, 87, 87, 87, 87, - 3691, 3698, 87, 87, 87, 3694, 3700, 87, 87, 3695, - 87, 87, 87, 3704, 3697, 87, 3690, 87, 3696, 3701, - 87, 3702, 3699, 3703, 3706, 87, 87, 3705, 3708, 87, - 87, 3709, 3707, 3711, 87, 3713, 3712, 87, 3710, 87, + 3658, 3669, 87, 3670, 87, 3667, 3671, 87, 87, 87, + 87, 3677, 3679, 3672, 3674, 87, 3678, 87, 87, 3675, + 87, 87, 3676, 3673, 87, 87, 87, 3686, 87, 3683, + 3684, 3687, 87, 3689, 87, 3681, 87, 87, 3688, 87, + 3680, 87, 3682, 3690, 87, 3685, 3692, 3693, 87, 3695, + 87, 3691, 87, 3694, 87, 3698, 87, 3699, 87, 3700, + 87, 3696, 3701, 87, 3702, 87, 3703, 87, 3704, 87, + 3705, 87, 3697, 87, 87, 3708, 87, 3709, 87, 87, + 87, 87, 87, 3707, 3714, 87, 87, 87, 3710, 3716, + 87, 87, 3711, 87, 87, 87, 3720, 3713, 87, 3706, - 3716, 87, 3715, 87, 87, 87, 87, 87, 87, 3718, - 87, 87, 87, 3722, 87, 3714, 3724, 3717, 87, 3723, - 3719, 87, 3726, 3720, 3721, 87, 3725, 87, 87, 87, - 3729, 3730, 3732, 87, 3733, 87, 3734, 87, 3728, 87, - 3727, 87, 3731, 3735, 87, 3738, 87, 87, 3737, 87, - 3736, 3742, 87, 87, 87, 87, 87, 87, 3746, 3745, - 87, 3748, 3740, 3741, 3744, 87, 3739, 87, 87, 87, - 3747, 87, 87, 87, 87, 3743, 87, 87, 3749, 3757, - 87, 3755, 87, 87, 3752, 87, 3750, 3751, 3754, 3756, - 3760, 87, 3759, 3762, 87, 87, 3753, 3758, 87, 87, + 87, 3712, 3717, 87, 3718, 3715, 3719, 3722, 87, 87, + 3721, 3724, 87, 87, 3725, 3723, 3727, 87, 3729, 3728, + 87, 3726, 87, 3732, 87, 3731, 87, 87, 87, 87, + 87, 87, 3734, 87, 87, 87, 3738, 87, 3730, 3740, + 3733, 87, 3739, 3735, 87, 3742, 3736, 3737, 87, 3741, + 87, 87, 87, 3745, 3746, 3748, 87, 3749, 87, 3750, + 87, 3744, 87, 3743, 87, 3747, 3751, 87, 3754, 87, + 87, 3753, 87, 3752, 3758, 87, 87, 87, 87, 87, + 87, 3762, 3761, 87, 3764, 3756, 3757, 3760, 87, 3755, + 87, 87, 87, 3763, 87, 87, 87, 87, 3759, 87, - 3764, 3761, 87, 3763, 87, 3765, 3767, 87, 3768, 87, - 3770, 87, 3769, 87, 87, 87, 3772, 3904, 3766, 3771, - 3773, 87, 3774, 87, 3776, 87, 87, 3780, 3777, 87, - 87, 3778, 3775, 3782, 3779, 87, 87, 87, 87, 87, - 3786, 87, 3785, 3788, 87, 3781, 3789, 87, 3784, 3783, - 3790, 87, 3791, 87, 87, 87, 3794, 87, 3787, 87, - 87, 87, 87, 3799, 87, 87, 3800, 87, 87, 3792, - 3796, 3803, 3804, 87, 3793, 3795, 3801, 87, 87, 87, - 3798, 87, 87, 87, 87, 3797, 3802, 3805, 3808, 3809, - 87, 87, 3806, 3810, 87, 3814, 87, 87, 87, 87, + 87, 3765, 3773, 87, 3771, 87, 87, 3768, 87, 3766, + 3767, 3770, 3772, 3776, 87, 3775, 3778, 87, 87, 3769, + 3774, 87, 87, 3780, 3777, 87, 3779, 87, 3781, 3783, + 87, 3784, 87, 3786, 87, 3785, 87, 87, 87, 3788, + 3920, 3782, 3787, 3789, 87, 3790, 87, 3792, 87, 87, + 3796, 3793, 87, 87, 3794, 3791, 3798, 3795, 87, 87, + 87, 87, 87, 3802, 87, 3801, 3804, 87, 3797, 3805, + 87, 3800, 3799, 3806, 87, 3807, 87, 87, 87, 3810, + 87, 3803, 87, 87, 87, 87, 3815, 87, 87, 3816, + 87, 87, 3808, 3812, 3819, 3820, 87, 3809, 3811, 3817, - 3807, 87, 3816, 3811, 3812, 3813, 3818, 87, 87, 87, - 87, 87, 87, 3815, 3825, 87, 3823, 3824, 87, 3817, - 87, 3820, 3821, 87, 87, 87, 3819, 3830, 87, 3822, - 3831, 3832, 87, 3829, 87, 3833, 3904, 87, 3826, 3828, - 87, 3827, 87, 87, 3838, 3834, 87, 3835, 3836, 87, - 87, 3837, 3839, 87, 3840, 3841, 87, 87, 87, 87, - 87, 3843, 87, 3848, 3842, 87, 3845, 87, 87, 87, - 87, 3851, 87, 3852, 3853, 87, 87, 3844, 87, 3846, - 3850, 3847, 87, 3856, 3849, 3854, 87, 87, 3855, 87, - 3860, 3857, 3861, 87, 87, 87, 87, 3865, 3863, 3859, + 87, 87, 87, 3814, 87, 87, 87, 87, 3813, 3818, + 3821, 3824, 3825, 87, 87, 3822, 3826, 87, 3830, 87, + 87, 87, 87, 3823, 87, 3832, 3827, 3828, 3829, 3834, + 87, 87, 87, 87, 87, 87, 3831, 3841, 87, 3839, + 3840, 87, 3833, 87, 3836, 3837, 87, 87, 87, 3835, + 3846, 87, 3838, 3847, 3848, 87, 3845, 87, 3849, 3920, + 87, 3842, 3844, 87, 3843, 87, 87, 3854, 3850, 87, + 3851, 3852, 87, 87, 3853, 3855, 87, 3856, 3857, 87, + 87, 87, 87, 87, 3859, 87, 3864, 3858, 87, 3861, + 87, 87, 87, 87, 3867, 87, 3868, 3869, 87, 87, - 87, 3858, 87, 3867, 87, 3868, 3862, 87, 87, 87, - 3872, 87, 3869, 3873, 87, 3870, 87, 87, 3875, 3866, - 87, 3864, 3874, 3876, 87, 87, 87, 3877, 3871, 87, - 87, 87, 3878, 87, 3880, 3882, 87, 87, 3884, 87, - 87, 87, 3885, 87, 3888, 3879, 3889, 87, 87, 3881, - 3883, 87, 3892, 3893, 87, 87, 3895, 87, 3886, 3887, - 3890, 87, 3894, 3896, 87, 87, 87, 3891, 3897, 87, - 3898, 3899, 87, 3902, 87, 3903, 87, 3904, 3904, 3904, - 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3900, 3904, - 3904, 3901, 48, 48, 48, 48, 48, 48, 48, 53, + 3860, 87, 3862, 3866, 3863, 87, 3872, 3865, 3870, 87, + 87, 3871, 87, 3876, 3873, 3877, 87, 87, 87, 87, + 3881, 3879, 3875, 87, 3874, 87, 3883, 87, 3884, 3878, + 87, 87, 87, 3888, 87, 3885, 3889, 87, 3886, 87, + 87, 3891, 3882, 87, 3880, 3890, 3892, 87, 87, 87, + 3893, 3887, 87, 87, 87, 3894, 87, 3896, 3898, 87, + 87, 3900, 87, 87, 87, 3901, 87, 3904, 3895, 3905, + 87, 87, 3897, 3899, 87, 3908, 3909, 87, 87, 3911, + 87, 3902, 3903, 3906, 87, 3910, 3912, 87, 87, 87, + 3907, 3913, 87, 3914, 3915, 87, 3918, 87, 3919, 87, - 53, 53, 53, 53, 53, 53, 58, 58, 58, 58, - 58, 58, 58, 64, 64, 64, 64, 64, 64, 64, - 69, 69, 69, 69, 69, 69, 69, 75, 75, 75, - 75, 75, 75, 75, 81, 81, 81, 81, 81, 81, - 81, 90, 90, 3904, 90, 90, 90, 90, 163, 163, - 3904, 3904, 3904, 163, 163, 165, 165, 3904, 3904, 165, - 3904, 165, 167, 3904, 3904, 3904, 3904, 3904, 167, 170, - 170, 3904, 3904, 3904, 170, 170, 172, 3904, 3904, 3904, - 3904, 3904, 172, 174, 174, 3904, 174, 174, 174, 174, - 177, 3904, 3904, 3904, 3904, 3904, 177, 180, 180, 3904, + 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, + 3920, 3916, 3920, 3920, 3917, 48, 48, 48, 48, 48, + 48, 48, 53, 53, 53, 53, 53, 53, 53, 58, + 58, 58, 58, 58, 58, 58, 64, 64, 64, 64, + 64, 64, 64, 69, 69, 69, 69, 69, 69, 69, + 75, 75, 75, 75, 75, 75, 75, 81, 81, 81, + 81, 81, 81, 81, 90, 90, 3920, 90, 90, 90, + 90, 163, 163, 3920, 3920, 3920, 163, 163, 165, 165, + 3920, 3920, 165, 3920, 165, 167, 3920, 3920, 3920, 3920, + 3920, 167, 170, 170, 3920, 3920, 3920, 170, 170, 172, - 3904, 3904, 180, 180, 91, 91, 3904, 91, 91, 91, - 91, 17, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, - 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, - 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, - 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, - 3904, 3904 + 3920, 3920, 3920, 3920, 3920, 172, 174, 174, 3920, 174, + 174, 174, 174, 177, 3920, 3920, 3920, 3920, 3920, 177, + 180, 180, 3920, 3920, 3920, 180, 180, 91, 91, 3920, + 91, 91, 91, 91, 17, 3920, 3920, 3920, 3920, 3920, + 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, + 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, + 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, + 3920, 3920, 3920, 3920, 3920 } ; -static yyconst flex_int16_t yy_chk[7653] = +static yyconst flex_int16_t yy_chk[7676] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -2579,13 +2584,13 @@ static yyconst flex_int16_t yy_chk[7653] = 5, 3, 6, 24, 4, 24, 24, 5, 24, 6, 7, 7, 7, 7, 24, 7, 8, 8, 8, 8, 33, 8, 7, 9, 9, 9, 26, 26, 8, 10, - 10, 10, 19, 29, 9, 33, 19, 29, 3912, 35, + 10, 10, 19, 29, 9, 33, 19, 29, 3928, 35, 10, 11, 11, 11, 11, 11, 11, 13, 13, 13, 13, 34, 13, 11, 35, 101, 34, 29, 38, 13, 46, 46, 11, 12, 12, 12, 12, 12, 12, 14, 14, 14, 14, 101, 14, 12, 15, 15, 15, 38, - 23, 14, 23, 23, 12, 23, 3156, 15, 16, 16, + 23, 14, 23, 23, 12, 23, 3195, 15, 16, 16, 16, 23, 23, 27, 27, 30, 30, 31, 31, 16, 25, 27, 131, 25, 25, 27, 31, 25, 27, 32, 30, 47, 25, 32, 25, 131, 32, 31, 40, 45, @@ -2604,7 +2609,7 @@ static yyconst flex_int16_t yy_chk[7653] = 100, 99, 102, 100, 98, 104, 105, 106, 103, 103, 111, 104, 107, 109, 108, 116, 100, 104, 110, 104, - 108, 113, 114, 110, 105, 105, 112, 109, 1212, 106, + 108, 113, 114, 110, 105, 105, 112, 109, 3169, 106, 111, 107, 110, 108, 118, 116, 117, 112, 112, 113, 114, 117, 115, 120, 119, 112, 115, 119, 118, 120, 119, 121, 122, 123, 124, 125, 123, 122, 126, 127, @@ -2618,18 +2623,18 @@ static yyconst flex_int16_t yy_chk[7653] = 147, 149, 149, 145, 153, 148, 150, 145, 156, 154, 155, 157, 155, 150, 158, 152, 157, 159, 160, 149, 156, 155, 149, 160, 150, 154, 158, 161, 162, 164, - 164, 166, 182, 155, 166, 159, 161, 182, 168, 180, + 164, 166, 182, 155, 166, 159, 161, 182, 168, 1212, 168, 168, 162, 168, 171, 171, 173, 184, 173, 173, 174, 173, 174, 174, 176, 174, 178, 176, 178, 178, 183, 178, 174, 181, 181, 184, 183, 185, 187, 188, 189, 190, 191, 193, 192, 183, 187, 194, 189, 192, 188, 197, 185, 187, 206, 195, 198, 191, 194, 196, - 190, 198, 179, 193, 195, 196, 196, 199, 199, 200, + 190, 198, 180, 193, 195, 196, 196, 199, 199, 200, 199, 204, 201, 206, 201, 200, 197, 201, 202, 203, 203, 207, 202, 204, 205, 209, 207, 202, 208, 205, 205, 210, 202, 208, 201, 211, 212, 209, 202, 202, - 212, 211, 213, 214, 215, 216, 177, 213, 218, 219, + 212, 211, 213, 214, 215, 216, 179, 213, 218, 219, 217, 210, 220, 224, 219, 223, 222, 220, 215, 214, 216, 222, 217, 229, 211, 217, 218, 221, 221, 224, 225, 221, 232, 221, 227, 223, 225, 226, 226, 235, @@ -2650,7 +2655,7 @@ static yyconst flex_int16_t yy_chk[7653] = 294, 291, 283, 292, 293, 290, 291, 285, 292, 295, 293, 287, 296, 297, 298, 294, 299, 300, 302, 301, - 172, 302, 297, 295, 299, 301, 307, 303, 298, 303, + 177, 302, 297, 295, 299, 301, 307, 303, 298, 303, 296, 304, 304, 305, 305, 306, 308, 308, 306, 309, 309, 310, 300, 331, 307, 311, 311, 312, 313, 314, 312, 316, 313, 315, 319, 318, 331, 310, 314, 320, @@ -2671,7 +2676,7 @@ static yyconst flex_int16_t yy_chk[7653] = 409, 387, 379, 375, 371, 376, 376, 379, 376, 380, 387, 374, 372, 384, 373, 380, 381, 376, 378, 409, - 382, 381, 170, 383, 376, 382, 383, 384, 383, 385, + 382, 381, 172, 383, 376, 382, 383, 384, 383, 385, 386, 382, 389, 386, 394, 385, 388, 388, 389, 390, 390, 395, 391, 396, 395, 397, 386, 391, 408, 386, 398, 386, 392, 392, 394, 392, 464, 401, 396, 464, @@ -2679,7 +2684,7 @@ static yyconst flex_int16_t yy_chk[7653] = 392, 401, 406, 392, 393, 393, 404, 393, 406, 405, 411, 407, 400, 403, 405, 405, 412, 407, 410, 411, 393, 414, 415, 393, 407, 393, 413, 393, 402, 416, - 402, 402, 413, 410, 420, 412, 417, 169, 421, 414, + 402, 402, 413, 410, 420, 412, 417, 170, 421, 414, 402, 402, 402, 402, 402, 418, 422, 402, 415, 416, 417, 418, 419, 425, 420, 418, 426, 419, 421, 423, @@ -2693,7 +2698,7 @@ static yyconst flex_int16_t yy_chk[7653] = 452, 453, 453, 451, 458, 459, 456, 466, 458, 471, 461, 460, 462, 453, 459, 453, 454, 460, 462, 463, - 465, 454, 471, 463, 475, 465, 167, 466, 475, 454, + 465, 454, 471, 463, 475, 465, 169, 466, 475, 454, 454, 467, 467, 454, 454, 469, 469, 454, 470, 472, 472, 473, 476, 470, 474, 477, 478, 473, 479, 474, 481, 478, 482, 479, 480, 480, 483, 476, 484, 486, @@ -2701,7 +2706,7 @@ static yyconst flex_int16_t yy_chk[7653] = 484, 489, 482, 490, 483, 491, 491, 492, 494, 494, 486, 495, 492, 500, 497, 498, 498, 501, 502, 493, 497, 503, 504, 505, 506, 501, 507, 509, 505, 512, - 503, 510, 511, 495, 500, 512, 513, 165, 507, 502, + 503, 510, 511, 495, 500, 512, 513, 167, 507, 502, 514, 518, 515, 504, 506, 509, 514, 509, 516, 510, 513, 515, 511, 517, 516, 518, 519, 520, 517, 521, @@ -2711,7 +2716,7 @@ static yyconst flex_int16_t yy_chk[7653] = 538, 531, 527, 536, 539, 542, 543, 544, 533, 551, 530, 535, 545, 537, 546, 548, 545, 539, 547, 538, 540, 540, 544, 547, 551, 542, 540, 543, 540, 553, - 552, 548, 163, 546, 540, 552, 540, 549, 550, 540, + 552, 548, 165, 546, 540, 552, 540, 549, 550, 540, 540, 549, 554, 550, 556, 553, 540, 550, 553, 557, 555, 554, 559, 560, 558, 552, 555, 558, 562, 556, @@ -2725,7 +2730,7 @@ static yyconst flex_int16_t yy_chk[7653] = 597, 596, 598, 600, 599, 595, 597, 599, 601, 603, 602, 605, 591, 603, 598, 602, 604, 600, 606, 604, - 605, 86, 608, 601, 609, 609, 607, 605, 610, 610, + 605, 163, 608, 601, 609, 609, 607, 605, 610, 610, 605, 607, 607, 612, 606, 608, 611, 617, 611, 612, 613, 613, 614, 614, 615, 618, 616, 619, 622, 621, 615, 616, 616, 620, 621, 617, 620, 623, 624, 619, @@ -2740,7 +2745,7 @@ static yyconst flex_int16_t yy_chk[7653] = 657, 659, 658, 656, 660, 661, 662, 663, 661, 660, 664, 662, 665, 666, 668, 673, 667, 669, 669, 665, 659, 667, 670, 663, 658, 671, 666, 672, 664, 674, - 675, 670, 672, 676, 668, 677, 673, 680, 81, 678, + 675, 670, 672, 676, 668, 677, 673, 680, 86, 678, 680, 682, 676, 674, 671, 678, 675, 677, 679, 681, 681, 685, 681, 683, 679, 684, 683, 682, 686, 687, 684, 688, 689, 691, 690, 692, 688, 694, 691, 685, @@ -2756,12 +2761,12 @@ static yyconst flex_int16_t yy_chk[7653] = 719, 723, 720, 721, 722, 732, 728, 724, 732, 734, 730, 729, 735, 733, 736, 734, 731, 732, 737, 738, 739, 740, 741, 743, 742, 744, 741, 745, 736, 746, - 737, 747, 735, 749, 750, 750, 76, 753, 738, 743, + 737, 747, 735, 749, 750, 750, 81, 753, 738, 743, 740, 739, 742, 744, 748, 745, 745, 749, 746, 748, 747, 751, 752, 754, 755, 751, 753, 756, 757, 758, 759, 763, 756, 760, 754, 766, 752, 761, 755, 762, - 760, 75, 761, 759, 757, 764, 762, 765, 758, 767, + 760, 76, 761, 759, 757, 764, 762, 765, 758, 767, 764, 768, 765, 766, 769, 763, 767, 770, 771, 772, 768, 775, 779, 773, 775, 774, 770, 771, 769, 773, 774, 772, 776, 777, 778, 780, 776, 779, 780, 781, @@ -2770,7 +2775,7 @@ static yyconst flex_int16_t yy_chk[7653] = 794, 782, 793, 795, 790, 796, 793, 797, 799, 798, 800, 789, 794, 797, 791, 798, 799, 800, 801, 792, - 802, 803, 806, 796, 809, 810, 813, 809, 795, 69, + 802, 803, 806, 796, 809, 810, 813, 809, 795, 75, 816, 818, 814, 817, 819, 813, 801, 806, 814, 817, 818, 803, 810, 820, 824, 802, 804, 820, 804, 823, 819, 804, 816, 821, 821, 804, 822, 822, 804, 825, @@ -2778,7 +2783,7 @@ static yyconst flex_int16_t yy_chk[7653] = 830, 834, 832, 825, 833, 830, 835, 840, 833, 837, 835, 826, 828, 828, 828, 831, 828, 829, 836, 828, 832, 839, 838, 836, 828, 834, 835, 838, 837, 845, - 828, 828, 840, 828, 841, 842, 839, 841, 843, 64, + 828, 828, 840, 828, 841, 842, 839, 841, 843, 69, 842, 842, 844, 844, 845, 843, 846, 847, 847, 848, 849, 846, 850, 849, 848, 851, 851, 850, 852, 853, @@ -2805,7 +2810,7 @@ static yyconst flex_int16_t yy_chk[7653] = 941, 946, 947, 950, 944, 948, 949, 949, 943, 946, 948, 951, 952, 953, 955, 954, 947, 956, 957, 960, 958, 952, 950, 954, 959, 960, 961, 962, 964, 963, - 965, 951, 961, 953, 955, 963, 969, 957, 59, 956, + 965, 951, 961, 953, 955, 963, 969, 957, 64, 956, 958, 962, 964, 966, 959, 967, 970, 972, 968, 966, 965, 967, 968, 977, 971, 969, 973, 973, 970, 971, 978, 974, 976, 975, 979, 976, 970, 974, 972, 975, @@ -2819,600 +2824,602 @@ static yyconst flex_int16_t yy_chk[7653] = 1012, 1002, 1003, 1010, 1010, 1003, 1007, 1003, 1013, 1066, 1015, 1003, 1066, 1003, 1011, 1012, 1014, 1009, 1003, 1017, 1016, 1014, 1013, 1003, 1015, 1016, 1016, 1018, 1017, 1019, - 1022, 1020, 1021, 1019, 1023, 1024, 1026, 1021, 1027, 1023, - 58, 1018, 1022, 1025, 1025, 1019, 1020, 1021, 1029, 1024, - 1028, 1031, 1027, 1029, 1030, 1032, 1031, 1026, 1033, 1028, - 1030, 1032, 1034, 1034, 1033, 1035, 1036, 1037, 1038, 1041, + 1022, 1020, 1023, 1019, 1021, 1021, 1024, 1023, 1026, 1021, + 1027, 1018, 1022, 1025, 1025, 1019, 1020, 1028, 1029, 1021, + 1024, 1030, 1032, 1029, 1027, 1031, 1028, 1030, 1032, 1026, + 1031, 1033, 1034, 1034, 1035, 1036, 1037, 1033, 1038, 1035, - 1035, 1042, 1036, 1039, 1043, 1047, 1042, 1046, 1044, 1045, - 1045, 1041, 1046, 1047, 1051, 1048, 1049, 1038, 1043, 1037, - 1044, 1039, 1040, 1040, 1050, 1052, 53, 1053, 1040, 1048, - 1040, 1054, 1049, 1051, 1055, 1056, 1040, 1054, 1050, 1055, - 1057, 1040, 1040, 1053, 1052, 1058, 1059, 1056, 1040, 1060, - 1061, 1061, 1062, 1063, 1065, 1067, 1062, 1068, 1057, 1069, - 1065, 1058, 1068, 1070, 1059, 1071, 1072, 1060, 1074, 1070, - 1071, 1075, 1069, 1063, 1067, 1076, 1077, 1074, 1078, 1079, - 1075, 1080, 1077, 1081, 1084, 1072, 1080, 1078, 1082, 1083, - 1083, 1076, 1086, 1085, 1088, 1089, 1094, 1087, 1079, 1092, + 1041, 1036, 1039, 1042, 1044, 1043, 1045, 1045, 1042, 1046, + 1048, 1050, 1041, 1051, 1046, 1047, 1044, 1038, 1037, 1043, + 1039, 1040, 1040, 1047, 1048, 1050, 1049, 1040, 1053, 1040, + 1052, 1054, 1051, 1055, 1056, 1040, 1057, 1054, 1055, 1058, + 1040, 1040, 1049, 1059, 1053, 1060, 1056, 1040, 1062, 1052, + 1061, 1061, 1062, 1063, 1057, 1058, 1065, 1067, 1069, 1068, + 1070, 1059, 1065, 1060, 1068, 1071, 1070, 1072, 1074, 1075, + 1071, 1069, 1076, 1063, 1077, 1078, 1067, 1074, 1075, 1079, + 1077, 1081, 1080, 1082, 1078, 1084, 1072, 1080, 1076, 1083, + 1083, 1085, 1089, 1086, 1088, 1087, 1094, 1082, 1079, 1092, - 1088, 1086, 1082, 1081, 1084, 1085, 1087, 1090, 1095, 1096, - 1094, 1097, 1089, 1090, 1098, 1092, 1097, 1099, 1100, 1101, - 1098, 1103, 1104, 1102, 1107, 1108, 1103, 1104, 1095, 1107, - 1108, 1109, 1100, 1111, 1096, 1113, 1099, 1101, 1102, 1111, - 1109, 1110, 1110, 1112, 1113, 1114, 1115, 1117, 1118, 1112, - 1121, 1120, 1120, 1118, 1118, 1120, 1123, 1124, 1122, 1115, - 1114, 1122, 1125, 1117, 1126, 1121, 1127, 1128, 1129, 1130, - 1123, 1126, 1131, 1132, 1133, 1130, 1134, 1124, 1125, 1132, - 1128, 1134, 1135, 1129, 1127, 1137, 1137, 1138, 1139, 1133, - 1138, 1142, 1131, 1140, 1141, 1143, 1135, 1144, 1140, 1141, + 1088, 1081, 1086, 1085, 1087, 1084, 1090, 1095, 1096, 1089, + 1094, 1097, 1090, 1098, 1100, 1092, 1097, 1099, 1103, 1098, + 1101, 1104, 1102, 1103, 1107, 1108, 1104, 1095, 1100, 1107, + 1108, 1109, 1117, 1096, 1110, 1110, 1099, 1102, 1101, 1111, + 1109, 1112, 1113, 1114, 1115, 1111, 1121, 1112, 1117, 1118, + 1123, 1113, 1120, 1120, 1118, 1118, 1120, 1115, 1114, 1122, + 1124, 1121, 1122, 1125, 1123, 1126, 1127, 1129, 1128, 1130, + 1131, 1132, 1126, 1133, 1139, 1130, 59, 1132, 1134, 1125, + 1124, 1128, 1129, 1134, 1127, 1135, 1137, 1137, 1133, 1138, + 1131, 1140, 1138, 1141, 1142, 1139, 1140, 1143, 1141, 1135, - 1145, 1146, 1144, 1149, 1143, 1145, 1148, 1142, 1150, 1139, - 1151, 1152, 1148, 1146, 1150, 1153, 1153, 1152, 1154, 1149, - 1155, 1156, 1157, 1157, 1156, 1158, 1159, 1154, 1160, 1161, - 1163, 1151, 1161, 1162, 1164, 1165, 1163, 1166, 1155, 1167, - 1164, 1165, 1166, 1158, 1167, 1159, 1162, 1168, 1160, 1169, - 1170, 1173, 1172, 1168, 1169, 1174, 1170, 1172, 1175, 1178, - 1176, 1177, 1177, 1179, 1175, 1176, 1180, 1181, 1178, 1173, - 1182, 1180, 1179, 1183, 1184, 1174, 1183, 1184, 1186, 1185, - 1187, 1188, 1189, 1186, 1192, 1181, 1190, 1195, 1191, 1182, - 1185, 1193, 1190, 1188, 1191, 1196, 1193, 1198, 1187, 1192, + 1144, 1146, 1145, 1148, 1149, 1144, 1143, 1145, 1150, 1148, + 1142, 1151, 1152, 1146, 1150, 1153, 1153, 1154, 1152, 1155, + 1149, 1156, 1157, 1157, 1156, 1158, 1154, 1159, 1160, 1162, + 1161, 1166, 1151, 1161, 1163, 1164, 1166, 1155, 1165, 1174, + 1163, 1164, 1162, 1158, 1165, 1167, 1159, 1168, 1160, 1169, + 1167, 1170, 1173, 1168, 1169, 1172, 1175, 1170, 1176, 1174, + 1172, 1181, 1175, 1176, 1177, 1177, 1178, 1179, 1180, 1182, + 1173, 1183, 1185, 1180, 1183, 1178, 1179, 1184, 1187, 1181, + 1184, 1186, 1188, 1185, 1189, 1190, 1186, 1191, 1182, 1192, + 1193, 1190, 1195, 1191, 1188, 1193, 1187, 1194, 1194, 1196, - 1197, 1189, 1194, 1194, 1199, 1200, 1195, 1201, 1199, 1196, - 1202, 1203, 1197, 1205, 1208, 1198, 1201, 1206, 1207, 1207, - 1209, 1211, 1208, 1200, 1213, 1209, 1206, 1214, 1210, 1202, - 1216, 1215, 1205, 1210, 1218, 1216, 1203, 1217, 1213, 1219, - 1219, 1211, 1214, 1215, 1220, 1221, 1217, 1222, 1223, 1218, - 1224, 1221, 1225, 1222, 1226, 1227, 1223, 1227, 1228, 1226, - 1229, 1230, 1231, 1228, 1220, 1224, 1232, 1231, 1225, 1233, - 1234, 1235, 1236, 1234, 1229, 1230, 1237, 1240, 1235, 1239, - 1239, 1232, 1241, 1242, 1243, 1244, 1241, 1236, 1233, 1246, - 1245, 1240, 1242, 1249, 1247, 1237, 1245, 1249, 1253, 1247, + 1197, 1198, 1199, 1189, 1192, 1200, 1199, 1201, 1202, 1203, + 1205, 1195, 1197, 1196, 1208, 1206, 1201, 1207, 1207, 1198, + 1209, 1210, 1208, 1200, 1206, 1209, 1210, 1202, 1211, 1205, + 1213, 1214, 1216, 1215, 1203, 1218, 1220, 1216, 1217, 1219, + 1219, 1229, 1225, 1221, 1213, 1215, 1214, 1217, 1211, 1221, + 1218, 1222, 1223, 1224, 1226, 1229, 1220, 1222, 1225, 1226, + 1223, 1227, 1228, 1227, 1230, 1231, 1232, 1228, 1224, 1233, + 1231, 1234, 1235, 1237, 1234, 1236, 1239, 1239, 1230, 1235, + 1240, 1232, 1241, 1243, 1242, 1244, 1241, 1246, 1233, 1245, + 1236, 1251, 1237, 1242, 1240, 1245, 1251, 1247, 1255, 1249, - 1244, 1251, 1243, 1250, 1250, 1253, 1251, 1254, 1247, 1246, - 1247, 1252, 1252, 1247, 1255, 1256, 1258, 1255, 1257, 1260, - 1261, 1254, 1263, 1262, 1260, 1258, 1264, 1265, 1263, 1266, - 1267, 1264, 1269, 1269, 1256, 1262, 1257, 1270, 1271, 1261, - 1266, 1265, 1270, 1271, 1272, 1273, 1275, 1274, 1276, 1267, - 1273, 1274, 1277, 1278, 1279, 1275, 1280, 1279, 1281, 1283, - 1284, 1282, 1285, 1276, 1272, 1281, 1279, 1277, 1286, 1287, - 1289, 1280, 1278, 1282, 1286, 1288, 1289, 1290, 1283, 1291, - 1285, 1284, 1292, 1293, 1287, 1294, 1288, 1296, 1295, 1297, - 1298, 1292, 1300, 1303, 1307, 1299, 1302, 1290, 1293, 1291, + 1244, 1243, 1247, 1249, 1250, 1250, 1254, 1246, 1252, 1252, + 1253, 1247, 1255, 1247, 1257, 1256, 1247, 1253, 1256, 1254, + 1258, 1259, 1261, 1262, 1263, 1264, 1266, 1261, 1267, 1265, + 1259, 1264, 1268, 1257, 1265, 1273, 1263, 58, 1258, 1267, + 1266, 1271, 1262, 1270, 1270, 1272, 1271, 1274, 1276, 1275, + 1272, 1268, 1274, 1275, 1277, 1273, 1278, 1276, 1279, 1281, + 1280, 1282, 1284, 1280, 1283, 1285, 1286, 1287, 1282, 1277, + 1288, 1278, 1280, 1287, 1281, 1291, 1283, 1279, 1289, 1292, + 1298, 1284, 1290, 1293, 1286, 1288, 1285, 1294, 1290, 1289, + 1295, 1296, 1293, 1297, 1300, 1291, 1299, 1301, 1303, 1292, - 1295, 1299, 1302, 1304, 1294, 1298, 1296, 1305, 1303, 1306, - 1307, 1308, 1300, 1309, 1297, 1305, 1308, 1304, 1310, 1311, - 1312, 1317, 1313, 1310, 1310, 1309, 1314, 1314, 1316, 1306, - 1317, 1318, 1319, 1319, 1312, 1313, 1327, 1318, 1311, 1315, - 1315, 1316, 1321, 1323, 1315, 1320, 1321, 1315, 1315, 1323, - 1320, 1322, 1315, 1330, 1324, 48, 1325, 1327, 1315, 1324, - 1322, 1325, 1315, 1326, 1326, 1328, 1328, 1329, 1331, 1332, - 1329, 1333, 1329, 1330, 1335, 1332, 1334, 1333, 1336, 1334, - 1337, 1338, 1339, 1335, 1340, 1337, 1331, 1341, 1342, 1345, - 1340, 1343, 1348, 1341, 1342, 1338, 1343, 1344, 1336, 1346, + 1300, 1304, 1294, 1296, 1303, 1298, 1305, 1306, 1307, 1295, + 1308, 1299, 1297, 1309, 1312, 1306, 1304, 1301, 1309, 1310, + 1305, 1313, 1321, 1314, 1311, 1318, 1308, 1321, 1307, 1311, + 1311, 1310, 1317, 1312, 1318, 1313, 1314, 1315, 1315, 1316, + 1316, 1320, 1320, 1319, 1316, 1317, 1322, 1316, 1316, 1319, + 1322, 1323, 1316, 1324, 1327, 1327, 1325, 1328, 1316, 1324, + 1323, 1325, 1316, 1326, 1329, 1329, 1330, 1331, 1326, 1330, + 1332, 1330, 1335, 1333, 1334, 1335, 1336, 1337, 1328, 1333, + 1334, 1338, 1339, 1340, 1341, 1336, 1338, 1331, 1332, 1342, + 1341, 1349, 1343, 1346, 1344, 1342, 1339, 1337, 1343, 1344, - 1339, 1344, 1345, 1351, 1347, 1355, 1348, 1354, 1346, 1347, - 1349, 1349, 1353, 1346, 1351, 1346, 1353, 1346, 1356, 1346, - 1350, 1350, 1354, 1350, 1357, 1355, 1358, 1361, 1359, 1360, - 1362, 1358, 1358, 1357, 1363, 1362, 1356, 1359, 1360, 1365, - 1366, 1364, 1367, 1369, 1369, 1368, 1371, 1372, 1363, 1361, - 1364, 1368, 1370, 1374, 1371, 1373, 1367, 1375, 1365, 1366, - 1373, 1372, 1376, 1377, 1370, 1378, 1375, 1374, 1379, 1376, - 1380, 1380, 1381, 1379, 1382, 1382, 1384, 1383, 1384, 1387, - 1386, 1377, 1383, 1386, 1387, 1388, 1389, 1381, 1390, 1390, - 1378, 1391, 1392, 1392, 1394, 1389, 1393, 1393, 1395, 1394, + 1345, 1340, 1347, 1348, 1345, 1349, 1346, 1356, 1348, 1350, + 1350, 1347, 1351, 1351, 1352, 1351, 1347, 1354, 1347, 1355, + 1347, 1354, 1347, 1357, 1358, 1352, 1359, 1356, 1360, 1361, + 1362, 1359, 1359, 1358, 1355, 1363, 1364, 1360, 1361, 1365, + 1363, 1357, 1366, 1367, 1368, 1369, 1370, 1370, 1365, 1372, + 1364, 1369, 1362, 1371, 1373, 1374, 1375, 1372, 1368, 1377, + 1374, 1366, 1367, 1376, 1378, 1371, 1377, 1379, 1373, 1380, + 1375, 1382, 1376, 1392, 1380, 1381, 1381, 1383, 1383, 1384, + 1389, 1385, 1378, 1385, 1384, 1387, 1382, 1390, 1387, 1388, + 1391, 1391, 1379, 1392, 1388, 1396, 1390, 1393, 1393, 1389, - 1396, 1397, 1398, 1398, 1388, 1399, 1400, 1401, 1402, 1403, - 1401, 1391, 1404, 1407, 1406, 1403, 1406, 1404, 1405, 1395, - 1410, 1396, 1397, 1400, 1411, 1399, 1409, 1405, 1402, 1409, - 1413, 1407, 1415, 1412, 1414, 1410, 1416, 1411, 1412, 1414, - 1415, 1416, 1417, 1418, 1413, 1417, 1419, 1419, 1418, 1420, - 1421, 1422, 1423, 1424, 1420, 1426, 1427, 1422, 1428, 1423, - 1429, 1426, 1427, 1428, 1430, 1429, 1424, 1431, 1421, 1432, - 1430, 1433, 1434, 1434, 1435, 1436, 1431, 1440, 1438, 1439, - 1442, 1441, 1433, 1438, 1443, 1444, 1445, 1440, 1432, 1450, - 1447, 1444, 1445, 1446, 1435, 1436, 1441, 1439, 1449, 1446, + 1394, 1394, 1395, 1397, 1398, 1399, 1399, 1395, 1400, 1401, + 1402, 1403, 1404, 1402, 1405, 1407, 1396, 1407, 1404, 1405, + 1406, 1408, 1411, 1412, 1397, 1398, 1401, 1410, 1400, 1406, + 1410, 1403, 1414, 1413, 1416, 1415, 1412, 1411, 1413, 1408, + 1415, 1418, 1416, 1417, 1418, 1419, 1414, 1422, 1417, 1421, + 1419, 1420, 1420, 1423, 1421, 1424, 1425, 1427, 1428, 1423, + 1436, 1429, 1424, 1427, 1428, 1422, 1429, 1430, 1431, 1425, + 1432, 1433, 1430, 1434, 1431, 1435, 1435, 1437, 1439, 1432, + 1436, 1440, 1441, 1439, 1434, 1442, 1443, 1444, 1445, 1446, + 1433, 1451, 1441, 1448, 1445, 1446, 1447, 1437, 1452, 1440, - 1442, 1447, 1451, 1450, 1449, 1452, 1453, 1443, 1454, 1450, - 1452, 1455, 1453, 1456, 1457, 1459, 1451, 1458, 1458, 1460, - 1461, 1462, 1451, 1455, 1463, 1465, 1462, 1456, 1454, 1464, - 1464, 1466, 1457, 1468, 1470, 1459, 1466, 1469, 1461, 1472, - 1471, 1473, 1463, 1476, 1460, 1471, 1471, 1470, 1465, 1475, - 1473, 1469, 1468, 1474, 1477, 18, 1479, 1472, 1476, 1478, - 1480, 1474, 1480, 1475, 1478, 1479, 1481, 1478, 1483, 1477, - 1485, 1484, 1477, 1486, 1483, 1484, 1487, 1488, 1486, 1486, - 1481, 1485, 1489, 1490, 1491, 1492, 1493, 1494, 1490, 1491, - 1492, 1495, 1496, 1499, 1498, 1487, 1495, 1500, 1501, 1501, + 1442, 1450, 1447, 1453, 1448, 1451, 1443, 1450, 1453, 1454, + 1444, 1451, 1452, 1455, 1456, 1454, 1457, 1458, 1452, 1459, + 1459, 1460, 1461, 1463, 1462, 1464, 1456, 1466, 1463, 1467, + 1457, 1465, 1465, 1455, 1467, 1458, 1469, 1470, 1473, 1471, + 1472, 1460, 1462, 1464, 1474, 1472, 1472, 1461, 1476, 1475, + 1466, 1470, 1471, 1474, 1477, 1469, 1473, 1475, 1478, 1479, + 1482, 1480, 1476, 1481, 1479, 1481, 1484, 1479, 1485, 1477, + 1480, 1486, 1484, 1478, 1482, 1486, 1478, 1487, 1489, 1490, + 1488, 1491, 1492, 1495, 1485, 1488, 1488, 1492, 1487, 1493, + 1494, 1496, 1498, 1497, 1493, 1494, 1500, 1489, 1497, 1491, - 1489, 1502, 1503, 1488, 1493, 1502, 1504, 1494, 1498, 1506, - 1505, 1499, 1496, 1507, 1508, 1500, 1505, 1509, 1518, 1510, - 1503, 1506, 1511, 1512, 1517, 1504, 1516, 1513, 1514, 1507, - 1523, 1509, 1513, 1508, 1510, 1514, 1515, 1511, 1517, 1518, - 1519, 1515, 1512, 1521, 1516, 1520, 1520, 1522, 1525, 1519, - 1523, 1524, 1524, 1526, 1525, 1527, 1522, 1531, 1521, 1526, - 1528, 1528, 1529, 1529, 1530, 1532, 1533, 17, 1534, 1527, - 1530, 1533, 1535, 1531, 1534, 1536, 1537, 1537, 1535, 1538, - 1538, 1536, 1540, 1540, 1541, 1542, 1532, 1543, 1541, 1545, - 1544, 1546, 1549, 1547, 1542, 1548, 1548, 1552, 1553, 1538, + 1501, 1495, 1502, 1503, 1503, 1490, 1505, 1506, 1507, 1504, + 1500, 1496, 1498, 1504, 1507, 1508, 1509, 1510, 1501, 1511, + 1502, 1514, 1512, 1513, 1505, 1515, 1506, 1508, 1516, 1517, + 1515, 1518, 1509, 1511, 1517, 1516, 1510, 1512, 1513, 1519, + 1514, 1520, 1521, 1522, 1522, 1523, 1524, 1525, 1527, 1518, + 1529, 1521, 1528, 1519, 1527, 1524, 1526, 1526, 1528, 1533, + 1523, 1534, 1520, 1545, 1529, 1530, 1530, 1525, 1531, 1531, + 1532, 53, 1535, 1536, 1537, 1533, 1532, 1535, 1538, 1536, + 1537, 1545, 1534, 1544, 1538, 1539, 1539, 1540, 1540, 1542, + 1542, 1543, 1544, 1546, 1547, 1543, 1548, 1549, 1550, 1550, - 1547, 1538, 1544, 1545, 1551, 1543, 1546, 1550, 1554, 1551, - 1557, 1552, 1549, 1554, 1554, 1550, 1555, 1553, 1559, 1556, - 1560, 1555, 1555, 1556, 1558, 1558, 1561, 1562, 1563, 1564, - 1557, 1567, 1562, 1565, 1566, 1561, 1567, 1559, 1568, 1560, - 1566, 1569, 1570, 1571, 1572, 1573, 1574, 1563, 1575, 1564, - 1572, 1565, 1574, 1576, 1575, 1578, 1568, 1570, 1577, 1579, - 1580, 1569, 1581, 1582, 1573, 1583, 1587, 1577, 1584, 1571, - 1585, 1585, 1576, 1586, 1578, 1588, 1586, 1582, 1579, 1580, - 1589, 1581, 1594, 1584, 1595, 1587, 1583, 1590, 1590, 1591, - 1591, 1592, 1589, 1593, 1588, 1594, 1592, 1593, 1596, 1595, + 1551, 1553, 1552, 1554, 1549, 1546, 1553, 1540, 1547, 1540, + 1552, 1548, 1555, 1556, 1559, 48, 1557, 1554, 1556, 1556, + 1551, 1557, 1557, 1558, 1560, 1560, 1561, 1558, 1562, 1563, + 1564, 1555, 1565, 1566, 1559, 1564, 1567, 1568, 1563, 1569, + 1570, 1571, 1572, 1568, 1569, 1561, 1573, 1562, 1575, 1574, + 1576, 1565, 1578, 1566, 1567, 1574, 1576, 1572, 1570, 1577, + 1579, 1571, 1580, 1581, 1582, 1577, 1583, 1575, 1585, 1579, + 1584, 1578, 1573, 1586, 1587, 1587, 1588, 1589, 1590, 1588, + 1591, 1580, 1581, 1582, 1584, 1583, 1592, 1592, 1586, 1585, + 1593, 1593, 1591, 1594, 1596, 1595, 1589, 1590, 1594, 1595, - 1597, 1600, 1598, 1601, 1598, 1602, 1601, 1596, 1598, 1603, - 1602, 1604, 1605, 1597, 1606, 1606, 1610, 1607, 1609, 1600, - 1608, 1598, 1607, 1615, 1603, 1618, 1608, 1612, 1605, 1610, - 1611, 1604, 1612, 1609, 1613, 1614, 1611, 1616, 1613, 1614, - 1617, 1619, 1622, 1615, 1625, 1618, 1624, 1619, 1626, 1617, - 1620, 1620, 1624, 1626, 1629, 1616, 1627, 1627, 1628, 1635, - 1622, 1631, 1631, 1633, 1628, 1625, 1633, 1634, 1634, 1636, - 1637, 1640, 1642, 1639, 1629, 1635, 1639, 1641, 1643, 1644, - 1644, 1642, 1646, 1647, 1645, 1636, 1637, 1649, 1648, 1650, - 1651, 1651, 1640, 1648, 1653, 1650, 1652, 1641, 1643, 1645, + 1597, 1598, 1600, 1599, 1600, 1602, 1603, 1596, 1600, 1603, + 1598, 1605, 1604, 1606, 1607, 1597, 1599, 1604, 1608, 1608, + 1609, 1600, 1610, 1602, 1611, 1609, 1605, 1612, 1610, 1613, + 1607, 1614, 1617, 1606, 1615, 1613, 1614, 1616, 1615, 1611, + 1612, 1616, 1618, 1620, 1619, 1621, 1622, 1622, 1624, 1626, + 1627, 1621, 1617, 1619, 1628, 1626, 1629, 1629, 1630, 1628, + 1618, 1631, 1635, 1620, 1630, 1635, 1624, 1633, 1633, 1636, + 1636, 1627, 1637, 1638, 1639, 1641, 1642, 1644, 1641, 1643, + 1645, 1631, 1646, 1646, 1648, 1649, 1644, 1647, 1637, 1638, + 1639, 1650, 1651, 1653, 1653, 1652, 1650, 1642, 1654, 1643, - 1654, 1649, 1647, 1646, 1655, 1652, 1656, 1657, 1657, 1658, - 1659, 1660, 1653, 1662, 1662, 1654, 1660, 1661, 1663, 1664, - 1665, 1665, 1663, 1658, 1666, 1667, 1656, 1668, 1659, 1655, - 1669, 1670, 1661, 1683, 1669, 1671, 1673, 1673, 1668, 1664, - 1671, 1676, 1674, 1678, 1667, 1679, 1666, 1674, 1674, 1675, - 1670, 1677, 1675, 1680, 1676, 1681, 1677, 1682, 1683, 1678, - 1684, 1685, 1685, 1679, 1687, 1686, 1689, 1680, 1688, 1684, - 1686, 1682, 1691, 1688, 1681, 1681, 1690, 1692, 1692, 1690, - 1693, 1695, 1694, 1696, 1687, 1696, 1689, 1694, 1697, 1693, - 1698, 1691, 1699, 1697, 1700, 1703, 1698, 1701, 1704, 1704, + 1645, 1652, 1647, 1655, 1649, 1648, 1651, 1654, 1656, 1657, + 1658, 1659, 1659, 1660, 1661, 1662, 1663, 1664, 1664, 1666, + 1662, 1655, 1665, 1656, 1667, 1667, 1665, 1660, 1668, 1669, + 1658, 1663, 1661, 1670, 1657, 1672, 1671, 1673, 1677, 1666, + 1671, 1677, 1673, 1678, 1670, 1675, 1675, 1676, 1669, 1680, + 1668, 1681, 1676, 1676, 1672, 1679, 1678, 1682, 1683, 1684, + 1679, 1685, 1689, 1686, 1691, 1680, 1687, 1687, 1693, 1681, + 1688, 1682, 1686, 1684, 1690, 1688, 1695, 1683, 1683, 1690, + 1692, 1697, 1689, 1692, 1691, 1695, 1685, 1693, 1694, 1694, + 1696, 1698, 1699, 1698, 1700, 1696, 1701, 1699, 1702, 1705, - 1700, 1695, 1701, 1705, 1706, 1707, 1710, 1708, 1711, 1703, - 1707, 1710, 1699, 1708, 1712, 1712, 1713, 1713, 1715, 1714, - 1716, 1717, 1705, 1706, 1717, 1718, 1718, 1719, 1720, 1721, - 1729, 1723, 1711, 1714, 1724, 1716, 1715, 1723, 1722, 1724, - 1720, 1722, 1727, 1725, 1722, 1719, 1725, 1728, 1732, 1721, - 1730, 1727, 1728, 1730, 1733, 1729, 1722, 1731, 1731, 1734, - 1733, 1735, 1725, 1736, 1736, 1734, 1735, 1737, 1737, 1738, - 1740, 1739, 1732, 1741, 1742, 1738, 1739, 1743, 1744, 1745, - 1746, 1744, 1747, 1740, 1748, 1745, 1746, 1750, 1747, 1748, - 1749, 1741, 1755, 1742, 1751, 1754, 1749, 1743, 1753, 1751, + 1700, 1697, 1703, 1707, 1702, 1706, 1706, 1703, 1708, 1709, + 1712, 1710, 1713, 1705, 1709, 1712, 1701, 1710, 1714, 1714, + 1715, 1715, 1707, 1716, 1717, 1718, 1719, 1708, 1721, 1719, + 1720, 1720, 1722, 1723, 1727, 1725, 1713, 1716, 1728, 1727, + 1718, 1728, 1717, 1726, 1722, 1724, 1721, 1725, 1724, 1726, + 1730, 1724, 1732, 1723, 1735, 1731, 1736, 1728, 1733, 1730, + 1731, 1733, 1736, 1724, 1734, 1734, 1737, 1743, 1738, 1739, + 1739, 1744, 1737, 1738, 1740, 1740, 1741, 1732, 1735, 1742, + 1743, 1745, 1741, 1746, 1742, 1747, 1748, 1749, 1747, 1744, + 1750, 1752, 1748, 1749, 1751, 1753, 1750, 1752, 1757, 1751, - 1752, 1752, 1756, 1753, 1757, 1758, 1759, 1760, 1761, 1762, - 1750, 1763, 1755, 1754, 1764, 1766, 0, 1756, 1764, 1769, - 1759, 1760, 1761, 1757, 1765, 1758, 1765, 1762, 1767, 1770, - 1771, 1769, 1772, 1773, 1766, 1767, 1763, 1775, 1772, 1774, - 1776, 1770, 1777, 1771, 1782, 1777, 1778, 1778, 1784, 1779, - 1781, 1781, 1786, 1773, 1776, 1774, 1783, 1775, 1779, 1787, - 1784, 1783, 1788, 1777, 1782, 1785, 1785, 1786, 1790, 1789, - 1791, 1792, 1793, 1787, 1794, 1798, 1796, 1790, 1792, 1799, - 1800, 1793, 1804, 1800, 1793, 1791, 1788, 1789, 1801, 1801, - 1794, 1796, 1807, 1798, 1802, 1802, 1796, 1803, 1805, 1808, + 1745, 1754, 1756, 1746, 1755, 1755, 1754, 1756, 1758, 1759, + 1760, 1761, 1762, 1763, 1765, 1766, 1757, 1767, 1753, 1764, + 1768, 1767, 1768, 1769, 1759, 1774, 1762, 1763, 1758, 1760, + 1770, 1761, 1765, 1764, 1772, 1773, 1776, 1770, 1774, 1775, + 1766, 1777, 1769, 1778, 1779, 1775, 1772, 1773, 1780, 1781, + 1781, 1780, 1782, 1784, 1784, 1785, 1776, 1777, 1779, 1786, + 1787, 1782, 1789, 1778, 1786, 1788, 1788, 1790, 1791, 1780, + 1792, 1793, 1787, 1796, 1794, 1785, 1795, 1789, 1797, 1801, + 1793, 1790, 1796, 1795, 1799, 1796, 1802, 1803, 1792, 1794, + 1803, 1806, 1791, 1811, 1797, 1804, 1804, 1801, 1807, 1799, - 1804, 1805, 1806, 1806, 1799, 1807, 1809, 1810, 1812, 1803, - 1811, 1809, 1810, 1811, 1813, 1814, 1815, 1816, 1808, 1813, - 1817, 1818, 1819, 1822, 1822, 1821, 1816, 1820, 1823, 1812, - 1818, 1821, 1815, 1818, 1814, 1823, 1820, 1824, 1825, 1817, - 1826, 1827, 1829, 1828, 1830, 1834, 1819, 1829, 1829, 1830, - 1831, 1825, 1838, 1835, 0, 1827, 1839, 1824, 1826, 1828, - 1836, 1836, 1831, 1837, 1843, 1839, 1837, 1842, 1838, 1843, - 1834, 1835, 1840, 1840, 1841, 1841, 1842, 1840, 1845, 1842, - 1844, 1844, 1846, 1847, 1850, 1848, 1852, 1851, 1853, 1841, - 1848, 1848, 1854, 1853, 1855, 1856, 1845, 1860, 1850, 1864, + 1805, 1805, 1808, 1806, 1799, 1808, 1809, 1809, 1810, 1812, + 1813, 1802, 1811, 1815, 1812, 1813, 1807, 1814, 1816, 1817, + 1814, 1810, 1819, 1816, 1818, 1820, 1822, 1821, 1823, 1824, + 1828, 1819, 1825, 1825, 1815, 1824, 1821, 1823, 1817, 1821, + 1818, 1826, 1827, 1828, 1820, 1829, 1830, 1832, 1826, 1831, + 1822, 1833, 1832, 1832, 1834, 1837, 1833, 1838, 1839, 1839, + 1830, 1840, 1827, 1829, 1840, 1831, 1834, 1841, 1842, 1843, + 1843, 1844, 1844, 1845, 1843, 1838, 1846, 1842, 1847, 1847, + 1837, 1846, 1845, 1841, 1848, 1845, 1844, 1849, 1850, 1851, + 1853, 1855, 1854, 1856, 1851, 1851, 1857, 1858, 1856, 1859, - 1855, 1847, 1851, 1846, 1857, 1857, 1854, 1859, 1852, 1858, - 1861, 1860, 1859, 1856, 1862, 1858, 1861, 1865, 1866, 1864, - 1862, 1867, 1868, 1870, 1874, 1869, 1875, 1867, 1869, 1870, - 1872, 1876, 1866, 1877, 1869, 1868, 0, 1865, 1872, 1878, - 1879, 1877, 1880, 1874, 1878, 1875, 1882, 1881, 1883, 1879, - 1876, 1884, 1885, 1885, 1886, 1880, 1881, 1887, 1888, 1882, - 1886, 1888, 1883, 1887, 1889, 1884, 1890, 1890, 1891, 1892, - 1893, 1894, 1894, 1895, 1885, 1896, 1897, 1889, 1898, 1899, - 1902, 1896, 1901, 1901, 1905, 1904, 1895, 1892, 1891, 1893, - 1904, 1903, 1909, 0, 1898, 1903, 1906, 1899, 1897, 1908, + 1860, 1860, 1848, 1858, 1853, 1861, 1850, 1854, 1849, 1862, + 1857, 1861, 1863, 1855, 1862, 1864, 1865, 1859, 1867, 1868, + 1869, 1864, 1865, 1870, 1871, 1873, 1863, 1872, 1877, 1870, + 1872, 1873, 1875, 1878, 1869, 1879, 1872, 1871, 1867, 1868, + 1875, 1880, 1882, 1881, 1883, 1885, 1884, 1877, 1881, 1880, + 1886, 1882, 1878, 1887, 1879, 1884, 1889, 1883, 1885, 1888, + 1888, 1892, 1889, 1890, 1886, 1891, 1894, 1887, 1891, 1890, + 1893, 1893, 1895, 1896, 1892, 1897, 1897, 1899, 1898, 1900, + 1901, 1888, 1902, 1899, 1904, 1904, 1894, 1905, 1908, 1906, + 1895, 1898, 1896, 1906, 1907, 1911, 1901, 1909, 1910, 1907, - 1902, 1906, 1907, 1911, 1905, 1913, 1911, 1907, 1908, 1914, - 1915, 1916, 1917, 1915, 1919, 1909, 1913, 1911, 1914, 1918, - 1918, 1921, 1920, 1916, 1922, 1922, 1923, 1917, 1924, 1925, - 1927, 1923, 1926, 1919, 1920, 1928, 1925, 1927, 1929, 1930, - 1921, 1932, 1924, 1933, 1926, 1934, 1935, 1928, 1936, 1929, - 1937, 1934, 1938, 1938, 1939, 1940, 1937, 1939, 1935, 1930, - 1932, 1941, 1941, 1933, 1943, 1944, 1936, 1945, 1946, 1943, - 1947, 1944, 1948, 1948, 1949, 1940, 1947, 1946, 1950, 1952, - 1950, 1951, 1945, 1953, 1951, 1954, 1949, 1956, 1955, 1957, - 1959, 1958, 1956, 1960, 1957, 1962, 1961, 1971, 1963, 1952, + 1902, 1900, 1909, 1910, 1911, 1912, 1914, 1905, 1908, 1914, + 1916, 1918, 1919, 1917, 1918, 1920, 1921, 1921, 1922, 1923, + 1914, 1916, 1917, 1924, 1919, 1925, 1925, 1926, 1912, 1927, + 1920, 1923, 1926, 1928, 1929, 1931, 1933, 1922, 1930, 1932, + 1928, 1935, 1924, 1927, 1936, 1930, 1929, 1931, 1937, 1938, + 1932, 1939, 1940, 1943, 1937, 1992, 1933, 1948, 1940, 1992, + 1935, 1938, 1941, 1941, 1936, 1942, 1944, 1944, 1942, 1939, + 1946, 1947, 1948, 1943, 1949, 1946, 1950, 1947, 1951, 1951, + 1952, 1955, 1950, 1949, 1953, 1954, 1953, 1956, 1954, 1957, + 1958, 1959, 1952, 1960, 1961, 1963, 1959, 1964, 1960, 1962, - 1958, 1961, 1959, 1954, 1962, 1953, 1955, 1964, 1960, 1965, - 1966, 1969, 1964, 1971, 1965, 1967, 1967, 1962, 1963, 1964, - 1968, 1972, 1973, 1974, 1975, 1966, 1968, 1976, 1981, 1976, - 1984, 1977, 1969, 1978, 1978, 1979, 1979, 1980, 1980, 1974, - 1972, 1973, 1982, 1982, 1975, 1977, 1985, 1977, 1981, 1983, - 1983, 1984, 1986, 1987, 1987, 1988, 1989, 1990, 1992, 1988, - 1990, 1993, 1989, 1994, 1992, 1995, 1996, 1985, 1997, 1994, - 2000, 1996, 1998, 1986, 2003, 1998, 1999, 1999, 2001, 1993, - 2002, 2002, 2004, 2001, 2007, 2007, 2005, 2006, 1995, 2003, - 2000, 2005, 2006, 1997, 2008, 2009, 2010, 2011, 2012, 2008, + 1965, 1955, 1964, 1961, 1966, 1965, 1970, 1957, 1958, 1956, + 1963, 1962, 1967, 1966, 1969, 1968, 1971, 1971, 1972, 1969, + 1968, 1970, 1973, 1975, 1972, 1976, 1966, 1968, 1977, 1978, + 1979, 1980, 1967, 1980, 1985, 1981, 1982, 1982, 1988, 1975, + 1983, 1983, 1989, 1973, 1976, 1978, 1990, 1977, 18, 1981, + 1979, 1981, 1984, 1984, 1985, 1986, 1986, 1987, 1987, 1988, + 1991, 1991, 1993, 1989, 1996, 1997, 1994, 1990, 1993, 1994, + 1996, 1998, 1999, 2000, 2001, 2007, 2002, 1998, 2000, 2002, + 2003, 2003, 2004, 1997, 2005, 2006, 2006, 2008, 2009, 2005, + 2007, 2010, 2015, 2009, 2017, 1999, 2010, 2011, 2011, 2001, - 2013, 2009, 2015, 2004, 2016, 2014, 2017, 2018, 2010, 2010, - 2010, 2014, 2018, 2017, 2021, 2010, 2012, 2011, 2022, 2024, - 2013, 2020, 2015, 2023, 2016, 2023, 2020, 2020, 2021, 2025, - 2024, 2026, 2027, 2022, 2028, 2029, 2031, 2026, 2030, 2030, - 2033, 2027, 2032, 2032, 2025, 2034, 2035, 2035, 2036, 2036, - 2037, 2037, 2038, 2042, 2028, 2043, 2029, 2041, 2041, 2045, - 2033, 2046, 2031, 2047, 2043, 2048, 2050, 2034, 2045, 2047, - 2049, 2052, 2038, 2051, 2051, 2053, 2054, 2056, 2042, 2055, - 2050, 2059, 2046, 2054, 2048, 2060, 2049, 0, 2055, 2065, - 2053, 2062, 2052, 2057, 2057, 2058, 2058, 2062, 2066, 2063, + 2012, 2013, 2004, 2014, 2018, 2012, 2016, 2013, 2008, 2019, + 2018, 2020, 2015, 2021, 2017, 2014, 2014, 2014, 2022, 2025, + 2021, 2024, 2014, 2022, 2016, 2026, 2024, 2024, 2027, 2019, + 2027, 2020, 2028, 2025, 2029, 2030, 2031, 2032, 2033, 2035, + 2026, 2030, 2037, 2028, 2038, 2031, 2034, 2034, 2042, 2029, + 2036, 2036, 2039, 2039, 2040, 2040, 2046, 2032, 2047, 2033, + 2041, 2041, 2037, 2045, 2045, 2035, 2038, 2047, 2042, 2049, + 2050, 2051, 2053, 2052, 2056, 2054, 2058, 2051, 2049, 2055, + 2055, 2046, 2057, 2058, 2059, 2060, 2061, 2061, 2053, 2054, + 2063, 2050, 2052, 2059, 2064, 2056, 2066, 2057, 2062, 2062, - 2064, 2060, 2067, 2056, 2063, 2066, 2064, 2059, 2067, 2065, - 2068, 2070, 2068, 2071, 2072, 2072, 2073, 2074, 2075, 2071, - 2076, 2073, 2077, 2079, 2078, 2080, 2074, 2078, 2080, 2081, - 2070, 2082, 2084, 2075, 2085, 2079, 2083, 2083, 2084, 2086, - 2076, 2077, 2087, 2088, 2089, 2086, 2085, 2081, 2089, 2091, - 2092, 2093, 2094, 2094, 2095, 2096, 2093, 2082, 2088, 2100, - 2097, 2099, 2087, 2100, 2089, 2101, 2101, 2102, 2103, 2091, - 2104, 2104, 2092, 2102, 2096, 2097, 2105, 2103, 2095, 2106, - 2099, 2107, 2109, 2106, 2110, 2105, 2108, 2108, 2111, 2112, - 2113, 2114, 2107, 2115, 2112, 2116, 2117, 2107, 2110, 2119, + 2067, 2068, 2066, 2069, 17, 2067, 2070, 2068, 2071, 2074, + 2064, 2060, 2075, 2070, 2071, 2072, 2063, 2072, 2075, 2076, + 2076, 2077, 2078, 2069, 2079, 2080, 2077, 2081, 2074, 2082, + 2083, 2078, 2082, 2084, 2085, 2086, 2084, 2087, 2087, 2079, + 2091, 2088, 2083, 2089, 2090, 2080, 2081, 2088, 2092, 2093, + 2090, 2095, 2085, 2093, 2096, 2089, 2099, 2097, 2098, 2098, + 2091, 2086, 2097, 2092, 2100, 2103, 2101, 2166, 2104, 2093, + 2166, 2095, 2104, 2105, 2105, 2113, 2096, 2107, 2114, 2106, + 2099, 2101, 2109, 2100, 2103, 2106, 2107, 2108, 2108, 2110, + 2111, 2109, 2114, 2110, 2112, 2112, 2113, 2115, 2116, 2117, - 2118, 2116, 2123, 2109, 2119, 2120, 2123, 2111, 2121, 2121, - 2113, 2114, 2125, 2115, 2117, 2118, 2122, 2122, 2120, 2126, - 2127, 2125, 2128, 2129, 2129, 2131, 2131, 2128, 2132, 2136, - 2126, 2133, 2135, 2132, 2132, 2126, 2137, 2133, 2135, 2138, - 2127, 2137, 2139, 2142, 2141, 2143, 2145, 2142, 2139, 2144, - 2144, 2138, 2146, 2147, 2148, 2136, 2141, 2143, 2146, 2149, - 2148, 2150, 2151, 2151, 2152, 2153, 2150, 2154, 2155, 2157, - 2158, 2145, 2154, 2159, 2149, 2147, 2161, 2161, 2159, 2162, - 2155, 2157, 2162, 2152, 2168, 2153, 2163, 2163, 2169, 2158, - 2164, 2164, 2165, 2165, 2166, 2166, 2167, 2170, 2171, 2168, + 2118, 2111, 2119, 2116, 2120, 2121, 2111, 2123, 2124, 2122, + 2120, 2127, 2123, 2125, 2125, 2127, 2115, 2126, 2126, 2117, + 2118, 2124, 2119, 2121, 2122, 2129, 2130, 2131, 2132, 2133, + 2133, 2135, 2135, 2132, 2129, 2136, 2140, 2130, 2137, 2139, + 2136, 2136, 2130, 2141, 2137, 2139, 2142, 2131, 2141, 2143, + 2146, 2145, 2147, 2149, 2146, 2143, 2148, 2148, 2142, 2150, + 2151, 2152, 2140, 2145, 2147, 2150, 2153, 2152, 2154, 2155, + 2155, 2156, 2157, 2154, 2158, 2159, 2161, 2162, 2149, 2158, + 2163, 2153, 2151, 2165, 2165, 2163, 0, 2159, 2161, 2171, + 2156, 2172, 2157, 2167, 2167, 2171, 2162, 2168, 2168, 2169, - 2172, 2173, 2167, 2170, 2171, 2172, 2174, 2173, 2169, 2176, - 2177, 2177, 2181, 2179, 2176, 2174, 2179, 2180, 2182, 2183, - 2183, 2180, 2185, 2186, 2187, 2188, 2188, 2189, 2192, 2187, - 2182, 2192, 2190, 2181, 2185, 2186, 2189, 2190, 2191, 2193, - 2193, 2194, 2195, 2191, 2196, 2197, 2198, 2199, 2200, 2201, - 2198, 2195, 2199, 2203, 2200, 2204, 2202, 2207, 2206, 2206, - 2210, 2194, 2196, 2208, 2197, 2202, 2213, 2201, 2209, 2204, - 2206, 2203, 2208, 2211, 2211, 2207, 2212, 2209, 2213, 2214, - 2210, 2215, 2216, 2219, 2219, 2212, 2215, 2221, 2222, 2223, - 2221, 2224, 2227, 2226, 2229, 2216, 2228, 2230, 2230, 2231, + 2169, 2170, 2170, 2173, 2174, 2175, 2172, 2176, 2177, 2178, + 2174, 2175, 2176, 2184, 2177, 2180, 2181, 2184, 2178, 2185, + 2180, 2181, 2181, 2173, 2183, 2186, 2189, 2183, 2187, 2187, + 2190, 2191, 2192, 2192, 2193, 2198, 2191, 2186, 2189, 2194, + 2185, 2195, 2190, 2193, 2194, 2196, 2195, 2199, 2196, 2197, + 2197, 2200, 2201, 2202, 2203, 2198, 2199, 2204, 2203, 2202, + 2205, 2206, 2204, 2207, 2208, 2212, 2205, 2209, 2213, 2200, + 2215, 2201, 2207, 2211, 2211, 2214, 2218, 2213, 2219, 2206, + 2217, 2209, 2208, 2212, 2214, 2211, 2216, 2216, 2218, 2217, + 2215, 2220, 2221, 2224, 2224, 2226, 2220, 2227, 2226, 2219, - 2214, 2231, 2228, 2232, 2222, 2223, 2227, 2224, 2226, 2233, - 2235, 2229, 2234, 2234, 2237, 2237, 2240, 2232, 2235, 2238, - 2238, 2243, 2241, 2242, 2244, 2245, 2246, 2233, 2241, 2242, - 2249, 2244, 2247, 2247, 2252, 2243, 2248, 2248, 2250, 2240, - 2251, 2253, 2254, 2256, 2258, 2248, 2246, 2245, 2255, 2252, - 2250, 2249, 2251, 2253, 2257, 2261, 2262, 2255, 2256, 2257, - 2257, 2263, 2265, 2259, 2266, 2259, 2259, 2258, 2254, 2259, - 2264, 2264, 2269, 2263, 2267, 2261, 2268, 2267, 2271, 2262, - 2265, 2268, 2259, 2271, 2266, 2272, 2273, 2272, 2274, 2275, - 2278, 2280, 2269, 2274, 2281, 2282, 2275, 2284, 2283, 2278, + 2228, 2229, 2233, 2231, 2234, 2221, 2232, 0, 2233, 2235, + 2235, 2237, 2236, 2227, 2236, 2238, 2228, 2229, 2231, 2240, + 2232, 2234, 2239, 2239, 2245, 2237, 2246, 2240, 2242, 2242, + 2243, 2243, 2246, 2238, 2247, 2248, 2249, 2250, 2251, 2254, + 2247, 2252, 2252, 2249, 2253, 2253, 2257, 2245, 2259, 2248, + 2255, 2256, 2258, 2253, 2261, 2263, 2260, 2266, 2251, 2250, + 2254, 2257, 2255, 2256, 2258, 2260, 2262, 2267, 2268, 2261, + 2270, 2262, 2262, 2264, 2259, 2264, 2264, 2266, 2263, 2264, + 2268, 2269, 2269, 2271, 2272, 2274, 2273, 2272, 2270, 2276, + 2267, 2273, 2264, 2277, 2276, 2277, 2278, 2279, 2283, 2280, - 2283, 2285, 2286, 2281, 2273, 2287, 2290, 2282, 2286, 2280, - 2289, 2292, 2289, 2291, 2291, 2298, 2284, 2293, 2296, 2300, - 2290, 2285, 2293, 2296, 2294, 2287, 2294, 2297, 2299, 2301, - 2303, 2302, 2297, 2298, 2308, 2301, 2302, 2292, 2304, 2300, - 2309, 2306, 2305, 2303, 2310, 2314, 2299, 2305, 2305, 2306, - 2304, 2311, 2311, 2308, 2309, 2313, 2310, 2312, 2312, 2315, - 2314, 2316, 2318, 2317, 2318, 2319, 2313, 2316, 2317, 2320, - 2321, 2322, 2322, 2323, 2328, 2320, 2324, 2324, 2321, 2315, - 2325, 2325, 2326, 2319, 2327, 2323, 2321, 2331, 2333, 2327, - 2330, 2326, 2328, 2332, 2330, 2332, 2331, 2334, 2335, 2331, + 2285, 2286, 2279, 2271, 2287, 2274, 2280, 2283, 2289, 2288, + 2286, 2288, 2290, 2291, 2278, 2292, 2287, 2295, 2285, 2291, + 2294, 2297, 2294, 2296, 2296, 2298, 2299, 2289, 2299, 2301, + 2298, 2295, 2290, 2302, 2301, 2292, 2303, 2304, 2302, 2305, + 2306, 2309, 2313, 2307, 2308, 2310, 2306, 2297, 2307, 2314, + 2310, 2310, 2311, 2309, 2303, 2304, 2315, 2308, 2318, 2305, + 2311, 2313, 2319, 2314, 2316, 2316, 2317, 2317, 2315, 2318, + 2320, 2322, 2321, 2323, 2324, 2323, 2322, 2319, 2321, 2325, + 2326, 2327, 2327, 2328, 2338, 2325, 2329, 2329, 2326, 2331, + 2320, 2333, 2324, 2330, 2330, 2328, 2326, 2332, 2331, 2335, - 2337, 2339, 2334, 2334, 2336, 2340, 2341, 2348, 2344, 2333, - 2335, 2341, 2337, 2336, 2339, 2342, 2345, 2340, 2346, 2349, - 2342, 2344, 2347, 2347, 2345, 2348, 2350, 2346, 2352, 2351, - 2355, 2357, 2353, 2354, 2359, 2355, 2345, 2349, 2358, 2363, - 2362, 2369, 2360, 2357, 2350, 2351, 2353, 2360, 2354, 2362, - 2358, 2361, 2366, 2352, 2359, 2368, 2361, 2363, 2366, 2370, - 2371, 2368, 2372, 2373, 2369, 2374, 2374, 2375, 2376, 2376, - 2377, 2366, 2373, 2378, 2370, 2379, 2375, 2380, 2371, 2379, - 2381, 2382, 2380, 2383, 2386, 2385, 2387, 2372, 2377, 2388, - 2386, 2389, 2378, 2381, 2388, 2388, 2382, 2389, 2391, 2390, + 2340, 2336, 2332, 2335, 2337, 2338, 2337, 2342, 2344, 2333, + 2336, 2339, 2340, 2336, 2341, 2345, 2339, 2339, 2349, 2342, + 2346, 2344, 2350, 2341, 2347, 2346, 2351, 2345, 2353, 2347, + 2350, 2349, 2352, 2352, 2354, 2351, 2355, 2356, 2357, 2360, + 2364, 2358, 2350, 2359, 2360, 2362, 2353, 2363, 0, 2368, + 2374, 2365, 2354, 2356, 2355, 2358, 2365, 2362, 2359, 2363, + 2364, 2366, 2367, 2357, 2371, 2375, 2366, 2368, 2373, 2376, + 2371, 2367, 2377, 2374, 2373, 2378, 2379, 2379, 2382, 2380, + 2375, 2381, 2381, 2371, 2378, 2383, 2384, 2376, 2380, 2385, + 2384, 2387, 2386, 2388, 2385, 2390, 2382, 2377, 2392, 2396, - 2394, 2391, 2393, 2383, 2385, 2390, 2396, 2398, 2387, 2399, - 2393, 2400, 2400, 2401, 2401, 2402, 2403, 2403, 2404, 2404, - 2394, 2405, 2406, 2408, 2402, 2410, 2396, 2399, 2401, 2408, - 2398, 2409, 2411, 2405, 2412, 2412, 2418, 2411, 2414, 2401, - 2406, 2413, 2413, 2414, 2415, 2410, 2409, 2417, 2419, 2420, - 2415, 2417, 2419, 2422, 2423, 2425, 2418, 2424, 2426, 2423, - 2428, 2427, 2429, 2426, 2431, 2437, 2430, 2432, 2432, 2420, - 2425, 2430, 2434, 2433, 2436, 2438, 2428, 2433, 2422, 2427, - 2424, 2440, 2429, 2435, 2439, 2441, 2431, 2434, 2435, 2442, - 2441, 2437, 2436, 2438, 2443, 2446, 2439, 2444, 2444, 2447, + 0, 2391, 2396, 2393, 2383, 2386, 2387, 2391, 2393, 2393, + 2394, 2395, 2399, 2388, 2390, 2398, 2394, 2395, 2401, 2403, + 2392, 2404, 2407, 2398, 2405, 2405, 2406, 2406, 2408, 2408, + 2411, 2407, 2399, 2409, 2409, 2410, 2415, 2412, 2401, 2404, + 2414, 2406, 2403, 2412, 2416, 2417, 2414, 2410, 2411, 2424, + 2417, 2415, 2406, 2418, 2418, 2419, 2419, 2420, 2426, 2421, + 2428, 2430, 2420, 2423, 2416, 2421, 2425, 2423, 2429, 2424, + 2425, 2431, 2432, 2429, 2433, 2434, 2435, 2436, 2426, 2433, + 2438, 2441, 2437, 2443, 2430, 2428, 2431, 2437, 2439, 2439, + 2432, 2440, 2435, 2434, 2442, 2440, 2441, 2436, 2444, 2442, - 2440, 2448, 2442, 2446, 2449, 2450, 2451, 2452, 2453, 2454, - 2455, 2456, 2443, 2457, 2461, 2465, 2506, 2456, 2447, 2457, - 2448, 2454, 2459, 2449, 2462, 2506, 2452, 2461, 2450, 2453, - 2451, 2455, 2464, 2463, 2464, 2465, 2469, 2459, 2462, 2463, - 2466, 2466, 2467, 2468, 2470, 2471, 2468, 2467, 2472, 2469, - 2473, 2473, 2474, 2474, 2475, 2477, 2475, 2476, 2476, 2471, - 2478, 2472, 2484, 2479, 0, 2480, 2480, 2492, 2470, 2480, - 2477, 2482, 2482, 2483, 2483, 2478, 2479, 2484, 2485, 2485, - 2486, 2487, 2487, 2488, 2488, 2489, 2491, 2492, 2493, 2486, - 2489, 2491, 2486, 2494, 2495, 2495, 2496, 2496, 2497, 2498, + 2445, 2443, 2438, 2446, 2447, 2448, 2449, 2450, 2451, 2451, + 2448, 2454, 2453, 2455, 2456, 2446, 2457, 2458, 2445, 2449, + 2453, 2459, 2460, 2447, 2444, 2450, 2461, 2462, 2463, 2464, + 2454, 2466, 2455, 2456, 2463, 2464, 2468, 2469, 2461, 2457, + 2459, 2458, 2472, 2460, 2470, 2471, 2466, 2471, 2462, 2468, + 2470, 2469, 2473, 2473, 2474, 2475, 2476, 2477, 2475, 2474, + 2478, 2571, 2472, 2479, 2480, 2480, 2481, 2481, 2482, 2476, + 2482, 2483, 2483, 2484, 2478, 2485, 2479, 2491, 2486, 2487, + 2487, 2477, 2571, 2487, 2489, 2489, 2490, 2490, 2484, 2493, + 2485, 2486, 2491, 2492, 2492, 2494, 2494, 2496, 2493, 2495, - 2498, 2499, 2500, 2500, 2502, 2494, 2501, 2508, 2493, 2502, - 2503, 2503, 2504, 2504, 2505, 2507, 2507, 2497, 2510, 2499, - 2511, 2501, 2509, 2509, 2508, 2513, 2514, 2514, 2505, 2515, - 2513, 2517, 2510, 2516, 2516, 2518, 2519, 2523, 2520, 2511, - 2518, 2520, 2519, 2521, 2521, 2522, 2522, 2524, 2515, 2517, - 2525, 2527, 2525, 2528, 2529, 2529, 2523, 2530, 2532, 2521, - 2533, 2534, 2524, 2530, 2535, 2536, 2527, 2537, 2537, 2536, - 2538, 2539, 2528, 2540, 2545, 2533, 2539, 2540, 2532, 2535, - 2541, 2542, 2542, 2546, 2534, 2544, 2544, 2547, 2548, 2538, - 2546, 2549, 2550, 2551, 2545, 2541, 2542, 2552, 2552, 2553, + 2495, 2493, 2496, 2498, 2499, 2500, 2501, 2504, 2498, 2502, + 2502, 2503, 2503, 2505, 2505, 2506, 2507, 2507, 2501, 2508, + 2510, 2510, 2509, 2512, 2499, 2500, 2504, 2509, 2511, 2511, + 2513, 2514, 2514, 2506, 2508, 2515, 2517, 2512, 2518, 2513, + 2516, 2516, 2520, 2521, 2521, 2522, 0, 2520, 2523, 2523, + 2517, 2524, 2515, 2525, 2526, 2530, 2527, 2518, 2525, 2527, + 2526, 2528, 2528, 2531, 2522, 2529, 2529, 2534, 2532, 2524, + 2532, 2535, 2536, 2536, 2530, 2537, 2539, 2528, 2531, 2540, + 2541, 2537, 2534, 2542, 2543, 2544, 2544, 2545, 2543, 2547, + 2535, 2552, 2546, 2547, 2540, 2548, 2539, 2546, 2542, 2549, - 2554, 2547, 2554, 2558, 2562, 2557, 2548, 2550, 2553, 2549, - 2555, 2557, 2559, 2555, 2563, 2558, 2560, 2559, 2561, 2551, - 2564, 2560, 2565, 2561, 2567, 2575, 0, 2563, 2555, 2562, - 2555, 2565, 2566, 2569, 2570, 2571, 2572, 2566, 2569, 2570, - 2571, 2564, 2573, 2574, 2576, 2580, 2575, 2577, 2573, 2574, - 2567, 2572, 2578, 2577, 2581, 2579, 2583, 2578, 2582, 2576, - 2579, 2582, 2584, 2585, 2586, 2587, 2588, 2581, 2593, 2589, - 2580, 2584, 2585, 2586, 2587, 2589, 2583, 2590, 2591, 2595, - 2588, 2596, 2591, 2590, 2597, 2597, 2598, 2600, 2593, 2601, - 2596, 2601, 2598, 2599, 2599, 2602, 2603, 2603, 2600, 2595, + 2549, 2551, 2551, 2541, 2554, 2553, 2545, 2555, 2556, 2557, + 2548, 2552, 2553, 2558, 2549, 2559, 2559, 2564, 2554, 2560, + 2561, 2565, 2561, 2564, 2557, 2555, 2556, 2562, 2560, 2566, + 2562, 2567, 2568, 2565, 2566, 2569, 2567, 2568, 2570, 2558, + 2572, 2573, 2574, 2576, 2579, 2562, 2573, 2562, 2576, 2572, + 2577, 2570, 2578, 2582, 2583, 2577, 2580, 2578, 2581, 2579, + 2569, 2584, 2580, 2587, 2581, 2585, 2586, 2584, 2574, 2583, + 2585, 2586, 2588, 2589, 2582, 2590, 2589, 2591, 2592, 2595, + 2593, 2594, 2600, 2602, 0, 2588, 2591, 2592, 2587, 2593, + 2594, 2596, 2597, 2595, 0, 2590, 2598, 2596, 2597, 2603, - 2604, 2605, 2599, 2607, 2602, 2604, 2608, 2609, 2609, 2610, - 2613, 2611, 2614, 2617, 2616, 2618, 2612, 2614, 2613, 2607, - 2611, 2605, 2608, 2605, 2610, 2612, 2616, 2619, 2621, 2617, - 2618, 2621, 2622, 2623, 2624, 2625, 2625, 2622, 0, 2619, - 2626, 2626, 2627, 2627, 2628, 2628, 2624, 2630, 2630, 2631, - 2632, 2633, 2631, 2623, 2634, 2632, 2635, 2633, 2636, 2636, - 2634, 2637, 2638, 2638, 2639, 2635, 2640, 2641, 2642, 2642, - 2644, 2643, 2652, 2645, 0, 2637, 2639, 2643, 2645, 2647, - 2640, 2652, 2648, 2647, 2644, 2648, 2641, 2649, 2649, 2650, - 2651, 2653, 2654, 2655, 2650, 2651, 2657, 2655, 2656, 2656, + 2598, 2605, 2600, 2602, 2604, 2604, 2607, 2605, 2603, 2606, + 2606, 2608, 2609, 2608, 2610, 2610, 2612, 2607, 2606, 2611, + 2617, 2609, 2618, 2614, 2611, 2615, 2616, 2616, 2619, 2621, + 2623, 2618, 2620, 2624, 2621, 2617, 2612, 2619, 2612, 2614, + 2620, 2615, 2623, 2625, 2626, 2628, 2629, 2630, 2628, 2624, + 2631, 2629, 2632, 2633, 2633, 2693, 2626, 2693, 2625, 2631, + 2634, 2634, 2635, 2635, 2632, 2636, 2636, 2630, 2638, 2638, + 2639, 2640, 2641, 2639, 2642, 2643, 2640, 2645, 2641, 2649, + 2642, 2644, 2644, 2647, 2643, 2646, 2646, 2648, 2648, 2650, + 2653, 2645, 2652, 2649, 2654, 2647, 2651, 2651, 2652, 2654, - 2653, 2659, 2660, 2661, 2662, 2663, 2659, 2664, 2665, 2657, - 2666, 2664, 2654, 2671, 2667, 2666, 2669, 2669, 2672, 2663, - 2667, 2668, 2660, 2661, 2662, 2670, 2670, 2668, 2665, 2673, - 2674, 2671, 2675, 2676, 2676, 2674, 2679, 2672, 2678, 2680, - 2681, 2682, 2695, 2683, 2680, 2688, 2681, 2682, 2673, 2686, - 2678, 2683, 2679, 2675, 2684, 2689, 2684, 2695, 2686, 2688, - 2690, 2690, 2691, 2692, 2692, 2691, 2697, 2694, 2696, 2689, - 2694, 2696, 2698, 2698, 2701, 2702, 2703, 2705, 2701, 2704, - 2704, 2702, 2708, 2708, 2710, 2712, 2705, 2713, 2703, 2716, - 2717, 2718, 2697, 2719, 2716, 2721, 2722, 2723, 2723, 2712, + 2657, 2656, 2661, 2657, 2653, 2656, 2658, 2658, 2650, 2659, + 2660, 2661, 2662, 2663, 2659, 2660, 2664, 2665, 2665, 2666, + 2664, 2662, 2668, 2669, 2670, 2671, 2672, 2668, 2674, 2676, + 2673, 2675, 2666, 2663, 2673, 2676, 2675, 2678, 2678, 2680, + 2672, 2677, 2681, 2669, 2670, 2671, 2682, 2677, 2674, 2679, + 2679, 2683, 2684, 2685, 2685, 2687, 2683, 2680, 2688, 2689, + 2690, 2681, 2691, 2692, 2689, 2682, 2690, 2687, 2691, 2695, + 2697, 2692, 2698, 2684, 2688, 2699, 2699, 2700, 2695, 2704, + 2700, 2701, 2701, 2706, 2697, 2703, 2698, 2705, 2703, 2710, + 2705, 2707, 2707, 2710, 2704, 2711, 2712, 2713, 2713, 2717, - 2721, 2722, 2710, 2713, 2725, 2725, 2727, 2728, 2730, 2718, - 2729, 2729, 2727, 2731, 2719, 2732, 2717, 2734, 2735, 2736, - 2732, 2735, 2737, 2740, 2730, 2738, 2738, 2728, 2741, 2744, - 2745, 2736, 2742, 0, 2737, 2731, 2734, 2741, 2742, 2740, - 2743, 2747, 2747, 2750, 2751, 2745, 2743, 2744, 2748, 2752, - 2749, 2748, 2749, 2754, 2754, 2755, 2755, 2757, 2759, 2758, - 2756, 2760, 2750, 2751, 2751, 2756, 2760, 2752, 2758, 2762, - 2761, 2759, 2761, 2763, 2764, 2757, 2765, 2766, 2767, 2768, - 2770, 2765, 2774, 2762, 2768, 0, 2764, 2763, 2769, 2769, - 2771, 2771, 2772, 2772, 2774, 2770, 2776, 2766, 2767, 2773, + 2717, 2711, 2714, 2719, 2721, 2725, 2722, 2726, 2712, 2706, + 2725, 2714, 2727, 2728, 2730, 2731, 2732, 2732, 2721, 2730, + 2731, 2719, 2722, 2734, 2734, 2736, 2737, 2738, 2738, 2739, + 2727, 2736, 2740, 2726, 2728, 2741, 2743, 2745, 2744, 2746, + 2741, 2744, 2747, 2747, 2749, 2739, 2737, 2750, 2753, 2745, + 2754, 2746, 2751, 2752, 2740, 2743, 2750, 2759, 2751, 2752, + 2749, 2756, 2756, 2760, 2757, 2754, 2753, 2757, 2758, 2761, + 2758, 2763, 2763, 2764, 2764, 2765, 2759, 2766, 2768, 2767, + 2765, 2769, 2760, 2760, 2771, 2772, 2769, 2761, 2767, 2773, + 2770, 2768, 2770, 2775, 2776, 2766, 2779, 2774, 2771, 2772, - 2773, 2775, 2777, 2775, 2778, 2778, 2781, 2777, 2779, 2779, - 2780, 2780, 2782, 2783, 2776, 2784, 2785, 2786, 2781, 2787, - 2787, 2788, 2789, 2789, 2793, 2783, 2790, 2790, 2791, 2792, - 2792, 2794, 2782, 2786, 2795, 2784, 2793, 2785, 2794, 2791, - 2788, 2796, 2797, 2798, 2799, 2801, 2795, 2797, 2800, 2800, - 2802, 2802, 2803, 2804, 2801, 2805, 2806, 2807, 2808, 2810, - 2809, 2796, 2819, 2798, 2799, 2812, 2814, 2808, 2805, 2813, - 2813, 2807, 2809, 2804, 2811, 2814, 2811, 2812, 2803, 2815, - 2806, 2810, 2816, 2818, 2819, 2820, 2821, 2822, 2822, 2823, - 2824, 2821, 2825, 2824, 2815, 2826, 0, 2816, 2827, 2837, + 2777, 2773, 2774, 2778, 2778, 2777, 2780, 2780, 2781, 2781, + 2783, 2779, 2785, 2775, 2776, 2782, 2782, 2784, 2786, 2784, + 2787, 2787, 2783, 2786, 2788, 2788, 2789, 2789, 2790, 2791, + 2785, 2792, 2793, 2794, 2795, 2796, 2796, 2797, 2798, 2798, + 2790, 2799, 2799, 2792, 2800, 2801, 2801, 2802, 2804, 2791, + 2795, 2803, 2793, 2805, 2794, 2800, 2797, 2806, 2803, 2802, + 2804, 2807, 2806, 2808, 2809, 2809, 2810, 2811, 2811, 2812, + 2813, 2814, 2815, 2805, 2816, 2810, 2817, 2818, 2819, 2821, + 2820, 2807, 2820, 2808, 2814, 2817, 2822, 2822, 2816, 2818, + 2813, 2821, 2823, 2824, 2825, 2812, 2815, 2827, 2828, 2829, - 2826, 2818, 2839, 2827, 2828, 2828, 2825, 2820, 2829, 2829, - 2830, 2830, 2823, 2834, 2834, 2836, 2836, 2837, 2838, 2840, - 2842, 2839, 2844, 2843, 2846, 2845, 2847, 2849, 2848, 2838, - 2848, 2850, 2851, 2846, 2840, 2852, 2852, 2857, 2854, 2856, - 2842, 2843, 2854, 0, 2844, 2845, 2847, 2849, 2858, 2850, - 2851, 2855, 2855, 2856, 2859, 2859, 2861, 2858, 2863, 2857, - 2862, 2862, 2864, 2865, 2866, 2861, 2868, 2867, 2869, 2870, - 2871, 2866, 2873, 2872, 2874, 2874, 2863, 2872, 2876, 2873, - 2864, 2865, 2867, 2877, 2868, 2870, 2869, 2875, 2875, 2871, - 2878, 2880, 2880, 2881, 2881, 2883, 2878, 2882, 2876, 2884, + 2819, 2823, 2830, 2831, 2831, 2832, 2839, 2830, 2824, 2825, + 2833, 2834, 2835, 2833, 2836, 2827, 0, 2835, 2839, 2836, + 2828, 2829, 2837, 2837, 2847, 2834, 2838, 2838, 2832, 2840, + 2840, 2844, 2844, 2846, 2846, 2848, 2849, 2850, 2852, 2853, + 2854, 2855, 2847, 2856, 2857, 2858, 2848, 2859, 2860, 2859, + 2867, 2861, 2850, 2857, 2862, 2849, 2868, 2853, 2852, 2863, + 2863, 2855, 2854, 2856, 2867, 2858, 2865, 2869, 2860, 2861, + 2865, 2874, 2862, 2866, 2866, 2872, 2869, 2875, 2868, 2870, + 2870, 2873, 2873, 2876, 2872, 2877, 2879, 2878, 2880, 2874, + 2882, 2881, 2877, 2883, 2887, 2875, 2884, 2883, 2885, 2885, - 2885, 2877, 2886, 2882, 2887, 2888, 2889, 2889, 2890, 2891, - 2888, 2892, 2893, 2883, 2894, 2885, 2895, 2884, 2887, 2896, - 2897, 2886, 2897, 2893, 2896, 2894, 2898, 2898, 2890, 2891, - 2899, 2892, 2899, 2900, 2900, 2902, 2895, 2904, 2905, 2906, - 2907, 2909, 2908, 2910, 2911, 2915, 2904, 2908, 2910, 2912, - 2917, 2906, 2916, 2917, 2902, 2918, 2918, 2905, 2919, 2920, - 2907, 2909, 2921, 2921, 2911, 2915, 2923, 2922, 2912, 2926, - 2916, 2924, 2927, 2919, 2928, 2924, 2931, 2920, 2922, 2929, - 2928, 2923, 2933, 2929, 2926, 2930, 2930, 2927, 2935, 2931, - 2934, 2934, 2936, 2937, 2938, 2939, 2939, 2933, 2941, 2943, + 2888, 2876, 2878, 2884, 2879, 2897, 2880, 2881, 2894, 2882, + 2886, 2886, 2895, 2889, 2887, 2891, 2891, 2893, 2888, 2889, + 2892, 2892, 2896, 2893, 2897, 2898, 2894, 2899, 2900, 2900, + 2895, 2901, 2899, 2902, 2903, 2904, 2905, 2896, 2906, 2898, + 2907, 2908, 2910, 2908, 2910, 2907, 2904, 2905, 2909, 2909, + 2913, 2901, 2915, 2902, 2903, 2911, 2911, 2916, 2906, 2917, + 2918, 2915, 2919, 2920, 2922, 2921, 2923, 2919, 2926, 2913, + 2921, 2917, 2927, 2931, 2928, 0, 2916, 2928, 2929, 2929, + 2918, 2930, 2933, 2920, 2922, 2923, 2932, 2932, 2926, 2934, + 2927, 2931, 2937, 2933, 2935, 2938, 2930, 2939, 2935, 2941, - 2942, 2937, 2946, 2943, 2944, 2944, 2945, 2945, 2935, 2942, - 2941, 2936, 2947, 2947, 2938, 2948, 2949, 2950, 2951, 2952, - 2948, 2946, 2953, 2953, 2955, 2949, 2959, 2959, 2960, 2961, - 2951, 2962, 2962, 2950, 2963, 2964, 2965, 2960, 2970, 2952, - 3002, 2966, 2971, 2967, 2968, 2955, 3002, 2963, 2964, 2965, - 2966, 2961, 2967, 2968, 2969, 2969, 2976, 2971, 2970, 2973, - 2973, 2976, 2978, 2979, 2980, 2981, 2982, 2978, 2984, 2980, - 2983, 2986, 2990, 2981, 2996, 2988, 2984, 2979, 2989, 2983, - 2988, 2991, 2991, 2989, 2994, 2982, 2986, 2990, 2992, 2992, - 2993, 2995, 3000, 2996, 2998, 2993, 2995, 2997, 2997, 2994, + 2941, 2940, 2942, 2939, 2934, 2940, 2944, 2937, 2945, 2945, + 2938, 2946, 2948, 2947, 2949, 2942, 2950, 2950, 2952, 2953, + 2948, 2944, 2954, 2955, 2955, 2957, 2954, 2961, 2953, 2962, + 2952, 2946, 2947, 2960, 2949, 2956, 2956, 2958, 2958, 2963, + 2959, 2962, 2960, 2961, 2957, 2959, 2964, 2964, 2966, 2970, + 2970, 2971, 2972, 2973, 2973, 2974, 2977, 2975, 2976, 2963, + 2971, 2980, 2980, 2978, 2979, 2977, 2981, 2982, 2974, 2966, + 2975, 2976, 2978, 2979, 2972, 2984, 2984, 2990, 2987, 2989, + 2991, 2992, 2982, 2987, 2989, 2991, 2981, 2993, 2994, 2992, + 2995, 2990, 2997, 3001, 2999, 3000, 3005, 2994, 2995, 2999, - 2999, 2998, 3001, 3003, 3004, 2999, 0, 3005, 3003, 3004, - 3000, 3007, 3007, 3008, 3009, 3010, 3010, 3011, 3011, 3009, - 3001, 3005, 3014, 3015, 3015, 3017, 3016, 3018, 3008, 3016, - 3017, 3017, 3018, 3019, 3020, 3014, 3021, 3022, 3019, 3023, - 3024, 3022, 3021, 3025, 3023, 3026, 3027, 3030, 3020, 3024, - 3028, 3029, 3030, 3026, 3031, 3034, 3028, 3029, 3025, 3032, - 3032, 3036, 3034, 3035, 3036, 3038, 3031, 3027, 3035, 3040, - 3041, 3042, 3043, 3044, 3040, 3041, 3042, 3038, 3045, 3046, - 3047, 3047, 3048, 3053, 3058, 3049, 3044, 3045, 3046, 3049, - 3043, 3048, 3050, 3054, 3055, 3059, 3060, 3050, 3061, 3054, + 3000, 3002, 3002, 3003, 3003, 3004, 2993, 2997, 3001, 3006, + 3004, 3005, 3007, 3009, 3006, 3008, 3008, 3010, 3011, 3012, + 3009, 3013, 3010, 3014, 3015, 3016, 3019, 3013, 3014, 3015, + 3020, 3007, 3018, 3018, 3026, 3020, 3011, 3012, 3600, 3016, + 3600, 3019, 3021, 3021, 3022, 3022, 3025, 3026, 3027, 3027, + 3028, 3025, 3029, 3028, 3030, 3031, 3032, 3029, 3029, 3030, + 3031, 3033, 3034, 3035, 3036, 3037, 3034, 3033, 3035, 3036, + 3032, 3038, 3039, 3040, 3037, 3041, 3042, 3044, 3043, 3051, + 3039, 3041, 3042, 3043, 3045, 3045, 3038, 3048, 3047, 3044, + 3049, 3051, 3048, 3049, 3040, 3047, 3053, 3054, 3055, 3056, - 3055, 3053, 3063, 3058, 3062, 3062, 3064, 3068, 3068, 3063, - 3066, 3067, 3069, 3070, 3071, 3059, 3060, 3061, 3073, 3066, - 3067, 3075, 3070, 3072, 3072, 3064, 3077, 3069, 3078, 3071, - 3079, 3079, 3078, 3080, 3081, 3082, 3075, 3073, 3083, 3085, - 3081, 3082, 3084, 3086, 3086, 3085, 3077, 3087, 3088, 3089, - 3091, 3092, 3097, 3098, 3089, 3087, 3094, 3083, 3080, 3091, - 3084, 3096, 3094, 3095, 3092, 3096, 3095, 3098, 3099, 3099, - 3097, 3100, 3103, 3088, 3102, 3102, 3105, 3105, 3106, 3107, - 3107, 3108, 3108, 3110, 3110, 3111, 3100, 3112, 3113, 3111, - 3103, 3117, 3112, 3115, 3115, 3118, 3119, 3113, 3120, 3123, + 3057, 3053, 3054, 3055, 3066, 3058, 3059, 3060, 3060, 3061, + 3071, 3072, 3062, 3057, 3058, 3059, 3062, 3056, 3061, 3063, + 3067, 3068, 3066, 3073, 3063, 3074, 3067, 3068, 3076, 3071, + 3077, 3072, 3075, 3075, 3086, 3076, 3079, 3080, 3081, 3081, + 3082, 3083, 3084, 3073, 3074, 3079, 3080, 3085, 3085, 3077, + 3083, 3088, 3090, 3086, 3091, 3082, 3093, 3084, 3091, 3092, + 3092, 3094, 3095, 3096, 3098, 3097, 3088, 3094, 3095, 3100, + 3098, 3101, 3090, 3099, 3099, 3102, 3104, 3100, 3105, 3110, + 3102, 3093, 3096, 3097, 3107, 3104, 3108, 3111, 3109, 3108, + 3107, 3105, 3109, 3112, 3112, 3113, 3101, 3110, 3115, 3115, - 3118, 3106, 3121, 3120, 3120, 3124, 3125, 0, 3119, 3126, - 3126, 3117, 3128, 3128, 3121, 3129, 3129, 3130, 3130, 3123, - 3131, 3132, 3133, 3131, 3136, 3124, 3125, 3135, 3135, 3138, - 3139, 3139, 3140, 3140, 3132, 3133, 3141, 3141, 3142, 3143, - 3143, 3144, 3136, 3145, 3146, 3147, 3148, 3148, 3149, 3138, - 3152, 3147, 3149, 3142, 3144, 3152, 3152, 3153, 3146, 3154, - 3153, 3145, 3155, 3157, 3158, 3154, 3159, 3155, 3157, 3157, - 3160, 3161, 3162, 3163, 3164, 3165, 3175, 3161, 3162, 3163, - 3164, 3166, 3167, 3167, 3170, 3166, 3159, 3158, 3172, 3170, - 3160, 3173, 3176, 3178, 3173, 3176, 3172, 3177, 3177, 3179, + 3116, 3111, 3118, 3118, 3119, 3120, 3120, 3121, 3121, 3124, + 3113, 3123, 3123, 3124, 3125, 3126, 3128, 3128, 3116, 3125, + 3130, 3131, 3132, 3133, 3126, 3134, 3131, 3119, 3133, 3133, + 3136, 3137, 3138, 3145, 3132, 3139, 3139, 3134, 3141, 3141, + 3130, 3142, 3142, 3143, 3143, 3144, 3145, 3146, 3144, 3149, + 3136, 3137, 3138, 3148, 3148, 3151, 3152, 3152, 3153, 3153, + 3146, 3154, 3154, 3155, 3156, 3156, 3157, 3149, 3158, 3159, + 3160, 3161, 3161, 3162, 3167, 3151, 3160, 3162, 3155, 3157, + 3167, 3166, 3165, 3159, 3166, 3168, 3158, 3165, 3165, 3170, + 3168, 3171, 3172, 3173, 3170, 3170, 3174, 3175, 3176, 3177, - 3165, 3175, 3180, 3181, 3179, 3182, 3183, 3183, 3184, 3187, - 3178, 3178, 3186, 3185, 3193, 3193, 3185, 3188, 3192, 3182, - 3180, 0, 3184, 3181, 3185, 3188, 3186, 3190, 3187, 3191, - 3194, 3194, 3190, 3190, 3191, 3191, 3199, 3192, 3195, 3195, - 3196, 3196, 3197, 3197, 3198, 3198, 3200, 3201, 3202, 3203, - 3204, 3200, 3199, 3206, 3205, 3207, 3208, 3209, 3203, 3205, - 3207, 3210, 3211, 3215, 3204, 3208, 3215, 3201, 3213, 3213, - 3214, 3214, 3206, 3216, 3202, 3217, 3217, 3209, 3218, 3220, - 3219, 3210, 3211, 3223, 3218, 3219, 3222, 3222, 3216, 3225, - 3223, 3224, 3224, 3228, 3225, 3227, 3227, 3220, 3229, 3230, + 3178, 3186, 3174, 3175, 3176, 3177, 3179, 3180, 3180, 3186, + 3179, 3189, 3172, 3173, 3171, 3183, 3183, 3184, 3187, 3194, + 3190, 3187, 3184, 3190, 3192, 3178, 3191, 3191, 3193, 3196, + 3197, 3198, 3198, 3193, 3199, 3200, 3189, 3194, 3200, 3201, + 3202, 3192, 3192, 3203, 3197, 3207, 3200, 0, 3199, 3196, + 3205, 3203, 3206, 3201, 3217, 3205, 3205, 3206, 3206, 3202, + 3208, 3208, 3209, 3209, 3207, 3210, 3210, 3211, 3211, 3212, + 3212, 3213, 3213, 3214, 3215, 3216, 3218, 3219, 3220, 3215, + 3217, 3221, 3222, 3220, 3223, 3218, 3224, 3222, 3225, 3214, + 3226, 3219, 3231, 3223, 3235, 3216, 3228, 3228, 3229, 3229, - 3230, 3231, 3228, 3232, 3234, 3235, 3235, 3229, 3236, 3236, - 3231, 3237, 3232, 3239, 3238, 3237, 3240, 3242, 3241, 3243, - 3246, 3245, 3234, 3238, 3243, 3243, 3247, 3240, 3249, 3246, - 3247, 3253, 3239, 3241, 3245, 3255, 3253, 3242, 3254, 3254, - 3257, 3257, 3258, 3249, 3259, 3260, 3262, 3262, 3264, 3255, - 3263, 3263, 3265, 3266, 3270, 3271, 3258, 3264, 3265, 3272, - 3271, 3274, 3277, 3260, 3275, 3266, 3279, 3281, 3272, 3259, - 3275, 3282, 3281, 3284, 3277, 3286, 3282, 3283, 3283, 3270, - 3286, 3274, 3284, 3287, 3289, 3290, 3291, 3279, 3292, 3292, - 3294, 3294, 3292, 3295, 3295, 3289, 3297, 3287, 3290, 3298, + 3221, 3230, 3232, 3232, 3230, 3233, 3224, 3231, 3225, 3234, + 3226, 3233, 3235, 3238, 3234, 3237, 3237, 3239, 3239, 3240, + 3238, 3242, 3242, 3243, 3240, 3244, 3245, 3245, 3246, 3247, + 3249, 3254, 3243, 3253, 3244, 3250, 3250, 3246, 3247, 3251, + 3251, 3252, 3253, 3255, 3256, 3252, 3257, 3258, 3249, 3260, + 3254, 3261, 3258, 3258, 3255, 3264, 3275, 3262, 3268, 3256, + 3261, 3262, 3260, 3268, 3269, 3269, 3257, 3270, 3272, 3272, + 3264, 3273, 3274, 3279, 3275, 3277, 3277, 3278, 3278, 3281, + 3280, 3270, 3279, 3285, 3286, 3273, 3280, 3287, 3290, 3286, + 3289, 3281, 3292, 3294, 3290, 3296, 3287, 3274, 3297, 3302, - 3291, 3296, 3296, 3299, 3302, 3297, 3300, 3301, 3304, 3302, - 3305, 3306, 3307, 3307, 3304, 3305, 3306, 3308, 3309, 3298, - 3310, 3312, 3311, 3299, 3314, 3300, 3301, 3311, 3313, 3317, - 3309, 3315, 3315, 3317, 3313, 3308, 3321, 3318, 3319, 3312, - 3325, 3310, 3318, 3319, 3320, 3320, 3322, 3323, 3333, 3314, - 3327, 3327, 3329, 3330, 3331, 3321, 3334, 3333, 3335, 3332, - 3325, 3322, 3323, 3332, 3337, 3329, 3330, 3331, 3336, 3337, - 3338, 3339, 3334, 3340, 3340, 3341, 3336, 3335, 3342, 3343, - 3344, 3344, 3345, 3345, 3341, 3346, 3350, 3349, 3352, 3356, - 3338, 3339, 3349, 3349, 3352, 3360, 3342, 3353, 3353, 3361, + 3296, 3298, 3298, 3297, 3292, 3304, 3299, 3301, 3285, 3305, + 3289, 3306, 3301, 3302, 3294, 3299, 3304, 3307, 3307, 3309, + 3309, 3307, 3305, 3310, 3310, 3306, 3311, 3311, 3312, 3313, + 3314, 3317, 3315, 3316, 3320, 3324, 3317, 3312, 3321, 3322, + 3320, 3323, 3323, 3321, 3322, 3325, 3326, 3328, 3330, 3313, + 3314, 3315, 3316, 3324, 3327, 3329, 3333, 3325, 3337, 3327, + 3333, 3329, 3331, 3331, 3334, 3328, 3335, 3326, 3338, 3334, + 3339, 3335, 3341, 3330, 3336, 3336, 3345, 3337, 3343, 3343, + 3346, 3347, 3348, 3338, 3350, 3339, 3348, 3349, 3351, 3345, + 3352, 3354, 3341, 3346, 3347, 3355, 3349, 3353, 3352, 3357, - 3350, 3354, 3354, 3363, 3346, 3343, 3358, 3358, 3363, 3364, - 3356, 3360, 3365, 3368, 3368, 3361, 3369, 3365, 3370, 3372, - 3371, 3373, 3373, 3377, 3374, 3364, 3371, 3370, 3376, 3376, - 3378, 3384, 3379, 3380, 3380, 3382, 3369, 3377, 3385, 3389, - 3386, 3382, 3372, 3374, 3385, 3386, 3390, 3391, 3391, 3378, - 3379, 3384, 3392, 3392, 3393, 3394, 3395, 3395, 3397, 3396, - 3398, 3389, 3399, 3400, 3402, 3401, 3404, 3397, 3399, 3393, - 3396, 3404, 3390, 3403, 3403, 3394, 3395, 3401, 3405, 3405, - 3398, 3406, 3400, 3407, 3402, 3408, 3407, 3413, 3408, 3409, - 3409, 3414, 3415, 3416, 3417, 3421, 3406, 3426, 3416, 3413, + 3350, 3358, 3353, 3356, 3356, 3359, 3362, 3351, 3357, 3360, + 3360, 3354, 3361, 3361, 3366, 3355, 3365, 3368, 3372, 3358, + 3376, 3365, 3365, 3368, 3377, 3362, 3369, 3369, 3366, 3370, + 3370, 3359, 3374, 3374, 3380, 3385, 3376, 3379, 3381, 3372, + 3377, 3388, 3379, 3381, 3384, 3384, 3387, 3386, 3389, 3389, + 3380, 3390, 3387, 3392, 3392, 3385, 3386, 3393, 3394, 3398, + 3395, 3396, 3396, 3400, 3388, 3398, 3401, 3405, 3402, 3406, + 3390, 3393, 3401, 3402, 3407, 3407, 3409, 3394, 3395, 3408, + 3408, 3410, 3412, 3400, 3411, 3411, 3414, 3413, 3415, 3405, + 3416, 3409, 3418, 3412, 3415, 3406, 3413, 3420, 3417, 3419, - 3417, 3418, 3418, 3419, 3420, 3433, 3419, 3424, 3424, 3423, - 3420, 3414, 3415, 3421, 3423, 3425, 3426, 3427, 3428, 3431, - 3425, 3429, 3429, 3427, 3432, 3434, 3435, 3435, 3436, 3437, - 3433, 3431, 3438, 3440, 3440, 3428, 3428, 0, 3434, 3441, - 3441, 3438, 3432, 3442, 3442, 3437, 3443, 3436, 3444, 3445, - 3449, 3443, 3446, 3446, 3445, 3447, 3447, 3448, 3448, 3449, - 3450, 3450, 3444, 3451, 3452, 3453, 3458, 3454, 3457, 3457, - 3464, 3453, 3454, 3460, 3460, 3466, 3451, 3461, 3461, 3467, - 3468, 3469, 3458, 3470, 3470, 3472, 3472, 3473, 3474, 3464, - 3452, 3475, 3477, 3478, 3479, 3479, 3481, 3466, 3483, 3468, + 3419, 3410, 3420, 3422, 3411, 3429, 3414, 3421, 3421, 3416, + 3417, 3423, 3418, 3424, 3423, 3430, 3424, 3429, 3422, 3425, + 3425, 3431, 3432, 3433, 3434, 3434, 3436, 3432, 3435, 3433, + 3437, 3435, 3436, 3439, 3441, 3430, 3440, 3440, 3439, 3441, + 3442, 3431, 3447, 3443, 3444, 3445, 3445, 3448, 3437, 3443, + 3449, 3450, 3451, 3451, 3447, 3452, 3453, 3454, 3459, 3442, + 0, 3444, 3444, 3459, 3450, 3448, 3454, 3456, 3456, 3457, + 3457, 3460, 3453, 3461, 3452, 3449, 3458, 3458, 3461, 3462, + 3462, 3463, 3463, 3464, 3464, 3460, 3465, 3466, 3466, 3467, + 3468, 3469, 3474, 3470, 3480, 3465, 3482, 3469, 3470, 3473, - 3481, 3467, 3478, 3469, 3484, 3475, 3485, 3474, 3480, 3480, - 3484, 3486, 3477, 3473, 3487, 3488, 3483, 3491, 0, 3487, - 3488, 3492, 3492, 3494, 3494, 3496, 3485, 3495, 3497, 3498, - 3486, 3503, 3495, 3507, 3497, 3499, 3500, 3500, 3491, 3496, - 3501, 3498, 3505, 3499, 3506, 3501, 3505, 3508, 3510, 3506, - 3509, 3503, 3511, 3507, 3512, 3509, 3513, 3515, 3516, 3517, - 3510, 3518, 3513, 3527, 3511, 3515, 3520, 3508, 3523, 3521, - 3522, 3524, 3512, 3526, 3528, 3531, 3524, 3516, 3526, 3517, - 3528, 3518, 0, 3527, 3520, 3521, 3529, 3522, 3522, 3523, - 3532, 3529, 3533, 3532, 3543, 3531, 3537, 3537, 3538, 3538, + 3473, 3483, 3467, 3476, 3476, 3477, 3477, 3484, 3474, 3485, + 3486, 3486, 3489, 3480, 3488, 3488, 3468, 3490, 3482, 3491, + 3493, 3494, 3501, 3483, 3495, 3495, 3484, 3496, 3496, 3499, + 3494, 3485, 3502, 3491, 3507, 3497, 3490, 3500, 3489, 3497, + 3493, 3503, 3501, 3500, 3504, 3511, 3503, 3499, 3512, 3504, + 3511, 3502, 3508, 3508, 3513, 3507, 3510, 3510, 3514, 3515, + 3513, 3517, 3512, 3516, 3516, 3519, 3517, 3515, 3521, 3522, + 3514, 3523, 3521, 3524, 3522, 3525, 3526, 3527, 3528, 3532, + 3525, 3529, 3531, 3533, 3534, 3519, 3537, 3529, 3526, 3527, + 3531, 3523, 3536, 3524, 3538, 3539, 3528, 3543, 3532, 3547, - 3539, 3545, 3545, 3546, 3539, 3533, 3547, 3550, 3546, 3543, - 3548, 3548, 3553, 3553, 3554, 3554, 3558, 3554, 3555, 3555, - 3558, 3555, 3550, 3556, 3556, 3547, 3557, 3557, 3560, 3557, - 3561, 3562, 3562, 3560, 3563, 3564, 3567, 3567, 3569, 3561, - 3568, 3568, 3570, 3571, 3572, 3572, 3573, 3574, 3571, 3564, - 3577, 3579, 3563, 3578, 3580, 3579, 3581, 0, 3569, 3583, - 3578, 3593, 3570, 3580, 3573, 3585, 3584, 3574, 3584, 3587, - 3585, 3581, 3586, 3586, 3592, 3577, 3593, 3583, 3587, 3588, - 3588, 3589, 3589, 3590, 3590, 3591, 3591, 3594, 3595, 3596, - 3598, 3599, 3594, 3597, 3596, 3596, 3592, 3595, 3600, 3597, + 3540, 3542, 3537, 3533, 3534, 3540, 3542, 3544, 3549, 3545, + 3536, 3538, 3538, 3544, 3545, 3548, 3539, 3543, 3548, 3547, + 3559, 3549, 3553, 3553, 3554, 3554, 3555, 3561, 3561, 3562, + 3555, 3563, 3564, 3564, 3562, 3559, 3566, 3569, 3569, 3570, + 3570, 3574, 3570, 3571, 3571, 3574, 3571, 3572, 3572, 3576, + 3563, 3566, 3573, 3573, 3576, 3573, 3577, 3578, 3578, 3579, + 3580, 3583, 3583, 3584, 3584, 3577, 3585, 3586, 3587, 3588, + 3588, 3589, 3590, 3587, 3580, 3593, 3594, 3579, 3595, 3596, + 3597, 3599, 3595, 3594, 0, 3601, 3585, 3586, 3596, 3589, + 3601, 3608, 3590, 3602, 3602, 3597, 3603, 3604, 3604, 3599, - 3595, 3603, 3601, 3602, 3604, 3604, 3599, 3601, 3602, 3609, - 3605, 3606, 3607, 3607, 3614, 3598, 3605, 3606, 3610, 3600, - 3603, 3608, 3608, 3610, 3609, 3613, 3613, 3617, 3614, 3616, - 3616, 3619, 3621, 3621, 3622, 3622, 3617, 3623, 3623, 3624, - 3624, 3626, 3626, 3627, 3627, 3628, 3628, 3629, 3629, 3619, - 3630, 3632, 3633, 3633, 3635, 3635, 3636, 3637, 3638, 3640, - 3632, 3641, 3641, 3642, 3644, 3636, 3643, 3643, 3645, 3637, - 3659, 3646, 3647, 3647, 3640, 3648, 3630, 3651, 3638, 3644, - 3657, 3645, 3642, 3646, 3649, 3649, 3656, 3648, 3652, 3652, - 3658, 3656, 3651, 3658, 3660, 3660, 3659, 3661, 3657, 3663, + 3593, 3605, 3605, 3606, 3606, 3603, 3607, 3607, 3609, 3610, + 3611, 3612, 3613, 3608, 3610, 3614, 3612, 3612, 3613, 3611, + 3615, 3616, 3611, 3609, 3617, 3618, 3619, 3620, 3620, 3617, + 3618, 3621, 3622, 3623, 3623, 3615, 3625, 3621, 3622, 3630, + 3614, 3626, 3616, 3624, 3624, 3619, 3626, 3629, 3629, 3632, + 3632, 3625, 3633, 3630, 3635, 3637, 3637, 3638, 3638, 3639, + 3639, 3633, 3640, 3640, 3642, 3642, 3643, 3643, 3644, 3644, + 3645, 3645, 3635, 3646, 3648, 3649, 3649, 3651, 3651, 3652, + 3653, 3654, 3656, 3648, 3657, 3657, 3658, 3660, 3652, 3659, + 3659, 3661, 3653, 3675, 3662, 3663, 3663, 3656, 3664, 3646, - 3664, 3667, 3663, 3665, 3666, 3668, 3664, 3671, 3669, 3666, - 3672, 3676, 3675, 3671, 3680, 3661, 3675, 3665, 3681, 3672, - 3667, 3678, 3678, 3668, 3669, 3690, 3676, 3701, 3691, 3694, - 3690, 3691, 3695, 3695, 3696, 3696, 3697, 3697, 3681, 3702, - 3680, 3703, 3694, 3699, 3699, 3703, 3704, 3705, 3702, 3707, - 3701, 3709, 3710, 3711, 3712, 3714, 3713, 3709, 3713, 3712, - 3715, 3715, 3705, 3707, 3711, 3716, 3704, 3717, 3719, 3718, - 3714, 3720, 3722, 3721, 3724, 3710, 3725, 3723, 3716, 3724, - 3726, 3722, 3728, 3730, 3719, 3727, 3717, 3718, 3721, 3723, - 3727, 3736, 3726, 3729, 3729, 3731, 3720, 3725, 3737, 3739, + 3667, 3654, 3660, 3673, 3661, 3658, 3662, 3665, 3665, 3672, + 3664, 3668, 3668, 3674, 3672, 3667, 3674, 3676, 3676, 3675, + 3677, 3673, 3679, 3680, 3683, 3679, 3681, 3682, 3684, 3680, + 3687, 3685, 3682, 3688, 3692, 3691, 3687, 3696, 3677, 3691, + 3681, 3697, 3688, 3683, 3694, 3694, 3684, 3685, 3706, 3692, + 3717, 3707, 3710, 3706, 3707, 3711, 3711, 3712, 3712, 3713, + 3713, 3697, 3718, 3696, 3719, 3710, 3715, 3715, 3719, 3720, + 3721, 3718, 3723, 3717, 3725, 3726, 3727, 3728, 3730, 3729, + 3725, 3729, 3728, 3731, 3731, 3721, 3723, 3727, 3732, 3720, + 3733, 3735, 3734, 3730, 3736, 3738, 3737, 3740, 3726, 3741, - 3731, 3728, 3751, 3730, 3747, 3736, 3738, 3738, 3739, 3740, - 3741, 3741, 3740, 3746, 3742, 3743, 3743, 0, 3737, 3742, - 3744, 3744, 3745, 3745, 3747, 3748, 3749, 3751, 3748, 3750, - 3752, 3749, 3746, 3753, 3750, 3754, 3755, 3756, 3758, 3753, - 3757, 3757, 3756, 3759, 3759, 3752, 3760, 3760, 3755, 3754, - 3761, 3761, 3763, 3763, 3764, 3765, 3766, 3766, 3758, 3769, - 3768, 3771, 3772, 3775, 3775, 3776, 3776, 3778, 3777, 3764, - 3769, 3779, 3780, 3781, 3765, 3768, 3777, 3779, 3780, 3782, - 3772, 3783, 3792, 3784, 3793, 3771, 3778, 3781, 3784, 3785, - 3785, 3795, 3782, 3787, 3787, 3796, 3796, 3797, 3798, 3800, + 3739, 3732, 3740, 3742, 3738, 3744, 3746, 3735, 3743, 3733, + 3734, 3737, 3739, 3743, 3752, 3742, 3745, 3745, 3747, 3736, + 3741, 3753, 3755, 3747, 3744, 3767, 3746, 3763, 3752, 3754, + 3754, 3755, 3756, 3757, 3757, 3756, 3762, 3758, 3759, 3759, + 0, 3753, 3758, 3760, 3760, 3761, 3761, 3763, 3764, 3765, + 3767, 3764, 3766, 3768, 3765, 3762, 3769, 3766, 3770, 3771, + 3772, 3774, 3769, 3773, 3773, 3772, 3775, 3775, 3768, 3776, + 3776, 3771, 3770, 3777, 3777, 3779, 3779, 3780, 3781, 3782, + 3782, 3774, 3785, 3784, 3787, 3788, 3791, 3791, 3792, 3792, + 3794, 3793, 3780, 3785, 3795, 3796, 3797, 3781, 3784, 3793, - 3783, 3801, 3798, 3792, 3793, 3795, 3801, 3802, 3803, 3804, - 3805, 3806, 3807, 3797, 3808, 3808, 3806, 3807, 3811, 3800, - 3813, 3803, 3804, 3812, 3815, 3817, 3802, 3816, 3816, 3805, - 3817, 3818, 3823, 3815, 3819, 3819, 0, 3818, 3811, 3813, - 3820, 3812, 3821, 3822, 3824, 3820, 3829, 3821, 3822, 3827, - 3824, 3823, 3826, 3826, 3827, 3828, 3828, 3831, 3832, 3833, - 3834, 3831, 3835, 3836, 3829, 3837, 3833, 3838, 3842, 3836, - 3840, 3840, 3846, 3842, 3843, 3843, 3844, 3832, 3845, 3834, - 3838, 3835, 3847, 3845, 3837, 3844, 3848, 3850, 3844, 3849, - 3849, 3846, 3850, 3851, 3852, 3854, 3855, 3855, 3852, 3848, + 3795, 3796, 3798, 3788, 3799, 3808, 3800, 3809, 3787, 3794, + 3797, 3800, 3801, 3801, 3811, 3798, 3803, 3803, 3812, 3812, + 3813, 3814, 3816, 3799, 3817, 3814, 3808, 3809, 3811, 3817, + 3818, 3819, 3820, 3821, 3822, 3823, 3813, 3824, 3824, 3822, + 3823, 3827, 3816, 3829, 3819, 3820, 3828, 3831, 3833, 3818, + 3832, 3832, 3821, 3833, 3834, 3839, 3831, 3835, 3835, 0, + 3834, 3827, 3829, 3836, 3828, 3837, 3838, 3840, 3836, 3845, + 3837, 3838, 3843, 3840, 3839, 3842, 3842, 3843, 3844, 3844, + 3847, 3848, 3849, 3850, 3847, 3851, 3852, 3845, 3853, 3849, + 3854, 3858, 3852, 3856, 3856, 3862, 3858, 3859, 3859, 3860, - 3856, 3847, 3857, 3857, 3858, 3858, 3851, 3859, 3860, 3861, - 3862, 3862, 3859, 3863, 3863, 3860, 3865, 3864, 3865, 3856, - 3867, 3854, 3864, 3866, 3866, 3868, 3869, 3867, 3861, 3870, - 3871, 3875, 3868, 3877, 3870, 3874, 3874, 3878, 3877, 3879, - 3880, 3884, 3878, 3881, 3881, 3869, 3883, 3883, 3885, 3871, - 3875, 3886, 3886, 3887, 3887, 3888, 3890, 3890, 3879, 3880, - 3884, 3892, 3888, 3891, 3891, 3894, 3897, 3885, 3892, 3898, - 3894, 3897, 3899, 3900, 3900, 3901, 3901, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 3898, 0, - 0, 3899, 3905, 3905, 3905, 3905, 3905, 3905, 3905, 3906, + 3848, 3861, 3850, 3854, 3851, 3863, 3861, 3853, 3860, 3864, + 3866, 3860, 3865, 3865, 3862, 3866, 3867, 3868, 3870, 3871, + 3871, 3868, 3864, 3872, 3863, 3873, 3873, 3874, 3874, 3867, + 3875, 3876, 3877, 3878, 3878, 3875, 3879, 3879, 3876, 3881, + 3880, 3881, 3872, 3883, 3870, 3880, 3882, 3882, 3884, 3885, + 3883, 3877, 3886, 3887, 3891, 3884, 3893, 3886, 3890, 3890, + 3894, 3893, 3895, 3896, 3900, 3894, 3897, 3897, 3885, 3899, + 3899, 3901, 3887, 3891, 3902, 3902, 3903, 3903, 3904, 3906, + 3906, 3895, 3896, 3900, 3908, 3904, 3907, 3907, 3910, 3913, + 3901, 3908, 3914, 3910, 3913, 3915, 3916, 3916, 3917, 3917, - 3906, 3906, 3906, 3906, 3906, 3906, 3907, 3907, 3907, 3907, - 3907, 3907, 3907, 3908, 3908, 3908, 3908, 3908, 3908, 3908, - 3909, 3909, 3909, 3909, 3909, 3909, 3909, 3910, 3910, 3910, - 3910, 3910, 3910, 3910, 3911, 3911, 3911, 3911, 3911, 3911, - 3911, 3913, 3913, 0, 3913, 3913, 3913, 3913, 3914, 3914, - 0, 0, 0, 3914, 3914, 3915, 3915, 0, 0, 3915, - 0, 3915, 3916, 0, 0, 0, 0, 0, 3916, 3917, - 3917, 0, 0, 0, 3917, 3917, 3918, 0, 0, 0, - 0, 0, 3918, 3919, 3919, 0, 3919, 3919, 3919, 3919, - 3920, 0, 0, 0, 0, 0, 3920, 3921, 3921, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 3914, 0, 0, 3915, 3921, 3921, 3921, 3921, 3921, + 3921, 3921, 3922, 3922, 3922, 3922, 3922, 3922, 3922, 3923, + 3923, 3923, 3923, 3923, 3923, 3923, 3924, 3924, 3924, 3924, + 3924, 3924, 3924, 3925, 3925, 3925, 3925, 3925, 3925, 3925, + 3926, 3926, 3926, 3926, 3926, 3926, 3926, 3927, 3927, 3927, + 3927, 3927, 3927, 3927, 3929, 3929, 0, 3929, 3929, 3929, + 3929, 3930, 3930, 0, 0, 0, 3930, 3930, 3931, 3931, + 0, 0, 3931, 0, 3931, 3932, 0, 0, 0, 0, + 0, 3932, 3933, 3933, 0, 0, 0, 3933, 3933, 3934, - 0, 0, 3921, 3921, 3922, 3922, 0, 3922, 3922, 3922, - 3922, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, - 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, - 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, - 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, 3904, - 3904, 3904 + 0, 0, 0, 0, 0, 3934, 3935, 3935, 0, 3935, + 3935, 3935, 3935, 3936, 0, 0, 0, 0, 0, 3936, + 3937, 3937, 0, 0, 0, 3937, 3937, 3938, 3938, 0, + 3938, 3938, 3938, 3938, 3920, 3920, 3920, 3920, 3920, 3920, + 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, + 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, + 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, 3920, + 3920, 3920, 3920, 3920, 3920 } ; static yy_state_type yy_last_accepting_state; @@ -3627,7 +3634,7 @@ static void config_end_include(void) #define YY_NO_INPUT 1 #endif -#line 3629 "" +#line 3636 "" #define INITIAL 0 #define quotedstring 1 @@ -3845,7 +3852,7 @@ YY_DECL { #line 211 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -#line 3847 "" +#line 3854 "" while ( 1 ) /* loops until end-of-file is reached */ { @@ -3878,13 +3885,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3905 ) + if ( yy_current_state >= 3921 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 7612 ); + while ( yy_base[yy_current_state] != 7635 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -5383,102 +5390,102 @@ YY_RULE_SETUP case 293: YY_RULE_SETUP #line 516 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } +{ YDVAR(1, VAR_DNSTAP_SAMPLE_RATE) } YY_BREAK case 294: YY_RULE_SETUP #line 517 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT) } +{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } YY_BREAK case 295: YY_RULE_SETUP #line 518 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_COOKIE) } +{ YDVAR(1, VAR_IP_RATELIMIT) } YY_BREAK case 296: YY_RULE_SETUP #line 519 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT) } +{ YDVAR(1, VAR_IP_RATELIMIT_COOKIE) } YY_BREAK case 297: YY_RULE_SETUP #line 520 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } +{ YDVAR(1, VAR_RATELIMIT) } YY_BREAK case 298: YY_RULE_SETUP #line 521 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SLABS) } +{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } YY_BREAK case 299: YY_RULE_SETUP #line 522 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } +{ YDVAR(1, VAR_RATELIMIT_SLABS) } YY_BREAK case 300: YY_RULE_SETUP #line 523 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SIZE) } +{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } YY_BREAK case 301: YY_RULE_SETUP #line 524 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } +{ YDVAR(1, VAR_RATELIMIT_SIZE) } YY_BREAK case 302: YY_RULE_SETUP #line 525 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } +{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } YY_BREAK case 303: YY_RULE_SETUP #line 526 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } +{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } YY_BREAK case 304: YY_RULE_SETUP #line 527 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_FACTOR) } +{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } YY_BREAK case 305: YY_RULE_SETUP #line 528 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) } +{ YDVAR(1, VAR_RATELIMIT_FACTOR) } YY_BREAK case 306: YY_RULE_SETUP #line 529 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_BACKOFF) } +{ YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) } YY_BREAK case 307: YY_RULE_SETUP #line 530 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_OUTBOUND_MSG_RETRY) } +{ YDVAR(1, VAR_RATELIMIT_BACKOFF) } YY_BREAK case 308: YY_RULE_SETUP #line 531 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_MAX_SENT_COUNT) } +{ YDVAR(1, VAR_OUTBOUND_MSG_RETRY) } YY_BREAK case 309: YY_RULE_SETUP #line 532 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_MAX_QUERY_RESTARTS) } +{ YDVAR(1, VAR_MAX_SENT_COUNT) } YY_BREAK case 310: YY_RULE_SETUP #line 533 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_LOW_RTT) } +{ YDVAR(1, VAR_MAX_QUERY_RESTARTS) } YY_BREAK case 311: YY_RULE_SETUP #line 534 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_NUM) } +{ YDVAR(1, VAR_LOW_RTT) } YY_BREAK case 312: YY_RULE_SETUP #line 535 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_FAST_SERVER_NUM) } YY_BREAK case 313: YY_RULE_SETUP @@ -5493,119 +5500,119 @@ YY_RULE_SETUP case 315: YY_RULE_SETUP #line 538 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_TAG) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 316: YY_RULE_SETUP #line 539 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP) } +{ YDVAR(2, VAR_RESPONSE_IP_TAG) } YY_BREAK case 317: YY_RULE_SETUP #line 540 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_DATA) } +{ YDVAR(2, VAR_RESPONSE_IP) } YY_BREAK case 318: YY_RULE_SETUP #line 541 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(0, VAR_DNSCRYPT) } +{ YDVAR(2, VAR_RESPONSE_IP_DATA) } YY_BREAK case 319: YY_RULE_SETUP #line 542 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } +{ YDVAR(0, VAR_DNSCRYPT) } YY_BREAK case 320: YY_RULE_SETUP #line 543 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PORT) } +{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } YY_BREAK case 321: YY_RULE_SETUP #line 544 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } +{ YDVAR(1, VAR_DNSCRYPT_PORT) } YY_BREAK case 322: YY_RULE_SETUP #line 545 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } YY_BREAK case 323: YY_RULE_SETUP #line 546 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } +{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } YY_BREAK case 324: YY_RULE_SETUP #line 547 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } YY_BREAK case 325: YY_RULE_SETUP #line 548 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } YY_BREAK case 326: YY_RULE_SETUP -#line 550 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 549 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } + YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } YY_BREAK case 327: YY_RULE_SETUP -#line 552 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } +#line 551 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +{ + YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } YY_BREAK case 328: YY_RULE_SETUP #line 553 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } +{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } YY_BREAK case 329: YY_RULE_SETUP #line 554 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_PAD_RESPONSES) } +{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } YY_BREAK case 330: YY_RULE_SETUP #line 555 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } +{ YDVAR(1, VAR_PAD_RESPONSES) } YY_BREAK case 331: YY_RULE_SETUP #line 556 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_PAD_QUERIES) } +{ YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } YY_BREAK case 332: YY_RULE_SETUP #line 557 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } +{ YDVAR(1, VAR_PAD_QUERIES) } YY_BREAK case 333: YY_RULE_SETUP #line 558 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_ENABLED) } +{ YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } YY_BREAK case 334: YY_RULE_SETUP #line 559 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } +{ YDVAR(1, VAR_IPSECMOD_ENABLED) } YY_BREAK case 335: YY_RULE_SETUP #line 560 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_HOOK) } +{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } YY_BREAK case 336: YY_RULE_SETUP #line 561 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } +{ YDVAR(1, VAR_IPSECMOD_HOOK) } YY_BREAK case 337: YY_RULE_SETUP #line 562 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } +{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } YY_BREAK case 338: YY_RULE_SETUP @@ -5615,163 +5622,173 @@ YY_RULE_SETUP case 339: YY_RULE_SETUP #line 564 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_STRICT) } +{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } YY_BREAK case 340: YY_RULE_SETUP #line 565 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(0, VAR_CACHEDB) } +{ YDVAR(1, VAR_IPSECMOD_STRICT) } YY_BREAK case 341: YY_RULE_SETUP #line 566 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_BACKEND) } +{ YDVAR(0, VAR_CACHEDB) } YY_BREAK case 342: YY_RULE_SETUP #line 567 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } +{ YDVAR(1, VAR_CACHEDB_BACKEND) } YY_BREAK case 343: YY_RULE_SETUP #line 568 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_NO_STORE) } +{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } YY_BREAK case 344: YY_RULE_SETUP #line 569 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED) } +{ YDVAR(1, VAR_CACHEDB_NO_STORE) } YY_BREAK case 345: YY_RULE_SETUP #line 570 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISHOST) } +{ YDVAR(1, VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED) } YY_BREAK case 346: YY_RULE_SETUP #line 571 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISPORT) } +{ YDVAR(1, VAR_CACHEDB_REDISHOST) } YY_BREAK case 347: YY_RULE_SETUP #line 572 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISPATH) } +{ YDVAR(1, VAR_CACHEDB_REDISPORT) } YY_BREAK case 348: YY_RULE_SETUP #line 573 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISPASSWORD) } +{ YDVAR(1, VAR_CACHEDB_REDISPATH) } YY_BREAK case 349: YY_RULE_SETUP #line 574 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } +{ YDVAR(1, VAR_CACHEDB_REDISPASSWORD) } YY_BREAK case 350: YY_RULE_SETUP #line 575 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } +{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } YY_BREAK case 351: YY_RULE_SETUP #line 576 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISLOGICALDB) } +{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } YY_BREAK case 352: YY_RULE_SETUP #line 577 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(0, VAR_IPSET) } +{ YDVAR(1, VAR_CACHEDB_REDISLOGICALDB) } YY_BREAK case 353: YY_RULE_SETUP #line 578 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V4) } +{ YDVAR(0, VAR_IPSET) } YY_BREAK case 354: YY_RULE_SETUP #line 579 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V6) } +{ YDVAR(1, VAR_IPSET_NAME_V4) } YY_BREAK case 355: YY_RULE_SETUP #line 580 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } +{ YDVAR(1, VAR_IPSET_NAME_V6) } YY_BREAK case 356: YY_RULE_SETUP #line 581 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } +{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } YY_BREAK case 357: YY_RULE_SETUP #line 582 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_ANSWER_COOKIE ) } +{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } YY_BREAK case 358: YY_RULE_SETUP #line 583 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_COOKIE_SECRET) } +{ YDVAR(1, VAR_ANSWER_COOKIE ) } YY_BREAK case 359: YY_RULE_SETUP #line 584 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(2, VAR_EDNS_CLIENT_STRING) } +{ YDVAR(1, VAR_COOKIE_SECRET) } YY_BREAK case 360: YY_RULE_SETUP #line 585 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } +{ YDVAR(1, VAR_COOKIE_SECRET_FILE) } YY_BREAK case 361: YY_RULE_SETUP #line 586 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_NSID ) } +{ YDVAR(2, VAR_EDNS_CLIENT_STRING) } YY_BREAK case 362: YY_RULE_SETUP #line 587 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_EDE ) } +{ YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } YY_BREAK case 363: YY_RULE_SETUP #line 588 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } +{ YDVAR(1, VAR_NSID ) } YY_BREAK case 364: -/* rule 364 can match eol */ YY_RULE_SETUP #line 589 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +{ YDVAR(1, VAR_EDE ) } + YY_BREAK +case 365: +YY_RULE_SETUP +#line 590 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +{ YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } + YY_BREAK +case 366: +/* rule 366 can match eol */ +YY_RULE_SETUP +#line 591 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK /* Quoted strings. Strip leading and ending quotes */ -case 365: +case 367: YY_RULE_SETUP -#line 592 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 594 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { BEGIN(quotedstring); LEXOUT(("QS ")); } YY_BREAK case YY_STATE_EOF(quotedstring): -#line 593 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 595 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 366: +case 368: YY_RULE_SETUP -#line 598 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 600 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 367: -/* rule 367 can match eol */ +case 369: +/* rule 369 can match eol */ YY_RULE_SETUP -#line 599 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 601 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 368: +case 370: YY_RULE_SETUP -#line 601 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 603 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -5784,34 +5801,34 @@ YY_RULE_SETUP } YY_BREAK /* Single Quoted strings. Strip leading and ending quotes */ -case 369: +case 371: YY_RULE_SETUP -#line 613 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 615 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } YY_BREAK case YY_STATE_EOF(singlequotedstr): -#line 614 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 616 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 370: +case 372: YY_RULE_SETUP -#line 619 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 621 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 371: -/* rule 371 can match eol */ +case 373: +/* rule 373 can match eol */ YY_RULE_SETUP -#line 620 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 622 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 372: +case 374: YY_RULE_SETUP -#line 622 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 624 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -5824,38 +5841,38 @@ YY_RULE_SETUP } YY_BREAK /* include: directive */ -case 373: +case 375: YY_RULE_SETUP -#line 634 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 636 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } YY_BREAK case YY_STATE_EOF(include): -#line 636 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 638 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { yyerror("EOF inside include directive"); BEGIN(inc_prev); } YY_BREAK -case 374: -YY_RULE_SETUP -#line 640 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ LEXOUT(("ISP ")); /* ignore */ } - YY_BREAK -case 375: -/* rule 375 can match eol */ -YY_RULE_SETUP -#line 641 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ LEXOUT(("NL\n")); cfg_parser->line++;} - YY_BREAK case 376: YY_RULE_SETUP #line 642 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ LEXOUT(("IQS ")); BEGIN(include_quoted); } +{ LEXOUT(("ISP ")); /* ignore */ } YY_BREAK case 377: +/* rule 377 can match eol */ YY_RULE_SETUP #line 643 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +{ LEXOUT(("NL\n")); cfg_parser->line++;} + YY_BREAK +case 378: +YY_RULE_SETUP +#line 644 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +{ LEXOUT(("IQS ")); BEGIN(include_quoted); } + YY_BREAK +case 379: +YY_RULE_SETUP +#line 645 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("Iunquotedstr(%s) ", yytext)); config_start_include_glob(yytext, 0); @@ -5863,27 +5880,27 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_quoted): -#line 648 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 650 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 378: +case 380: YY_RULE_SETUP -#line 652 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 654 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } YY_BREAK -case 379: -/* rule 379 can match eol */ +case 381: +/* rule 381 can match eol */ YY_RULE_SETUP -#line 653 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 655 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 380: +case 382: YY_RULE_SETUP -#line 655 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 657 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; @@ -5893,7 +5910,7 @@ YY_RULE_SETUP YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(val): -#line 661 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 663 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ @@ -5908,39 +5925,39 @@ case YY_STATE_EOF(val): } YY_BREAK /* include-toplevel: directive */ -case 381: +case 383: YY_RULE_SETUP -#line 675 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 677 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel); } YY_BREAK case YY_STATE_EOF(include_toplevel): -#line 678 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 680 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { yyerror("EOF inside include_toplevel directive"); BEGIN(inc_prev); } YY_BREAK -case 382: -YY_RULE_SETUP -#line 682 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ LEXOUT(("ITSP ")); /* ignore */ } - YY_BREAK -case 383: -/* rule 383 can match eol */ -YY_RULE_SETUP -#line 683 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ LEXOUT(("NL\n")); cfg_parser->line++; } - YY_BREAK case 384: YY_RULE_SETUP #line 684 "/usr/src/usr.sbin/unbound/util/configlexer.lex" -{ LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } +{ LEXOUT(("ITSP ")); /* ignore */ } YY_BREAK case 385: +/* rule 385 can match eol */ YY_RULE_SETUP #line 685 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +{ LEXOUT(("NL\n")); cfg_parser->line++; } + YY_BREAK +case 386: +YY_RULE_SETUP +#line 686 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +{ LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } + YY_BREAK +case 387: +YY_RULE_SETUP +#line 687 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("ITunquotedstr(%s) ", yytext)); config_start_include_glob(yytext, 1); @@ -5949,29 +5966,29 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_toplevel_quoted): -#line 691 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 693 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 386: +case 388: YY_RULE_SETUP -#line 695 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 697 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("ITSTR(%s) ", yytext)); yymore(); } YY_BREAK -case 387: -/* rule 387 can match eol */ +case 389: +/* rule 389 can match eol */ YY_RULE_SETUP -#line 696 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 698 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 388: +case 390: YY_RULE_SETUP -#line 700 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 702 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("ITQE ")); yytext[yyleng - 1] = '\0'; @@ -5980,33 +5997,33 @@ YY_RULE_SETUP return (VAR_FORCE_TOPLEVEL); } YY_BREAK -case 389: +case 391: YY_RULE_SETUP -#line 708 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 710 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } YY_BREAK -case 390: +case 392: YY_RULE_SETUP -#line 712 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 714 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { ub_c_error_msg("unknown keyword '%s'", yytext); } YY_BREAK -case 391: +case 393: YY_RULE_SETUP -#line 716 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 718 "/usr/src/usr.sbin/unbound/util/configlexer.lex" { ub_c_error_msg("stray '%s'", yytext); } YY_BREAK -case 392: +case 394: YY_RULE_SETUP -#line 720 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 722 "/usr/src/usr.sbin/unbound/util/configlexer.lex" ECHO; YY_BREAK -#line 6008 "" +#line 6025 "" case YY_END_OF_BUFFER: { @@ -6299,7 +6316,7 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3905 ) + if ( yy_current_state >= 3921 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; @@ -6327,11 +6344,11 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3905 ) + if ( yy_current_state >= 3921 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 3904); + yy_is_jam = (yy_current_state == 3920); return yy_is_jam ? 0 : yy_current_state; } @@ -6964,7 +6981,7 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 720 "/usr/src/usr.sbin/unbound/util/configlexer.lex" +#line 722 "/usr/src/usr.sbin/unbound/util/configlexer.lex" diff --git a/sbin/unwind/libunbound/util/configlexer.lex b/sbin/unwind/libunbound/util/configlexer.lex index 7ae1b8c38..cd5062092 100644 --- a/sbin/unwind/libunbound/util/configlexer.lex +++ b/sbin/unwind/libunbound/util/configlexer.lex @@ -513,6 +513,7 @@ dnstap-log-forwarder-query-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } +dnstap-sample-rate { YDVAR(1, VAR_DNSTAP_SAMPLE_RATE) } disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } ip-ratelimit-cookie{COLON} { YDVAR(1, VAR_IP_RATELIMIT_COOKIE) } @@ -581,6 +582,7 @@ udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNS tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } answer-cookie{COLON} { YDVAR(1, VAR_ANSWER_COOKIE ) } cookie-secret{COLON} { YDVAR(1, VAR_COOKIE_SECRET) } +cookie-secret-file{COLON} { YDVAR(1, VAR_COOKIE_SECRET_FILE) } edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) } edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } nsid{COLON} { YDVAR(1, VAR_NSID ) } diff --git a/sbin/unwind/libunbound/util/configparser.h b/sbin/unwind/libunbound/util/configparser.h index a6eb58aaa..e7db8d229 100644 --- a/sbin/unwind/libunbound/util/configparser.h +++ b/sbin/unwind/libunbound/util/configparser.h @@ -187,171 +187,173 @@ #define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 443 #define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 444 #define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 445 -#define VAR_RESPONSE_IP_TAG 446 -#define VAR_RESPONSE_IP 447 -#define VAR_RESPONSE_IP_DATA 448 -#define VAR_HARDEN_ALGO_DOWNGRADE 449 -#define VAR_IP_TRANSPARENT 450 -#define VAR_IP_DSCP 451 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 452 -#define VAR_IP_RATELIMIT 453 -#define VAR_IP_RATELIMIT_SLABS 454 -#define VAR_IP_RATELIMIT_SIZE 455 -#define VAR_RATELIMIT 456 -#define VAR_RATELIMIT_SLABS 457 -#define VAR_RATELIMIT_SIZE 458 -#define VAR_OUTBOUND_MSG_RETRY 459 -#define VAR_MAX_SENT_COUNT 460 -#define VAR_MAX_QUERY_RESTARTS 461 -#define VAR_RATELIMIT_FOR_DOMAIN 462 -#define VAR_RATELIMIT_BELOW_DOMAIN 463 -#define VAR_IP_RATELIMIT_FACTOR 464 -#define VAR_RATELIMIT_FACTOR 465 -#define VAR_IP_RATELIMIT_BACKOFF 466 -#define VAR_RATELIMIT_BACKOFF 467 -#define VAR_SEND_CLIENT_SUBNET 468 -#define VAR_CLIENT_SUBNET_ZONE 469 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 470 -#define VAR_CLIENT_SUBNET_OPCODE 471 -#define VAR_MAX_CLIENT_SUBNET_IPV4 472 -#define VAR_MAX_CLIENT_SUBNET_IPV6 473 -#define VAR_MIN_CLIENT_SUBNET_IPV4 474 -#define VAR_MIN_CLIENT_SUBNET_IPV6 475 -#define VAR_MAX_ECS_TREE_SIZE_IPV4 476 -#define VAR_MAX_ECS_TREE_SIZE_IPV6 477 -#define VAR_CAPS_WHITELIST 478 -#define VAR_CACHE_MAX_NEGATIVE_TTL 479 -#define VAR_PERMIT_SMALL_HOLDDOWN 480 -#define VAR_CACHE_MIN_NEGATIVE_TTL 481 -#define VAR_QNAME_MINIMISATION 482 -#define VAR_QNAME_MINIMISATION_STRICT 483 -#define VAR_IP_FREEBIND 484 -#define VAR_DEFINE_TAG 485 -#define VAR_LOCAL_ZONE_TAG 486 -#define VAR_ACCESS_CONTROL_TAG 487 -#define VAR_LOCAL_ZONE_OVERRIDE 488 -#define VAR_ACCESS_CONTROL_TAG_ACTION 489 -#define VAR_ACCESS_CONTROL_TAG_DATA 490 -#define VAR_VIEW 491 -#define VAR_ACCESS_CONTROL_VIEW 492 -#define VAR_VIEW_FIRST 493 -#define VAR_SERVE_EXPIRED 494 -#define VAR_SERVE_EXPIRED_TTL 495 -#define VAR_SERVE_EXPIRED_TTL_RESET 496 -#define VAR_SERVE_EXPIRED_REPLY_TTL 497 -#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 498 -#define VAR_EDE_SERVE_EXPIRED 499 -#define VAR_SERVE_ORIGINAL_TTL 500 -#define VAR_FAKE_DSA 501 -#define VAR_FAKE_SHA1 502 -#define VAR_LOG_IDENTITY 503 -#define VAR_HIDE_TRUSTANCHOR 504 -#define VAR_HIDE_HTTP_USER_AGENT 505 -#define VAR_HTTP_USER_AGENT 506 -#define VAR_TRUST_ANCHOR_SIGNALING 507 -#define VAR_AGGRESSIVE_NSEC 508 -#define VAR_USE_SYSTEMD 509 -#define VAR_SHM_ENABLE 510 -#define VAR_SHM_KEY 511 -#define VAR_ROOT_KEY_SENTINEL 512 -#define VAR_DNSCRYPT 513 -#define VAR_DNSCRYPT_ENABLE 514 -#define VAR_DNSCRYPT_PORT 515 -#define VAR_DNSCRYPT_PROVIDER 516 -#define VAR_DNSCRYPT_SECRET_KEY 517 -#define VAR_DNSCRYPT_PROVIDER_CERT 518 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 519 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 520 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 521 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 522 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 523 -#define VAR_PAD_RESPONSES 524 -#define VAR_PAD_RESPONSES_BLOCK_SIZE 525 -#define VAR_PAD_QUERIES 526 -#define VAR_PAD_QUERIES_BLOCK_SIZE 527 -#define VAR_IPSECMOD_ENABLED 528 -#define VAR_IPSECMOD_HOOK 529 -#define VAR_IPSECMOD_IGNORE_BOGUS 530 -#define VAR_IPSECMOD_MAX_TTL 531 -#define VAR_IPSECMOD_WHITELIST 532 -#define VAR_IPSECMOD_STRICT 533 -#define VAR_CACHEDB 534 -#define VAR_CACHEDB_BACKEND 535 -#define VAR_CACHEDB_SECRETSEED 536 -#define VAR_CACHEDB_REDISHOST 537 -#define VAR_CACHEDB_REDISPORT 538 -#define VAR_CACHEDB_REDISTIMEOUT 539 -#define VAR_CACHEDB_REDISEXPIRERECORDS 540 -#define VAR_CACHEDB_REDISPATH 541 -#define VAR_CACHEDB_REDISPASSWORD 542 -#define VAR_CACHEDB_REDISLOGICALDB 543 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 544 -#define VAR_FOR_UPSTREAM 545 -#define VAR_AUTH_ZONE 546 -#define VAR_ZONEFILE 547 -#define VAR_MASTER 548 -#define VAR_URL 549 -#define VAR_FOR_DOWNSTREAM 550 -#define VAR_FALLBACK_ENABLED 551 -#define VAR_TLS_ADDITIONAL_PORT 552 -#define VAR_LOW_RTT 553 -#define VAR_LOW_RTT_PERMIL 554 -#define VAR_FAST_SERVER_PERMIL 555 -#define VAR_FAST_SERVER_NUM 556 -#define VAR_ALLOW_NOTIFY 557 -#define VAR_TLS_WIN_CERT 558 -#define VAR_TCP_CONNECTION_LIMIT 559 -#define VAR_ANSWER_COOKIE 560 -#define VAR_COOKIE_SECRET 561 -#define VAR_IP_RATELIMIT_COOKIE 562 -#define VAR_FORWARD_NO_CACHE 563 -#define VAR_STUB_NO_CACHE 564 -#define VAR_LOG_SERVFAIL 565 -#define VAR_DENY_ANY 566 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 567 -#define VAR_LOG_TAG_QUERYREPLY 568 -#define VAR_DISCARD_TIMEOUT 569 -#define VAR_WAIT_LIMIT 570 -#define VAR_WAIT_LIMIT_COOKIE 571 -#define VAR_WAIT_LIMIT_NETBLOCK 572 -#define VAR_WAIT_LIMIT_COOKIE_NETBLOCK 573 -#define VAR_STREAM_WAIT_SIZE 574 -#define VAR_TLS_CIPHERS 575 -#define VAR_TLS_CIPHERSUITES 576 -#define VAR_TLS_USE_SNI 577 -#define VAR_IPSET 578 -#define VAR_IPSET_NAME_V4 579 -#define VAR_IPSET_NAME_V6 580 -#define VAR_TLS_SESSION_TICKET_KEYS 581 -#define VAR_RPZ 582 -#define VAR_TAGS 583 -#define VAR_RPZ_ACTION_OVERRIDE 584 -#define VAR_RPZ_CNAME_OVERRIDE 585 -#define VAR_RPZ_LOG 586 -#define VAR_RPZ_LOG_NAME 587 -#define VAR_DYNLIB 588 -#define VAR_DYNLIB_FILE 589 -#define VAR_EDNS_CLIENT_STRING 590 -#define VAR_EDNS_CLIENT_STRING_OPCODE 591 -#define VAR_NSID 592 -#define VAR_ZONEMD_PERMISSIVE_MODE 593 -#define VAR_ZONEMD_CHECK 594 -#define VAR_ZONEMD_REJECT_ABSENCE 595 -#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 596 -#define VAR_INTERFACE_AUTOMATIC_PORTS 597 -#define VAR_EDE 598 -#define VAR_INTERFACE_ACTION 599 -#define VAR_INTERFACE_VIEW 600 -#define VAR_INTERFACE_TAG 601 -#define VAR_INTERFACE_TAG_ACTION 602 -#define VAR_INTERFACE_TAG_DATA 603 -#define VAR_PROXY_PROTOCOL_PORT 604 -#define VAR_STATISTICS_INHIBIT_ZERO 605 -#define VAR_HARDEN_UNKNOWN_ADDITIONAL 606 -#define VAR_DISABLE_EDNS_DO 607 -#define VAR_CACHEDB_NO_STORE 608 -#define VAR_LOG_DESTADDR 609 -#define VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED 610 +#define VAR_DNSTAP_SAMPLE_RATE 446 +#define VAR_RESPONSE_IP_TAG 447 +#define VAR_RESPONSE_IP 448 +#define VAR_RESPONSE_IP_DATA 449 +#define VAR_HARDEN_ALGO_DOWNGRADE 450 +#define VAR_IP_TRANSPARENT 451 +#define VAR_IP_DSCP 452 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 453 +#define VAR_IP_RATELIMIT 454 +#define VAR_IP_RATELIMIT_SLABS 455 +#define VAR_IP_RATELIMIT_SIZE 456 +#define VAR_RATELIMIT 457 +#define VAR_RATELIMIT_SLABS 458 +#define VAR_RATELIMIT_SIZE 459 +#define VAR_OUTBOUND_MSG_RETRY 460 +#define VAR_MAX_SENT_COUNT 461 +#define VAR_MAX_QUERY_RESTARTS 462 +#define VAR_RATELIMIT_FOR_DOMAIN 463 +#define VAR_RATELIMIT_BELOW_DOMAIN 464 +#define VAR_IP_RATELIMIT_FACTOR 465 +#define VAR_RATELIMIT_FACTOR 466 +#define VAR_IP_RATELIMIT_BACKOFF 467 +#define VAR_RATELIMIT_BACKOFF 468 +#define VAR_SEND_CLIENT_SUBNET 469 +#define VAR_CLIENT_SUBNET_ZONE 470 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 471 +#define VAR_CLIENT_SUBNET_OPCODE 472 +#define VAR_MAX_CLIENT_SUBNET_IPV4 473 +#define VAR_MAX_CLIENT_SUBNET_IPV6 474 +#define VAR_MIN_CLIENT_SUBNET_IPV4 475 +#define VAR_MIN_CLIENT_SUBNET_IPV6 476 +#define VAR_MAX_ECS_TREE_SIZE_IPV4 477 +#define VAR_MAX_ECS_TREE_SIZE_IPV6 478 +#define VAR_CAPS_WHITELIST 479 +#define VAR_CACHE_MAX_NEGATIVE_TTL 480 +#define VAR_PERMIT_SMALL_HOLDDOWN 481 +#define VAR_CACHE_MIN_NEGATIVE_TTL 482 +#define VAR_QNAME_MINIMISATION 483 +#define VAR_QNAME_MINIMISATION_STRICT 484 +#define VAR_IP_FREEBIND 485 +#define VAR_DEFINE_TAG 486 +#define VAR_LOCAL_ZONE_TAG 487 +#define VAR_ACCESS_CONTROL_TAG 488 +#define VAR_LOCAL_ZONE_OVERRIDE 489 +#define VAR_ACCESS_CONTROL_TAG_ACTION 490 +#define VAR_ACCESS_CONTROL_TAG_DATA 491 +#define VAR_VIEW 492 +#define VAR_ACCESS_CONTROL_VIEW 493 +#define VAR_VIEW_FIRST 494 +#define VAR_SERVE_EXPIRED 495 +#define VAR_SERVE_EXPIRED_TTL 496 +#define VAR_SERVE_EXPIRED_TTL_RESET 497 +#define VAR_SERVE_EXPIRED_REPLY_TTL 498 +#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 499 +#define VAR_EDE_SERVE_EXPIRED 500 +#define VAR_SERVE_ORIGINAL_TTL 501 +#define VAR_FAKE_DSA 502 +#define VAR_FAKE_SHA1 503 +#define VAR_LOG_IDENTITY 504 +#define VAR_HIDE_TRUSTANCHOR 505 +#define VAR_HIDE_HTTP_USER_AGENT 506 +#define VAR_HTTP_USER_AGENT 507 +#define VAR_TRUST_ANCHOR_SIGNALING 508 +#define VAR_AGGRESSIVE_NSEC 509 +#define VAR_USE_SYSTEMD 510 +#define VAR_SHM_ENABLE 511 +#define VAR_SHM_KEY 512 +#define VAR_ROOT_KEY_SENTINEL 513 +#define VAR_DNSCRYPT 514 +#define VAR_DNSCRYPT_ENABLE 515 +#define VAR_DNSCRYPT_PORT 516 +#define VAR_DNSCRYPT_PROVIDER 517 +#define VAR_DNSCRYPT_SECRET_KEY 518 +#define VAR_DNSCRYPT_PROVIDER_CERT 519 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 520 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 521 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 522 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 523 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 524 +#define VAR_PAD_RESPONSES 525 +#define VAR_PAD_RESPONSES_BLOCK_SIZE 526 +#define VAR_PAD_QUERIES 527 +#define VAR_PAD_QUERIES_BLOCK_SIZE 528 +#define VAR_IPSECMOD_ENABLED 529 +#define VAR_IPSECMOD_HOOK 530 +#define VAR_IPSECMOD_IGNORE_BOGUS 531 +#define VAR_IPSECMOD_MAX_TTL 532 +#define VAR_IPSECMOD_WHITELIST 533 +#define VAR_IPSECMOD_STRICT 534 +#define VAR_CACHEDB 535 +#define VAR_CACHEDB_BACKEND 536 +#define VAR_CACHEDB_SECRETSEED 537 +#define VAR_CACHEDB_REDISHOST 538 +#define VAR_CACHEDB_REDISPORT 539 +#define VAR_CACHEDB_REDISTIMEOUT 540 +#define VAR_CACHEDB_REDISEXPIRERECORDS 541 +#define VAR_CACHEDB_REDISPATH 542 +#define VAR_CACHEDB_REDISPASSWORD 543 +#define VAR_CACHEDB_REDISLOGICALDB 544 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 545 +#define VAR_FOR_UPSTREAM 546 +#define VAR_AUTH_ZONE 547 +#define VAR_ZONEFILE 548 +#define VAR_MASTER 549 +#define VAR_URL 550 +#define VAR_FOR_DOWNSTREAM 551 +#define VAR_FALLBACK_ENABLED 552 +#define VAR_TLS_ADDITIONAL_PORT 553 +#define VAR_LOW_RTT 554 +#define VAR_LOW_RTT_PERMIL 555 +#define VAR_FAST_SERVER_PERMIL 556 +#define VAR_FAST_SERVER_NUM 557 +#define VAR_ALLOW_NOTIFY 558 +#define VAR_TLS_WIN_CERT 559 +#define VAR_TCP_CONNECTION_LIMIT 560 +#define VAR_ANSWER_COOKIE 561 +#define VAR_COOKIE_SECRET 562 +#define VAR_IP_RATELIMIT_COOKIE 563 +#define VAR_FORWARD_NO_CACHE 564 +#define VAR_STUB_NO_CACHE 565 +#define VAR_LOG_SERVFAIL 566 +#define VAR_DENY_ANY 567 +#define VAR_UNKNOWN_SERVER_TIME_LIMIT 568 +#define VAR_LOG_TAG_QUERYREPLY 569 +#define VAR_DISCARD_TIMEOUT 570 +#define VAR_WAIT_LIMIT 571 +#define VAR_WAIT_LIMIT_COOKIE 572 +#define VAR_WAIT_LIMIT_NETBLOCK 573 +#define VAR_WAIT_LIMIT_COOKIE_NETBLOCK 574 +#define VAR_STREAM_WAIT_SIZE 575 +#define VAR_TLS_CIPHERS 576 +#define VAR_TLS_CIPHERSUITES 577 +#define VAR_TLS_USE_SNI 578 +#define VAR_IPSET 579 +#define VAR_IPSET_NAME_V4 580 +#define VAR_IPSET_NAME_V6 581 +#define VAR_TLS_SESSION_TICKET_KEYS 582 +#define VAR_RPZ 583 +#define VAR_TAGS 584 +#define VAR_RPZ_ACTION_OVERRIDE 585 +#define VAR_RPZ_CNAME_OVERRIDE 586 +#define VAR_RPZ_LOG 587 +#define VAR_RPZ_LOG_NAME 588 +#define VAR_DYNLIB 589 +#define VAR_DYNLIB_FILE 590 +#define VAR_EDNS_CLIENT_STRING 591 +#define VAR_EDNS_CLIENT_STRING_OPCODE 592 +#define VAR_NSID 593 +#define VAR_ZONEMD_PERMISSIVE_MODE 594 +#define VAR_ZONEMD_CHECK 595 +#define VAR_ZONEMD_REJECT_ABSENCE 596 +#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 597 +#define VAR_INTERFACE_AUTOMATIC_PORTS 598 +#define VAR_EDE 599 +#define VAR_INTERFACE_ACTION 600 +#define VAR_INTERFACE_VIEW 601 +#define VAR_INTERFACE_TAG 602 +#define VAR_INTERFACE_TAG_ACTION 603 +#define VAR_INTERFACE_TAG_DATA 604 +#define VAR_PROXY_PROTOCOL_PORT 605 +#define VAR_STATISTICS_INHIBIT_ZERO 606 +#define VAR_HARDEN_UNKNOWN_ADDITIONAL 607 +#define VAR_DISABLE_EDNS_DO 608 +#define VAR_CACHEDB_NO_STORE 609 +#define VAR_LOG_DESTADDR 610 +#define VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED 611 +#define VAR_COOKIE_SECRET_FILE 612 #ifndef YYSTYPE_DEFINED #define YYSTYPE_DEFINED typedef union { diff --git a/sbin/unwind/libunbound/util/configparser.y b/sbin/unwind/libunbound/util/configparser.y index 0feeb61b1..f201e66b3 100644 --- a/sbin/unwind/libunbound/util/configparser.y +++ b/sbin/unwind/libunbound/util/configparser.y @@ -137,6 +137,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES +%token VAR_DNSTAP_SAMPLE_RATE %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT %token VAR_IP_DSCP @@ -204,6 +205,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO %token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE %token VAR_LOG_DESTADDR VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED +%token VAR_COOKIE_SECRET_FILE %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -341,7 +343,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_interface_automatic_ports | server_ede | server_proxy_protocol_port | server_statistics_inhibit_zero | server_harden_unknown_additional | server_disable_edns_do | - server_log_destaddr + server_log_destaddr | server_cookie_secret_file ; stubstart: VAR_STUB_ZONE { @@ -357,8 +359,14 @@ stubstart: VAR_STUB_ZONE } } ; -contents_stub: contents_stub content_stub - | ; +contents_stub: content_stub contents_stub + | + { + /* stub end */ + if(cfg_parser->cfg->stubs && + !cfg_parser->cfg->stubs->name) + yyerror("stub-zone without name"); + }; content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first | stub_no_cache | stub_ssl_upstream | stub_tcp_upstream ; @@ -376,8 +384,14 @@ forwardstart: VAR_FORWARD_ZONE } } ; -contents_forward: contents_forward content_forward - | ; +contents_forward: content_forward contents_forward + | + { + /* forward end */ + if(cfg_parser->cfg->forwards && + !cfg_parser->cfg->forwards->name) + yyerror("forward-zone without name"); + }; content_forward: forward_name | forward_host | forward_addr | forward_first | forward_no_cache | forward_ssl_upstream | forward_tcp_upstream ; @@ -389,16 +403,20 @@ viewstart: VAR_VIEW s = (struct config_view*)calloc(1, sizeof(struct config_view)); if(s) { s->next = cfg_parser->cfg->views; - if(s->next && !s->next->name) - yyerror("view without name"); cfg_parser->cfg->views = s; } else { yyerror("out of memory"); } } ; -contents_view: contents_view content_view - | ; +contents_view: content_view contents_view + | + { + /* view end */ + if(cfg_parser->cfg->views && + !cfg_parser->cfg->views->name) + yyerror("view without name"); + }; content_view: view_name | view_local_zone | view_local_data | view_first | view_response_ip | view_response_ip_data | view_local_data_ptr ; @@ -3437,7 +3455,8 @@ content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional | dt_dnstap_log_client_query_messages | dt_dnstap_log_client_response_messages | dt_dnstap_log_forwarder_query_messages | - dt_dnstap_log_forwarder_response_messages + dt_dnstap_log_forwarder_response_messages | + dt_dnstap_sample_rate ; dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG { @@ -3601,6 +3620,17 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES free($2); } ; +dt_dnstap_sample_rate: VAR_DNSTAP_SAMPLE_RATE STRING_ARG + { + OUTYY(("P(dt_dnstap_sample_rate:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else if(atoi($2) < 0) + yyerror("dnstap sample rate too small"); + else cfg_parser->cfg->dnstap_sample_rate = atoi($2); + free($2); + } + ; pythonstart: VAR_PYTHON { OUTYY(("\nP(python:)\n")); @@ -3969,6 +3999,13 @@ server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG free($2); } ; +server_cookie_secret_file: VAR_COOKIE_SECRET_FILE STRING_ARG + { + OUTYY(("P(cookie_secret_file:%s)\n", $2)); + free(cfg_parser->cfg->cookie_secret_file); + cfg_parser->cfg->cookie_secret_file = $2; + } + ; ipsetstart: VAR_IPSET { OUTYY(("\nP(ipset:)\n")); diff --git a/sbin/unwind/libunbound/util/data/dname.h b/sbin/unwind/libunbound/util/data/dname.h index 62770b0f2..07bf0adac 100644 --- a/sbin/unwind/libunbound/util/data/dname.h +++ b/sbin/unwind/libunbound/util/data/dname.h @@ -225,7 +225,7 @@ int dname_strict_subdomain(uint8_t* d1, int labs1, uint8_t* d2, int labs2); int dname_strict_subdomain_c(uint8_t* d1, uint8_t* d2); /** - * Counts labels. Tests is d1 is a subdomain of d2. + * Counts labels. Tests if d1 is a subdomain of d2. * @param d1: domain name, uncompressed wireformat * @param d2: domain name, uncompressed wireformat * @return true if d1 is a subdomain of d2. diff --git a/sbin/unwind/libunbound/util/data/msgparse.c b/sbin/unwind/libunbound/util/data/msgparse.c index 037a673e8..76f1b8e46 100644 --- a/sbin/unwind/libunbound/util/data/msgparse.c +++ b/sbin/unwind/libunbound/util/data/msgparse.c @@ -947,7 +947,8 @@ parse_packet(sldns_buffer* pkt, struct msg_parse* msg, struct regional* region) static int parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, struct edns_data* edns, struct config_file* cfg, struct comm_point* c, - struct comm_reply* repinfo, uint32_t now, struct regional* region) + struct comm_reply* repinfo, uint32_t now, struct regional* region, + struct cookie_secrets* cookie_secrets) { /* To respond with a Keepalive option, the client connection must have * received one message with a TCP Keepalive EDNS option, and that @@ -1070,13 +1071,24 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, &((struct sockaddr_in6*)&repinfo->remote_addr)->sin6_addr, 16); } + if(cfg->cookie_secret_file && + cfg->cookie_secret_file[0]) { + /* Loop over the active and staging cookies. */ + cookie_val_status = + cookie_secrets_server_validate( + rdata_ptr, opt_len, cookie_secrets, + cookie_is_v4, server_cookie, now); + } else { + /* Use the cookie option value to validate. */ cookie_val_status = edns_cookie_server_validate( rdata_ptr, opt_len, cfg->cookie_secret, cfg->cookie_secret_len, cookie_is_v4, server_cookie, now); + } + if(cookie_val_status == COOKIE_STATUS_VALID_RENEW) + edns->cookie_valid = 1; switch(cookie_val_status) { case COOKIE_STATUS_VALID: - case COOKIE_STATUS_VALID_RENEW: edns->cookie_valid = 1; /* Reuse cookie */ if(!edns_opt_list_append( @@ -1091,13 +1103,30 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, break; case COOKIE_STATUS_CLIENT_ONLY: edns->cookie_client = 1; + ATTR_FALLTHROUGH /* fallthrough */ + case COOKIE_STATUS_VALID_RENEW: case COOKIE_STATUS_FUTURE: case COOKIE_STATUS_EXPIRED: case COOKIE_STATUS_INVALID: default: + if(cfg->cookie_secret_file && + cfg->cookie_secret_file[0]) { + if(!cookie_secrets) + break; + lock_basic_lock(&cookie_secrets->lock); + if(cookie_secrets->cookie_count < 1) { + lock_basic_unlock(&cookie_secrets->lock); + break; + } + edns_cookie_server_write(server_cookie, + cookie_secrets->cookie_secrets[0].cookie_secret, + cookie_is_v4, now); + lock_basic_unlock(&cookie_secrets->lock); + } else { edns_cookie_server_write(server_cookie, cfg->cookie_secret, cookie_is_v4, now); + } if(!edns_opt_list_append(&edns->opt_list_out, LDNS_EDNS_COOKIE, 24, server_cookie, region)) { @@ -1239,7 +1268,8 @@ skip_pkt_rrs(sldns_buffer* pkt, int num) int parse_edns_from_query_pkt(sldns_buffer* pkt, struct edns_data* edns, struct config_file* cfg, struct comm_point* c, - struct comm_reply* repinfo, time_t now, struct regional* region) + struct comm_reply* repinfo, time_t now, struct regional* region, + struct cookie_secrets* cookie_secrets) { size_t rdata_len; uint8_t* rdata_ptr; @@ -1285,7 +1315,7 @@ parse_edns_from_query_pkt(sldns_buffer* pkt, struct edns_data* edns, rdata_ptr = sldns_buffer_current(pkt); /* ignore rrsigs */ return parse_edns_options_from_query(rdata_ptr, rdata_len, edns, cfg, - c, repinfo, now, region); + c, repinfo, now, region, cookie_secrets); } void diff --git a/sbin/unwind/libunbound/util/data/msgparse.h b/sbin/unwind/libunbound/util/data/msgparse.h index bf63ad216..0fd99edd7 100644 --- a/sbin/unwind/libunbound/util/data/msgparse.h +++ b/sbin/unwind/libunbound/util/data/msgparse.h @@ -73,6 +73,7 @@ struct edns_option; struct config_file; struct comm_point; struct comm_reply; +struct cookie_secrets; /** number of buckets in parse rrset hash table. Must be power of 2. */ #define PARSE_TABLE_SIZE 32 @@ -322,12 +323,14 @@ int skip_pkt_rrs(struct sldns_buffer* pkt, int num); * @param repinfo: commreply to determine the client address * @param now: current time * @param region: region to alloc results in (edns option contents) + * @param cookie_secrets: the cookie secrets for EDNS COOKIE validation. * @return: 0 on success, or an RCODE on error. * RCODE formerr if OPT is badly formatted and so on. */ int parse_edns_from_query_pkt(struct sldns_buffer* pkt, struct edns_data* edns, struct config_file* cfg, struct comm_point* c, - struct comm_reply* repinfo, time_t now, struct regional* region); + struct comm_reply* repinfo, time_t now, struct regional* region, + struct cookie_secrets* cookie_secrets); /** * Calculate hash value for rrset in packet. diff --git a/sbin/unwind/libunbound/util/edns.c b/sbin/unwind/libunbound/util/edns.c index 2b4047f0b..ee95a6912 100644 --- a/sbin/unwind/libunbound/util/edns.c +++ b/sbin/unwind/libunbound/util/edns.c @@ -187,3 +187,189 @@ edns_cookie_server_validate(const uint8_t* cookie, size_t cookie_len, return COOKIE_STATUS_VALID_RENEW; return COOKIE_STATUS_VALID; } + +struct cookie_secrets* +cookie_secrets_create(void) +{ + struct cookie_secrets* cookie_secrets = calloc(1, + sizeof(*cookie_secrets)); + if(!cookie_secrets) + return NULL; + lock_basic_init(&cookie_secrets->lock); + lock_protect(&cookie_secrets->lock, &cookie_secrets->cookie_count, + sizeof(cookie_secrets->cookie_count)); + lock_protect(&cookie_secrets->lock, cookie_secrets->cookie_secrets, + sizeof(cookie_secret_type)*UNBOUND_COOKIE_HISTORY_SIZE); + return cookie_secrets; +} + +void +cookie_secrets_delete(struct cookie_secrets* cookie_secrets) +{ + if(!cookie_secrets) + return; + lock_basic_destroy(&cookie_secrets->lock); + explicit_bzero(cookie_secrets->cookie_secrets, + sizeof(cookie_secret_type)*UNBOUND_COOKIE_HISTORY_SIZE); + free(cookie_secrets); +} + +/** Read the cookie secret file */ +static int +cookie_secret_file_read(struct cookie_secrets* cookie_secrets, + char* cookie_secret_file) +{ + char secret[UNBOUND_COOKIE_SECRET_SIZE * 2 + 2/*'\n' and '\0'*/]; + FILE* f; + int corrupt = 0; + size_t count; + + log_assert(cookie_secret_file != NULL); + cookie_secrets->cookie_count = 0; + f = fopen(cookie_secret_file, "r"); + /* a non-existing cookie file is not an error */ + if( f == NULL ) { + if(errno != EPERM) { + log_err("Could not read cookie-secret-file '%s': %s", + cookie_secret_file, strerror(errno)); + return 0; + } + return 1; + } + /* cookie secret file exists and is readable */ + for( count = 0; count < UNBOUND_COOKIE_HISTORY_SIZE; count++ ) { + size_t secret_len = 0; + ssize_t decoded_len = 0; + if( fgets(secret, sizeof(secret), f) == NULL ) { break; } + secret_len = strlen(secret); + if( secret_len == 0 ) { break; } + log_assert( secret_len <= sizeof(secret) ); + secret_len = secret[secret_len - 1] == '\n' ? secret_len - 1 : secret_len; + if( secret_len != UNBOUND_COOKIE_SECRET_SIZE * 2 ) { corrupt++; break; } + /* needed for `hex_pton`; stripping potential `\n` */ + secret[secret_len] = '\0'; + decoded_len = hex_pton(secret, cookie_secrets->cookie_secrets[count].cookie_secret, + UNBOUND_COOKIE_SECRET_SIZE); + if( decoded_len != UNBOUND_COOKIE_SECRET_SIZE ) { corrupt++; break; } + cookie_secrets->cookie_count++; + } + fclose(f); + return corrupt == 0; +} + +int +cookie_secrets_apply_cfg(struct cookie_secrets* cookie_secrets, + char* cookie_secret_file) +{ + if(!cookie_secrets) { + if(!cookie_secret_file || !cookie_secret_file[0]) + return 1; /* There is nothing to read anyway */ + log_err("Could not read cookie secrets, no structure alloced"); + return 0; + } + if(!cookie_secret_file_read(cookie_secrets, cookie_secret_file)) + return 0; + return 1; +} + +enum edns_cookie_val_status +cookie_secrets_server_validate(const uint8_t* cookie, size_t cookie_len, + struct cookie_secrets* cookie_secrets, int v4, + const uint8_t* hash_input, uint32_t now) +{ + size_t i; + enum edns_cookie_val_status cookie_val_status, + last = COOKIE_STATUS_INVALID; + if(!cookie_secrets) + return COOKIE_STATUS_INVALID; /* There are no cookie secrets.*/ + lock_basic_lock(&cookie_secrets->lock); + if(cookie_secrets->cookie_count == 0) { + lock_basic_unlock(&cookie_secrets->lock); + return COOKIE_STATUS_INVALID; /* There are no cookie secrets.*/ + } + for(i=0; icookie_count; i++) { + cookie_val_status = edns_cookie_server_validate(cookie, + cookie_len, + cookie_secrets->cookie_secrets[i].cookie_secret, + UNBOUND_COOKIE_SECRET_SIZE, v4, hash_input, now); + if(cookie_val_status == COOKIE_STATUS_VALID || + cookie_val_status == COOKIE_STATUS_VALID_RENEW) { + lock_basic_unlock(&cookie_secrets->lock); + /* For staging cookies, write a fresh cookie. */ + if(i != 0) + return COOKIE_STATUS_VALID_RENEW; + return cookie_val_status; + } + if(last == COOKIE_STATUS_INVALID) + last = cookie_val_status; /* Store more interesting + failure to return. */ + } + lock_basic_unlock(&cookie_secrets->lock); + return last; +} + +void add_cookie_secret(struct cookie_secrets* cookie_secrets, + uint8_t* secret, size_t secret_len) +{ + log_assert(secret_len == UNBOUND_COOKIE_SECRET_SIZE); + (void)secret_len; + if(!cookie_secrets) + return; + + /* New cookie secret becomes the staging secret (position 1) + * unless there is no active cookie yet, then it becomes the active + * secret. If the UNBOUND_COOKIE_HISTORY_SIZE > 2 then all staging cookies + * are moved one position down. + */ + if(cookie_secrets->cookie_count == 0) { + memcpy( cookie_secrets->cookie_secrets->cookie_secret + , secret, UNBOUND_COOKIE_SECRET_SIZE); + cookie_secrets->cookie_count = 1; + explicit_bzero(secret, UNBOUND_COOKIE_SECRET_SIZE); + return; + } +#if UNBOUND_COOKIE_HISTORY_SIZE > 2 + memmove( &cookie_secrets->cookie_secrets[2], &cookie_secrets->cookie_secrets[1] + , sizeof(struct cookie_secret) * (UNBOUND_COOKIE_HISTORY_SIZE - 2)); +#endif + memcpy( cookie_secrets->cookie_secrets[1].cookie_secret + , secret, UNBOUND_COOKIE_SECRET_SIZE); + cookie_secrets->cookie_count = cookie_secrets->cookie_count < UNBOUND_COOKIE_HISTORY_SIZE + ? cookie_secrets->cookie_count + 1 : UNBOUND_COOKIE_HISTORY_SIZE; + explicit_bzero(secret, UNBOUND_COOKIE_SECRET_SIZE); +} + +void activate_cookie_secret(struct cookie_secrets* cookie_secrets) +{ + uint8_t active_secret[UNBOUND_COOKIE_SECRET_SIZE]; + if(!cookie_secrets) + return; + /* The staging secret becomes the active secret. + * The active secret becomes a staging secret. + * If the UNBOUND_COOKIE_HISTORY_SIZE > 2 then all staging secrets are moved + * one position up and the previously active secret becomes the last + * staging secret. + */ + if(cookie_secrets->cookie_count < 2) + return; + memcpy( active_secret, cookie_secrets->cookie_secrets[0].cookie_secret + , UNBOUND_COOKIE_SECRET_SIZE); + memmove( &cookie_secrets->cookie_secrets[0], &cookie_secrets->cookie_secrets[1] + , sizeof(struct cookie_secret) * (UNBOUND_COOKIE_HISTORY_SIZE - 1)); + memcpy( cookie_secrets->cookie_secrets[cookie_secrets->cookie_count - 1].cookie_secret + , active_secret, UNBOUND_COOKIE_SECRET_SIZE); + explicit_bzero(active_secret, UNBOUND_COOKIE_SECRET_SIZE); +} + +void drop_cookie_secret(struct cookie_secrets* cookie_secrets) +{ + if(!cookie_secrets) + return; + /* Drops a staging cookie secret. If there are more than one, it will + * drop the last staging secret. */ + if(cookie_secrets->cookie_count < 2) + return; + explicit_bzero( cookie_secrets->cookie_secrets[cookie_secrets->cookie_count - 1].cookie_secret + , UNBOUND_COOKIE_SECRET_SIZE); + cookie_secrets->cookie_count -= 1; +} diff --git a/sbin/unwind/libunbound/util/edns.h b/sbin/unwind/libunbound/util/edns.h index 5da0ecb29..47ccb1ad2 100644 --- a/sbin/unwind/libunbound/util/edns.h +++ b/sbin/unwind/libunbound/util/edns.h @@ -43,6 +43,7 @@ #define UTIL_EDNS_H #include "util/storage/dnstree.h" +#include "util/locks.h" struct edns_data; struct config_file; @@ -75,6 +76,31 @@ struct edns_string_addr { size_t string_len; }; +#define UNBOUND_COOKIE_HISTORY_SIZE 2 +#define UNBOUND_COOKIE_SECRET_SIZE 16 + +typedef struct cookie_secret cookie_secret_type; +struct cookie_secret { + /** cookie secret */ + uint8_t cookie_secret[UNBOUND_COOKIE_SECRET_SIZE]; +}; + +/** + * The cookie secrets from the cookie-secret-file. + */ +struct cookie_secrets { + /** lock on the structure, in case there are modifications + * from remote control, this avoids race conditions. */ + lock_basic_type lock; + + /** how many cookies are there in the cookies array */ + size_t cookie_count; + + /* keep track of the last `UNBOUND_COOKIE_HISTORY_SIZE` + * cookies as per rfc requirement .*/ + cookie_secret_type cookie_secrets[UNBOUND_COOKIE_HISTORY_SIZE]; +}; + enum edns_cookie_val_status { COOKIE_STATUS_CLIENT_ONLY = -3, COOKIE_STATUS_FUTURE = -2, @@ -165,4 +191,63 @@ enum edns_cookie_val_status edns_cookie_server_validate(const uint8_t* cookie, size_t cookie_len, const uint8_t* secret, size_t secret_len, int v4, const uint8_t* hash_input, uint32_t now); +/** + * Create the cookie secrets structure. + * @return the structure or NULL on failure. + */ +struct cookie_secrets* cookie_secrets_create(void); + +/** + * Delete the cookie secrets. + * @param cookie_secrets: the cookie secrets. + */ +void cookie_secrets_delete(struct cookie_secrets* cookie_secrets); + +/** + * Apply configuration to cookie secrets, read them from file. + * @param cookie_secrets: the cookie secrets structure. + * @param cookie_secret_file: the file name, it is read. + * @return false on failure. + */ +int cookie_secrets_apply_cfg(struct cookie_secrets* cookie_secrets, + char* cookie_secret_file); + +/** + * Validate the cookie secrets, try all of them. + * @param cookie: pointer to the cookie data. + * @param cookie_len: the length of the cookie data. + * @param cookie_secrets: struct of cookie secrets. + * @param v4: if the client IP is v4 or v6. + * @param hash_input: pointer to the hash input for validation. It needs to be: + * Client Cookie | Version | Reserved | Timestamp | Client-IP + * @param now: the current time. + * return edns_cookie_val_status with the cookie validation status i.e., + * <=0 for invalid, else valid. + */ +enum edns_cookie_val_status cookie_secrets_server_validate( + const uint8_t* cookie, size_t cookie_len, + struct cookie_secrets* cookie_secrets, int v4, + const uint8_t* hash_input, uint32_t now); + +/** + * Add a cookie secret. If there are no secrets yet, the secret will become + * the active secret. Otherwise it will become the staging secret. + * Active secrets are used to both verify and create new DNS Cookies. + * Staging secrets are only used to verify DNS Cookies. Caller has to lock. + */ +void add_cookie_secret(struct cookie_secrets* cookie_secrets, uint8_t* secret, + size_t secret_len); + +/** + * Makes the staging cookie secret active and the active secret staging. + * Caller has to lock. + */ +void activate_cookie_secret(struct cookie_secrets* cookie_secrets); + +/** + * Drop a cookie secret. Drops the staging secret. An active secret will not + * be dropped. Caller has to lock. + */ +void drop_cookie_secret(struct cookie_secrets* cookie_secrets); + #endif diff --git a/sbin/unwind/libunbound/util/fptr_wlist.c b/sbin/unwind/libunbound/util/fptr_wlist.c index 261acf7cb..4b63f00bc 100644 --- a/sbin/unwind/libunbound/util/fptr_wlist.c +++ b/sbin/unwind/libunbound/util/fptr_wlist.c @@ -448,6 +448,28 @@ fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id)) return 0; } +int +fptr_whitelist_mod_startup(int (*fptr)(struct module_env* env, int id)) +{ +#ifdef USE_IPSET + if(fptr == &ipset_startup) return 1; +#else + (void)fptr; +#endif + return 0; +} + +int +fptr_whitelist_mod_destartup(void (*fptr)(struct module_env* env, int id)) +{ +#ifdef USE_IPSET + if(fptr == &ipset_destartup) return 1; +#else + (void)fptr; +#endif + return 0; +} + int fptr_whitelist_mod_operate(void (*fptr)(struct module_qstate* qstate, enum module_ev event, int id, struct outbound_entry* outbound)) diff --git a/sbin/unwind/libunbound/util/fptr_wlist.h b/sbin/unwind/libunbound/util/fptr_wlist.h index 7a01620b7..027a490a2 100644 --- a/sbin/unwind/libunbound/util/fptr_wlist.h +++ b/sbin/unwind/libunbound/util/fptr_wlist.h @@ -278,6 +278,22 @@ int fptr_whitelist_mod_init(int (*fptr)(struct module_env* env, int id)); */ int fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id)); +/** + * Check function pointer whitelist for module startup call values. + * + * @param fptr: function pointer to check. + * @return false if not in whitelist. + */ +int fptr_whitelist_mod_startup(int (*fptr)(struct module_env* env, int id)); + +/** + * Check function pointer whitelist for module destartup call values. + * + * @param fptr: function pointer to check. + * @return false if not in whitelist. + */ +int fptr_whitelist_mod_destartup(void (*fptr)(struct module_env* env, int id)); + /** * Check function pointer whitelist for module operate call values. * diff --git a/sbin/unwind/libunbound/util/module.h b/sbin/unwind/libunbound/util/module.h index e4dd02df9..b496903c1 100644 --- a/sbin/unwind/libunbound/util/module.h +++ b/sbin/unwind/libunbound/util/module.h @@ -143,7 +143,7 @@ * also contain an rcode that is nonzero, but in this case additional * information (query, additional) can be passed along. * - * The rcode and dns_msg are used to pass the result from the the rightmost + * The rcode and dns_msg are used to pass the result from the rightmost * module towards the leftmost modules and then towards the user. * * If you want to avoid recursion-cycles where queries need other queries @@ -713,7 +713,28 @@ struct module_func_block { const char* name; /** - * init the module. Called once for the global state. + * Set up the module for start. This is called only once at startup. + * Privileged operations like opening device files may be done here. + * The function ptr can be NULL, if it is not used. + * @param env: module environment. + * @param id: module id number. + * return: 0 on error + */ + int (*startup)(struct module_env* env, int id); + + /** + * Close down the module for stop. This is called only once before + * shutdown to free resources allocated during startup(). + * Closing privileged ports or files must be done here. + * The function ptr can be NULL, if it is not used. + * @param env: module environment. + * @param id: module id number. + */ + void (*destartup)(struct module_env* env, int id); + + /** + * Initialise the module. Called when restarting or reloading the + * daemon. * This is the place to apply settings from the config file. * @param env: module environment. * @param id: module id number. @@ -722,7 +743,8 @@ struct module_func_block { int (*init)(struct module_env* env, int id); /** - * de-init, delete, the module. Called once for the global state. + * Deinitialise the module, undo stuff done during init(). + * Called before reloading the daemon. * @param env: module environment. * @param id: module id number. */ diff --git a/sbin/unwind/libunbound/util/net_help.c b/sbin/unwind/libunbound/util/net_help.c index d2d777ec1..702df0308 100644 --- a/sbin/unwind/libunbound/util/net_help.c +++ b/sbin/unwind/libunbound/util/net_help.c @@ -47,6 +47,7 @@ #ifdef HAVE_NETIOAPI_H #include #endif +#include #include "util/net_help.h" #include "util/log.h" #include "util/data/dname.h" @@ -862,6 +863,20 @@ addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen) return (memcmp(s, map_prefix, 12) == 0); } +int addr_is_ip6linklocal(struct sockaddr_storage* addr, socklen_t addrlen) +{ + const uint8_t prefix[2] = {0xfe, 0x80}; + int af = (int)((struct sockaddr_in6*)addr)->sin6_family; + void* sin6addr = &((struct sockaddr_in6*)addr)->sin6_addr; + uint8_t start[2]; + if(af != AF_INET6 || addrlen<(socklen_t)sizeof(struct sockaddr_in6)) + return 0; + /* Put the first 10 bits of sin6addr in start, match fe80::/10. */ + memmove(start, sin6addr, 2); + start[1] &= 0xc0; + return memcmp(start, prefix, 2) == 0; +} + int addr_is_broadcast(struct sockaddr_storage* addr, socklen_t addrlen) { int af = (int)((struct sockaddr_in*)addr)->sin_family; @@ -1206,7 +1221,7 @@ listen_sslctx_setup_2(void* ctxt) if(!SSL_CTX_set_ecdh_auto(ctx,1)) { log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE"); } -#elif defined(USE_ECDSA) +#elif defined(USE_ECDSA) && defined(HAVE_SSL_CTX_SET_TMP_ECDH) if(1) { EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); if (!ecdh) { @@ -1857,3 +1872,42 @@ sock_close(int socket) closesocket(socket); } # endif /* USE_WINSOCK */ + +ssize_t +hex_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) +{ + static char hexdigits[] = { + '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' + }; + size_t i; + + if (targsize < srclength * 2 + 1) { + return -1; + } + + for (i = 0; i < srclength; ++i) { + *target++ = hexdigits[src[i] >> 4U]; + *target++ = hexdigits[src[i] & 0xfU]; + } + *target = '\0'; + return 2 * srclength; +} + +ssize_t +hex_pton(const char* src, uint8_t* target, size_t targsize) +{ + uint8_t *t = target; + if(strlen(src) % 2 != 0 || strlen(src)/2 > targsize) { + return -1; + } + while(*src) { + if(!isxdigit((unsigned char)src[0]) || + !isxdigit((unsigned char)src[1])) + return -1; + *t++ = sldns_hexdigit_to_int(src[0]) * 16 + + sldns_hexdigit_to_int(src[1]) ; + src += 2; + } + return t-target; +} diff --git a/sbin/unwind/libunbound/util/net_help.h b/sbin/unwind/libunbound/util/net_help.h index a253c1923..fff7e3bcf 100644 --- a/sbin/unwind/libunbound/util/net_help.h +++ b/sbin/unwind/libunbound/util/net_help.h @@ -362,6 +362,14 @@ void addr_to_nat64(const struct sockaddr_storage* addr, */ int addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen); +/** + * See if sockaddr is an ipv6 fe80::/10 link local address. + * @param addr: address + * @param addrlen: length of address + * @return true if so + */ +int addr_is_ip6linklocal(struct sockaddr_storage* addr, socklen_t addrlen); + /** * See if sockaddr is 255.255.255.255. * @param addr: address @@ -564,4 +572,13 @@ char* sock_strerror(int errn); /** close the socket with close, or wsa closesocket */ void sock_close(int socket); +/** + * Convert binary data to a string of hexadecimal characters. + */ +ssize_t hex_ntop(uint8_t const *src, size_t srclength, char *target, + size_t targsize); + +/** Convert hexadecimal data to binary. */ +ssize_t hex_pton(const char* src, uint8_t* target, size_t targsize); + #endif /* NET_HELP_H */ diff --git a/sbin/unwind/libunbound/util/netevent.c b/sbin/unwind/libunbound/util/netevent.c index 980829d08..4c40c9c6c 100644 --- a/sbin/unwind/libunbound/util/netevent.c +++ b/sbin/unwind/libunbound/util/netevent.c @@ -329,6 +329,7 @@ udp_send_errno_needs_log(struct sockaddr* addr, socklen_t addrlen) case EACCES: if(verbosity < VERB_ALGO) return 0; + break; default: break; } @@ -2365,11 +2366,11 @@ recv_error: #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 1; - if(recv_initial) { #ifdef ECONNRESET if(errno == ECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ #endif + if(recv_initial) { #ifdef ECONNREFUSED if(errno == ECONNREFUSED && verbosity < 2) return 0; /* silence reset by peer */ @@ -2396,7 +2397,7 @@ recv_error: #endif #ifdef ENOTCONN if(errno == ENOTCONN) { - log_err_addr("read (in tcp s) failed and this " + log_err_addr("read (in tcp initial) failed and this " "could be because TCP Fast Open is " "enabled [--disable-tfo-client " "--disable-tfo-server] but does not " @@ -2430,8 +2431,9 @@ recv_error: return 1; } #endif - log_err_addr("read (in tcp s)", sock_strerror(errno), - &c->repinfo.remote_addr, c->repinfo.remote_addrlen); + log_err_addr((recv_initial?"read (in tcp initial)":"read (in tcp)"), + sock_strerror(errno), &c->repinfo.remote_addr, + c->repinfo.remote_addrlen); return 0; } @@ -3306,6 +3308,13 @@ void http2_stream_add_meshstate(struct http2_stream* h2_stream, h2_stream->mesh_state = m; } +void http2_stream_remove_mesh_state(struct http2_stream* h2_stream) +{ + if(!h2_stream) + return; + h2_stream->mesh_state = NULL; +} + /** delete http2 session server. After closing connection. */ static void http2_session_server_delete(struct http2_session* h2_session) { diff --git a/sbin/unwind/libunbound/util/netevent.h b/sbin/unwind/libunbound/util/netevent.h index 1e4a13f9b..6f43ce56c 100644 --- a/sbin/unwind/libunbound/util/netevent.h +++ b/sbin/unwind/libunbound/util/netevent.h @@ -955,6 +955,9 @@ void http2_session_add_stream(struct http2_session* h2_session, void http2_stream_add_meshstate(struct http2_stream* h2_stream, struct mesh_area* mesh, struct mesh_state* m); +/** Remove mesh state from stream. When the mesh state has been removed. */ +void http2_stream_remove_mesh_state(struct http2_stream* h2_stream); + /** * This routine is published for checks and tests, and is only used internally. * handle libevent callback for timer comm. diff --git a/sbin/unwind/libunbound/util/proxy_protocol.c b/sbin/unwind/libunbound/util/proxy_protocol.c index 08c4be7d7..ec1ccf76f 100644 --- a/sbin/unwind/libunbound/util/proxy_protocol.c +++ b/sbin/unwind/libunbound/util/proxy_protocol.c @@ -153,6 +153,7 @@ pp2_write_to_buf(uint8_t* buf, size_t buflen, break; #endif /* INET6 */ case AF_UNIX: + ATTR_FALLTHROUGH /* fallthrough */ default: return 0; diff --git a/sbin/unwind/libunbound/util/siphash.c b/sbin/unwind/libunbound/util/siphash.c index 32797dff6..a13657ccf 100644 --- a/sbin/unwind/libunbound/util/siphash.c +++ b/sbin/unwind/libunbound/util/siphash.c @@ -128,26 +128,32 @@ int siphash(const uint8_t *in, const size_t inlen, const uint8_t *k, case 7: b |= ((uint64_t)in[6]) << 48; /** EDIT annotate case statement fallthrough for gcc */ + ATTR_FALLTHROUGH /* fallthrough */ case 6: b |= ((uint64_t)in[5]) << 40; /** EDIT annotate case statement fallthrough for gcc */ + ATTR_FALLTHROUGH /* fallthrough */ case 5: b |= ((uint64_t)in[4]) << 32; /** EDIT annotate case statement fallthrough for gcc */ + ATTR_FALLTHROUGH /* fallthrough */ case 4: b |= ((uint64_t)in[3]) << 24; /** EDIT annotate case statement fallthrough for gcc */ + ATTR_FALLTHROUGH /* fallthrough */ case 3: b |= ((uint64_t)in[2]) << 16; /** EDIT annotate case statement fallthrough for gcc */ + ATTR_FALLTHROUGH /* fallthrough */ case 2: b |= ((uint64_t)in[1]) << 8; /** EDIT annotate case statement fallthrough for gcc */ + ATTR_FALLTHROUGH /* fallthrough */ case 1: b |= ((uint64_t)in[0]); diff --git a/sbin/unwind/libunbound/util/storage/lookup3.c b/sbin/unwind/libunbound/util/storage/lookup3.c index 7271445e9..328e75864 100644 --- a/sbin/unwind/libunbound/util/storage/lookup3.c +++ b/sbin/unwind/libunbound/util/storage/lookup3.c @@ -254,11 +254,15 @@ uint32_t initval) /* the previous hash, or an arbitrary value */ switch(length) /* all the case statements fall through */ { case 3 : c+=k[2]; + ATTR_FALLTHROUGH /* fallthrough */ case 2 : b+=k[1]; + ATTR_FALLTHROUGH /* fallthrough */ case 1 : a+=k[0]; final(a,b,c); + ATTR_FALLTHROUGH + /* fallthrough */ case 0: /* case 0: nothing left to add */ break; } @@ -304,9 +308,15 @@ uint32_t *pb) /* IN: more seed OUT: secondary hash value */ switch(length) /* all the case statements fall through */ { case 3 : c+=k[2]; + ATTR_FALLTHROUGH + /* fallthrough */ case 2 : b+=k[1]; + ATTR_FALLTHROUGH + /* fallthrough */ case 1 : a+=k[0]; final(a,b,c); + ATTR_FALLTHROUGH + /* fallthrough */ case 0: /* case 0: nothing left to add */ break; } @@ -404,16 +414,32 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval) switch(length) { case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ - case 10: c+=((uint32_t)k8[9])<<8; /* fall through */ - case 9 : c+=k8[8]; /* fall through */ + case 11: c+=((uint32_t)k8[10])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 10: c+=((uint32_t)k8[9])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 9 : c+=k8[8]; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ - case 6 : b+=((uint32_t)k8[5])<<8; /* fall through */ - case 5 : b+=k8[4]; /* fall through */ + case 7 : b+=((uint32_t)k8[6])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 6 : b+=((uint32_t)k8[5])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 5 : b+=k8[4]; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=k[0]; break; - case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ - case 2 : a+=((uint32_t)k8[1])<<8; /* fall through */ + case 3 : a+=((uint32_t)k8[2])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 2 : a+=((uint32_t)k8[1])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 1 : a+=k8[0]; break; case 0 : return c; } @@ -443,23 +469,33 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval) b+=k[2]+(((uint32_t)k[3])<<16); a+=k[0]+(((uint32_t)k[1])<<16); break; - case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ + case 11: c+=((uint32_t)k8[10])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 10: c+=k[4]; b+=k[2]+(((uint32_t)k[3])<<16); a+=k[0]+(((uint32_t)k[1])<<16); break; - case 9 : c+=k8[8]; /* fall through */ + case 9 : c+=k8[8]; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=k[2]+(((uint32_t)k[3])<<16); a+=k[0]+(((uint32_t)k[1])<<16); break; - case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ + case 7 : b+=((uint32_t)k8[6])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 6 : b+=k[2]; a+=k[0]+(((uint32_t)k[1])<<16); break; - case 5 : b+=k8[4]; /* fall through */ + case 5 : b+=k8[4]; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=k[0]+(((uint32_t)k[1])<<16); break; - case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ + case 3 : a+=((uint32_t)k8[2])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 2 : a+=k[0]; break; case 1 : a+=k8[0]; @@ -494,26 +530,37 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval) switch(length) /* all the case statements fall through */ { case 12: c+=((uint32_t)k[11])<<24; + ATTR_FALLTHROUGH /* fallthrough */ case 11: c+=((uint32_t)k[10])<<16; + ATTR_FALLTHROUGH /* fallthrough */ case 10: c+=((uint32_t)k[9])<<8; + ATTR_FALLTHROUGH /* fallthrough */ case 9 : c+=k[8]; + ATTR_FALLTHROUGH /* fallthrough */ case 8 : b+=((uint32_t)k[7])<<24; + ATTR_FALLTHROUGH /* fallthrough */ case 7 : b+=((uint32_t)k[6])<<16; + ATTR_FALLTHROUGH /* fallthrough */ case 6 : b+=((uint32_t)k[5])<<8; + ATTR_FALLTHROUGH /* fallthrough */ case 5 : b+=k[4]; + ATTR_FALLTHROUGH /* fallthrough */ case 4 : a+=((uint32_t)k[3])<<24; + ATTR_FALLTHROUGH /* fallthrough */ case 3 : a+=((uint32_t)k[2])<<16; + ATTR_FALLTHROUGH /* fallthrough */ case 2 : a+=((uint32_t)k[1])<<8; + ATTR_FALLTHROUGH /* fallthrough */ case 1 : a+=k[0]; break; @@ -603,16 +650,32 @@ void hashlittle2( switch(length) { case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ - case 10: c+=((uint32_t)k8[9])<<8; /* fall through */ - case 9 : c+=k8[8]; /* fall through */ + case 11: c+=((uint32_t)k8[10])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 10: c+=((uint32_t)k8[9])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 9 : c+=k8[8]; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ - case 6 : b+=((uint32_t)k8[5])<<8; /* fall through */ - case 5 : b+=k8[4]; /* fall through */ + case 7 : b+=((uint32_t)k8[6])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 6 : b+=((uint32_t)k8[5])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 5 : b+=k8[4]; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=k[0]; break; - case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ - case 2 : a+=((uint32_t)k8[1])<<8; /* fall through */ + case 3 : a+=((uint32_t)k8[2])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 2 : a+=((uint32_t)k8[1])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 1 : a+=k8[0]; break; case 0 : *pc=c; *pb=b; return; /* zero length strings require no mixing */ } @@ -642,23 +705,33 @@ void hashlittle2( b+=k[2]+(((uint32_t)k[3])<<16); a+=k[0]+(((uint32_t)k[1])<<16); break; - case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ + case 11: c+=((uint32_t)k8[10])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 10: c+=k[4]; b+=k[2]+(((uint32_t)k[3])<<16); a+=k[0]+(((uint32_t)k[1])<<16); break; - case 9 : c+=k8[8]; /* fall through */ + case 9 : c+=k8[8]; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=k[2]+(((uint32_t)k[3])<<16); a+=k[0]+(((uint32_t)k[1])<<16); break; - case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ + case 7 : b+=((uint32_t)k8[6])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 6 : b+=k[2]; a+=k[0]+(((uint32_t)k[1])<<16); break; - case 5 : b+=k8[4]; /* fall through */ + case 5 : b+=k8[4]; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=k[0]+(((uint32_t)k[1])<<16); break; - case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ + case 3 : a+=((uint32_t)k8[2])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 2 : a+=k[0]; break; case 1 : a+=k8[0]; @@ -693,16 +766,38 @@ void hashlittle2( switch(length) /* all the case statements fall through */ { case 12: c+=((uint32_t)k[11])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 11: c+=((uint32_t)k[10])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 10: c+=((uint32_t)k[9])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 9 : c+=k[8]; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=((uint32_t)k[7])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 7 : b+=((uint32_t)k[6])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 6 : b+=((uint32_t)k[5])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 5 : b+=k[4]; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=((uint32_t)k[3])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 3 : a+=((uint32_t)k[2])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 2 : a+=((uint32_t)k[1])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 1 : a+=k[0]; break; case 0 : *pc=c; *pb=b; return; /* zero length strings require no mixing */ @@ -784,16 +879,32 @@ uint32_t hashbig( const void *key, size_t length, uint32_t initval) switch(length) /* all the case statements fall through */ { case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=((uint32_t)k8[10])<<8; /* fall through */ - case 10: c+=((uint32_t)k8[9])<<16; /* fall through */ - case 9 : c+=((uint32_t)k8[8])<<24; /* fall through */ + case 11: c+=((uint32_t)k8[10])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 10: c+=((uint32_t)k8[9])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 9 : c+=((uint32_t)k8[8])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=((uint32_t)k8[6])<<8; /* fall through */ - case 6 : b+=((uint32_t)k8[5])<<16; /* fall through */ - case 5 : b+=((uint32_t)k8[4])<<24; /* fall through */ + case 7 : b+=((uint32_t)k8[6])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 6 : b+=((uint32_t)k8[5])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 5 : b+=((uint32_t)k8[4])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=k[0]; break; - case 3 : a+=((uint32_t)k8[2])<<8; /* fall through */ - case 2 : a+=((uint32_t)k8[1])<<16; /* fall through */ + case 3 : a+=((uint32_t)k8[2])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 2 : a+=((uint32_t)k8[1])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 1 : a+=((uint32_t)k8[0])<<24; break; case 0 : return c; } @@ -827,16 +938,38 @@ uint32_t hashbig( const void *key, size_t length, uint32_t initval) switch(length) /* all the case statements fall through */ { case 12: c+=k[11]; + ATTR_FALLTHROUGH + /* fallthrough */ case 11: c+=((uint32_t)k[10])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 10: c+=((uint32_t)k[9])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 9 : c+=((uint32_t)k[8])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=k[7]; + ATTR_FALLTHROUGH + /* fallthrough */ case 7 : b+=((uint32_t)k[6])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 6 : b+=((uint32_t)k[5])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 5 : b+=((uint32_t)k[4])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=k[3]; + ATTR_FALLTHROUGH + /* fallthrough */ case 3 : a+=((uint32_t)k[2])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 2 : a+=((uint32_t)k[1])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 1 : a+=((uint32_t)k[0])<<24; break; case 0 : return c; diff --git a/sbin/unwind/libunbound/validator/autotrust.c b/sbin/unwind/libunbound/validator/autotrust.c index 88171bb9f..4ad08e527 100644 --- a/sbin/unwind/libunbound/validator/autotrust.c +++ b/sbin/unwind/libunbound/validator/autotrust.c @@ -1266,12 +1266,13 @@ verify_dnskey(struct module_env* env, struct val_env* ve, struct trust_anchor* tp, struct ub_packed_rrset_key* rrset, struct module_qstate* qstate) { + char reasonbuf[256]; char* reason = NULL; uint8_t sigalg[ALGO_NEEDS_MAX+1]; int downprot = env->cfg->harden_algo_downgrade; enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, rrset, tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason, - NULL, qstate); + NULL, qstate, reasonbuf, sizeof(reasonbuf)); /* sigalg is ignored, it returns algorithms signalled to exist, but * in 5011 there are no other rrsets to check. if downprot is * enabled, then it checks that the DNSKEY is signed with all diff --git a/sbin/unwind/libunbound/validator/val_nsec.c b/sbin/unwind/libunbound/validator/val_nsec.c index a3aa34ef5..21ce7cd29 100644 --- a/sbin/unwind/libunbound/validator/val_nsec.c +++ b/sbin/unwind/libunbound/validator/val_nsec.c @@ -177,7 +177,7 @@ static int nsec_verify_rrset(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* nsec, struct key_entry_key* kkey, char** reason, sldns_ede_code* reason_bogus, - struct module_qstate* qstate) + struct module_qstate* qstate, char* reasonbuf, size_t reasonlen) { struct packed_rrset_data* d = (struct packed_rrset_data*) nsec->entry.data; @@ -189,7 +189,8 @@ nsec_verify_rrset(struct module_env* env, struct val_env* ve, if(d->security == sec_status_secure) return 1; d->security = val_verify_rrset_entry(env, ve, nsec, kkey, reason, - reason_bogus, LDNS_SECTION_AUTHORITY, qstate, &verified); + reason_bogus, LDNS_SECTION_AUTHORITY, qstate, &verified, + reasonbuf, reasonlen); if(d->security == sec_status_secure) { rrset_update_sec_status(env->rrset_cache, nsec, *env->now); return 1; @@ -201,7 +202,8 @@ enum sec_status val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, struct query_info* qinfo, struct reply_info* rep, struct key_entry_key* kkey, time_t* proof_ttl, char** reason, - sldns_ede_code* reason_bogus, struct module_qstate* qstate) + sldns_ede_code* reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen) { struct ub_packed_rrset_key* nsec = reply_find_rrset_section_ns( rep, qinfo->qname, qinfo->qname_len, LDNS_RR_TYPE_NSEC, @@ -219,7 +221,7 @@ val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, * 2) this is not a delegation point */ if(nsec) { if(!nsec_verify_rrset(env, ve, nsec, kkey, reason, - reason_bogus, qstate)) { + reason_bogus, qstate, reasonbuf, reasonlen)) { verbose(VERB_ALGO, "NSEC RRset for the " "referral did not verify."); return sec_status_bogus; @@ -250,7 +252,7 @@ val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, if(rep->rrsets[i]->rk.type != htons(LDNS_RR_TYPE_NSEC)) continue; if(!nsec_verify_rrset(env, ve, rep->rrsets[i], kkey, reason, - reason_bogus, qstate)) { + reason_bogus, qstate, reasonbuf, reasonlen)) { verbose(VERB_ALGO, "NSEC for empty non-terminal " "did not verify."); *reason = "NSEC for empty non-terminal " diff --git a/sbin/unwind/libunbound/validator/val_nsec.h b/sbin/unwind/libunbound/validator/val_nsec.h index 41f57c36e..5cf33276a 100644 --- a/sbin/unwind/libunbound/validator/val_nsec.h +++ b/sbin/unwind/libunbound/validator/val_nsec.h @@ -68,6 +68,8 @@ struct key_entry_key; * @param reason: string explaining why bogus. * @param reason_bogus: relevant EDE code for validation failure. * @param qstate: qstate with region. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return security status. * SECURE: proved absence of DS. * INSECURE: proved that this was not a delegation point. @@ -78,7 +80,7 @@ enum sec_status val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, struct query_info* qinfo, struct reply_info* rep, struct key_entry_key* kkey, time_t* proof_ttl, char** reason, sldns_ede_code* reason_bogus, - struct module_qstate* qstate); + struct module_qstate* qstate, char* reasonbuf, size_t reasonlen); /** * nsec typemap check, takes an NSEC-type bitmap as argument, checks for type. diff --git a/sbin/unwind/libunbound/validator/val_nsec3.c b/sbin/unwind/libunbound/validator/val_nsec3.c index 895db19ac..1e3515369 100644 --- a/sbin/unwind/libunbound/validator/val_nsec3.c +++ b/sbin/unwind/libunbound/validator/val_nsec3.c @@ -1445,7 +1445,7 @@ static int list_is_secure(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key** list, size_t num, struct key_entry_key* kkey, char** reason, sldns_ede_code *reason_bogus, - struct module_qstate* qstate) + struct module_qstate* qstate, char* reasonbuf, size_t reasonlen) { struct packed_rrset_data* d; size_t i; @@ -1461,7 +1461,7 @@ list_is_secure(struct module_env* env, struct val_env* ve, continue; d->security = val_verify_rrset_entry(env, ve, list[i], kkey, reason, reason_bogus, LDNS_SECTION_AUTHORITY, qstate, - &verified); + &verified, reasonbuf, reasonlen); if(d->security != sec_status_secure) { verbose(VERB_ALGO, "NSEC3 did not verify"); return 0; @@ -1476,7 +1476,7 @@ nsec3_prove_nods(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key** list, size_t num, struct query_info* qinfo, struct key_entry_key* kkey, char** reason, sldns_ede_code* reason_bogus, struct module_qstate* qstate, - struct nsec3_cache_table* ct) + struct nsec3_cache_table* ct, char* reasonbuf, size_t reasonlen) { struct nsec3_filter flt; struct ce_response ce; @@ -1491,7 +1491,8 @@ nsec3_prove_nods(struct module_env* env, struct val_env* ve, *reason = "no valid NSEC3s"; return sec_status_bogus; /* no valid NSEC3s, bogus */ } - if(!list_is_secure(env, ve, list, num, kkey, reason, reason_bogus, qstate)) { + if(!list_is_secure(env, ve, list, num, kkey, reason, reason_bogus, + qstate, reasonbuf, reasonlen)) { *reason = "not all NSEC3 records secure"; return sec_status_bogus; /* not all NSEC3 records secure */ } diff --git a/sbin/unwind/libunbound/validator/val_nsec3.h b/sbin/unwind/libunbound/validator/val_nsec3.h index 6874513d1..efcdb8d6e 100644 --- a/sbin/unwind/libunbound/validator/val_nsec3.h +++ b/sbin/unwind/libunbound/validator/val_nsec3.h @@ -210,6 +210,8 @@ nsec3_prove_wildcard(struct module_env* env, struct val_env* ve, * @param reason_bogus: EDE (RFC8914) code paired with the reason of failure. * @param qstate: qstate with region. * @param ct: cached hashes table. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return: * sec_status SECURE of the proposition is proven by the NSEC3 RRs, * BOGUS if not, INSECURE if all of the NSEC3s could be validly ignored. @@ -222,7 +224,7 @@ nsec3_prove_nods(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key** list, size_t num, struct query_info* qinfo, struct key_entry_key* kkey, char** reason, sldns_ede_code* reason_bogus, struct module_qstate* qstate, - struct nsec3_cache_table* ct); + struct nsec3_cache_table* ct, char* reasonbuf, size_t reasonlen); /** * Prove NXDOMAIN or NODATA. diff --git a/sbin/unwind/libunbound/validator/val_secalgo.c b/sbin/unwind/libunbound/validator/val_secalgo.c index d9c840d2e..9a8a84199 100644 --- a/sbin/unwind/libunbound/validator/val_secalgo.c +++ b/sbin/unwind/libunbound/validator/val_secalgo.c @@ -423,7 +423,10 @@ setup_dsa_sig(unsigned char** sig, unsigned int* len) if(!dsasig) return 0; #ifdef HAVE_DSA_SIG_SET0 - if(!DSA_SIG_set0(dsasig, R, S)) return 0; + if(!DSA_SIG_set0(dsasig, R, S)) { + DSA_SIG_free(dsasig); + return 0; + } #else # ifndef S_SPLINT_S dsasig->r = R; @@ -2057,11 +2060,13 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE); #endif /* double fallthrough annotation to please gcc parser */ + ATTR_FALLTHROUGH /* fallthrough */ #ifdef USE_SHA2 /* fallthrough */ case LDNS_RSASHA256: digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); + ATTR_FALLTHROUGH /* fallthrough */ case LDNS_RSASHA512: digest_size = (digest_size ? digest_size : SHA512_DIGEST_SIZE); @@ -2077,6 +2082,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, #ifdef USE_ECDSA case LDNS_ECDSAP256SHA256: digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); + ATTR_FALLTHROUGH /* fallthrough */ case LDNS_ECDSAP384SHA384: digest_size = (digest_size ? digest_size : SHA384_DIGEST_SIZE); diff --git a/sbin/unwind/libunbound/validator/val_sigcrypt.c b/sbin/unwind/libunbound/validator/val_sigcrypt.c index e17ac220b..dc17a2521 100644 --- a/sbin/unwind/libunbound/validator/val_sigcrypt.c +++ b/sbin/unwind/libunbound/validator/val_sigcrypt.c @@ -623,7 +623,8 @@ enum sec_status dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, uint8_t* sigalg, char** reason, sldns_ede_code *reason_bogus, - sldns_pkt_section section, struct module_qstate* qstate, int* verified) + sldns_pkt_section section, struct module_qstate* qstate, int* verified, + char* reasonbuf, size_t reasonlen) { enum sec_status sec; size_t i, num; @@ -680,7 +681,8 @@ dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve, verbose(VERB_ALGO, "rrset failed to verify: " "no valid signatures for %d algorithms", (int)algo_needs_num_missing(&needs)); - algo_needs_reason(env, alg, reason, "no signatures"); + algo_needs_reason(alg, reason, "no signatures", reasonbuf, + reasonlen); } else { verbose(VERB_ALGO, "rrset failed to verify: " "no valid signatures"); @@ -688,17 +690,16 @@ dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve, return sec_status_bogus; } -void algo_needs_reason(struct module_env* env, int alg, char** reason, char* s) +void algo_needs_reason(int alg, char** reason, char* s, char* reasonbuf, + size_t reasonlen) { - char buf[256]; sldns_lookup_table *t = sldns_lookup_by_id(sldns_algorithms, alg); if(t&&t->name) - snprintf(buf, sizeof(buf), "%s with algorithm %s", s, t->name); - else snprintf(buf, sizeof(buf), "%s with algorithm ALG%u", s, + snprintf(reasonbuf, reasonlen, "%s with algorithm %s", s, + t->name); + else snprintf(reasonbuf, reasonlen, "%s with algorithm ALG%u", s, (unsigned)alg); - *reason = regional_strdup(env->scratch, buf); - if(!*reason) - *reason = s; + *reason = reasonbuf; } enum sec_status diff --git a/sbin/unwind/libunbound/validator/val_sigcrypt.h b/sbin/unwind/libunbound/validator/val_sigcrypt.h index 06dea97e0..583e16e02 100644 --- a/sbin/unwind/libunbound/validator/val_sigcrypt.h +++ b/sbin/unwind/libunbound/validator/val_sigcrypt.h @@ -134,12 +134,14 @@ int algo_needs_missing(struct algo_needs* n); /** * Format error reason for algorithm missing. - * @param env: module env with scratch for temp storage of string. * @param alg: DNSKEY-algorithm missing. * @param reason: destination. * @param s: string, appended with 'with algorithm ..'. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. */ -void algo_needs_reason(struct module_env* env, int alg, char** reason, char* s); +void algo_needs_reason(int alg, char** reason, char* s, char* reasonbuf, + size_t reasonlen); /** * Check if dnskey matches a DS digest @@ -261,6 +263,8 @@ uint16_t dnskey_get_flags(struct ub_packed_rrset_key* k, size_t idx); * @param section: section of packet where this rrset comes from. * @param qstate: qstate with region. * @param verified: if not NULL the number of RRSIG validations is returned. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return SECURE if one key in the set verifies one rrsig. * UNCHECKED on allocation errors, unsupported algorithms, malformed data, * and BOGUS on verification failures (no keys match any signatures). @@ -269,8 +273,8 @@ enum sec_status dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, uint8_t* sigalg, char** reason, sldns_ede_code *reason_bogus, - sldns_pkt_section section, struct module_qstate* qstate, int* verified); - + sldns_pkt_section section, struct module_qstate* qstate, int* verified, + char* reasonbuf, size_t reasonlen); /** * verify rrset against one specific dnskey (from rrset) diff --git a/sbin/unwind/libunbound/validator/val_utils.c b/sbin/unwind/libunbound/validator/val_utils.c index 36aa745cb..ddcd36258 100644 --- a/sbin/unwind/libunbound/validator/val_utils.c +++ b/sbin/unwind/libunbound/validator/val_utils.c @@ -240,6 +240,26 @@ val_find_best_signer(struct ub_packed_rrset_key* rrset, } } +/** Detect if the, unsigned, CNAME is under a previous DNAME RR in the + * message, and thus it was generated from that previous DNAME. + */ +static int +cname_under_previous_dname(struct reply_info* rep, size_t cname_idx, + size_t* ret) +{ + size_t i; + for(i=0; irrsets[i]->rk.type) == LDNS_RR_TYPE_DNAME && + dname_strict_subdomain_c(rep->rrsets[cname_idx]-> + rk.dname, rep->rrsets[i]->rk.dname)) { + *ret = i; + return 1; + } + } + *ret = 0; + return 0; +} + void val_find_signer(enum val_classification subtype, struct query_info* qinf, struct reply_info* rep, size_t skip, uint8_t** signer_name, @@ -275,12 +295,19 @@ val_find_signer(enum val_classification subtype, struct query_info* qinf, *signer_name = NULL; *signer_len = 0; } else if(subtype == VAL_CLASS_CNAME) { + size_t j; /* check for the first signed cname/dname rrset */ for(i=skip; ian_numrrsets; i++) { val_find_rrset_signer(rep->rrsets[i], signer_name, signer_len); if(*signer_name) return; + if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_CNAME + && cname_under_previous_dname(rep, i, &j)) { + val_find_rrset_signer(rep->rrsets[j], + signer_name, signer_len); + return; + } if(ntohs(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_DNAME) break; /* only check CNAME after a DNAME */ } @@ -379,7 +406,7 @@ val_verify_rrset(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* keys, uint8_t* sigalg, char** reason, sldns_ede_code *reason_bogus, sldns_pkt_section section, struct module_qstate* qstate, - int *verified) + int *verified, char* reasonbuf, size_t reasonlen) { enum sec_status sec; struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> @@ -404,7 +431,7 @@ val_verify_rrset(struct module_env* env, struct val_env* ve, log_nametypeclass(VERB_ALGO, "verify rrset", rrset->rk.dname, ntohs(rrset->rk.type), ntohs(rrset->rk.rrset_class)); sec = dnskeyset_verify_rrset(env, ve, rrset, keys, sigalg, reason, - reason_bogus, section, qstate, verified); + reason_bogus, section, qstate, verified, reasonbuf, reasonlen); verbose(VERB_ALGO, "verify result: %s", sec_status_to_string(sec)); regional_free_all(env->scratch); @@ -439,7 +466,7 @@ val_verify_rrset_entry(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* rrset, struct key_entry_key* kkey, char** reason, sldns_ede_code *reason_bogus, sldns_pkt_section section, struct module_qstate* qstate, - int* verified) + int* verified, char* reasonbuf, size_t reasonlen) { /* temporary dnskey rrset-key */ struct ub_packed_rrset_key dnskey; @@ -453,7 +480,7 @@ val_verify_rrset_entry(struct module_env* env, struct val_env* ve, dnskey.entry.key = &dnskey; dnskey.entry.data = kd->rrset_data; sec = val_verify_rrset(env, ve, rrset, &dnskey, kd->algo, reason, - reason_bogus, section, qstate, verified); + reason_bogus, section, qstate, verified, reasonbuf, reasonlen); return sec; } @@ -463,7 +490,7 @@ verify_dnskeys_with_ds_rr(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ds_rrset, size_t ds_idx, char** reason, sldns_ede_code *reason_bogus, struct module_qstate* qstate, - int *nonechecked) + int *nonechecked, char* reasonbuf, size_t reasonlen) { enum sec_status sec = sec_status_bogus; size_t i, num, numchecked = 0, numhashok = 0, numsizesupp = 0; @@ -517,8 +544,8 @@ verify_dnskeys_with_ds_rr(struct module_env* env, struct val_env* ve, return sec_status_insecure; } if(numchecked == 0) { - algo_needs_reason(env, ds_get_key_algo(ds_rrset, ds_idx), - reason, "no keys have a DS"); + algo_needs_reason(ds_get_key_algo(ds_rrset, ds_idx), + reason, "no keys have a DS", reasonbuf, reasonlen); *nonechecked = 1; } else if(numhashok == 0) { *reason = "DS hash mismatches key"; @@ -549,7 +576,8 @@ enum sec_status val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason, - sldns_ede_code *reason_bogus, struct module_qstate* qstate) + sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen) { /* as long as this is false, we can consider this DS rrset to be * equivalent to no DS rrset. */ @@ -588,7 +616,7 @@ val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve, sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset, ds_rrset, i, reason, reason_bogus, qstate, - &nonechecked); + &nonechecked, reasonbuf, reasonlen); if(sec == sec_status_insecure) { /* DNSKEY too large unsupported or algo refused by * crypto lib. */ @@ -639,8 +667,8 @@ val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve, /* If any were understandable, then it is bad. */ verbose(VERB_QUERY, "Failed to match any usable DS to a DNSKEY."); if(sigalg && (alg=algo_needs_missing(&needs)) != 0) { - algo_needs_reason(env, alg, reason, "missing verification of " - "DNSKEY signature"); + algo_needs_reason(alg, reason, "missing verification of " + "DNSKEY signature", reasonbuf, reasonlen); } return sec_status_bogus; } @@ -649,12 +677,13 @@ struct key_entry_key* val_verify_new_DNSKEYs(struct regional* region, struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ds_rrset, int downprot, char** reason, - sldns_ede_code *reason_bogus, struct module_qstate* qstate) + sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen) { uint8_t sigalg[ALGO_NEEDS_MAX+1]; enum sec_status sec = val_verify_DNSKEY_with_DS(env, ve, dnskey_rrset, ds_rrset, downprot?sigalg:NULL, reason, - reason_bogus, qstate); + reason_bogus, qstate, reasonbuf, reasonlen); if(sec == sec_status_secure) { return key_entry_create_rrset(region, @@ -679,7 +708,8 @@ val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ta_ds, struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason, - sldns_ede_code *reason_bogus, struct module_qstate* qstate) + sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen) { /* as long as this is false, we can consider this anchor to be * equivalent to no anchor. */ @@ -730,7 +760,8 @@ val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, continue; sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset, - ta_ds, i, reason, reason_bogus, qstate, &nonechecked); + ta_ds, i, reason, reason_bogus, qstate, &nonechecked, + reasonbuf, reasonlen); if(sec == sec_status_insecure) { has_algo_refusal = 1; continue; @@ -810,8 +841,8 @@ val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, /* If any were understandable, then it is bad. */ verbose(VERB_QUERY, "Failed to match any usable anchor to a DNSKEY."); if(sigalg && (alg=algo_needs_missing(&needs)) != 0) { - algo_needs_reason(env, alg, reason, "missing verification of " - "DNSKEY signature"); + algo_needs_reason(alg, reason, "missing verification of " + "DNSKEY signature", reasonbuf, reasonlen); } return sec_status_bogus; } @@ -821,12 +852,14 @@ val_verify_new_DNSKEYs_with_ta(struct regional* region, struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ta_ds_rrset, struct ub_packed_rrset_key* ta_dnskey_rrset, int downprot, - char** reason, sldns_ede_code *reason_bogus, struct module_qstate* qstate) + char** reason, sldns_ede_code *reason_bogus, + struct module_qstate* qstate, char* reasonbuf, size_t reasonlen) { uint8_t sigalg[ALGO_NEEDS_MAX+1]; enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, dnskey_rrset, ta_ds_rrset, ta_dnskey_rrset, - downprot?sigalg:NULL, reason, reason_bogus, qstate); + downprot?sigalg:NULL, reason, reason_bogus, qstate, + reasonbuf, reasonlen); if(sec == sec_status_secure) { return key_entry_create_rrset(region, @@ -979,7 +1012,7 @@ void val_fill_reply(struct reply_info* chase, struct reply_info* orig, size_t skip, uint8_t* name, size_t len, uint8_t* signer) { - size_t i; + size_t i, j; int seen_dname = 0; chase->rrset_count = 0; chase->an_numrrsets = 0; @@ -1002,6 +1035,13 @@ val_fill_reply(struct reply_info* chase, struct reply_info* orig, LDNS_RR_TYPE_DNAME) { seen_dname = 1; } + } else if(ntohs(orig->rrsets[i]->rk.type) == LDNS_RR_TYPE_CNAME + && ((struct packed_rrset_data*)orig->rrsets[i]-> + entry.data)->rrsig_count == 0 && + cname_under_previous_dname(orig, i, &j) && + rrset_has_signer(orig->rrsets[j], name, len)) { + chase->rrsets[chase->an_numrrsets++] = orig->rrsets[j]; + chase->rrsets[chase->an_numrrsets++] = orig->rrsets[i]; } } /* AUTHORITY section */ diff --git a/sbin/unwind/libunbound/validator/val_utils.h b/sbin/unwind/libunbound/validator/val_utils.h index e2d5c3f5c..d9981aad1 100644 --- a/sbin/unwind/libunbound/validator/val_utils.h +++ b/sbin/unwind/libunbound/validator/val_utils.h @@ -125,13 +125,15 @@ void val_find_signer(enum val_classification subtype, * @param section: section of packet where this rrset comes from. * @param qstate: qstate with region. * @param verified: if not NULL, the number of RRSIG validations is returned. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return security status of verification. */ enum sec_status val_verify_rrset_entry(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* rrset, struct key_entry_key* kkey, char** reason, sldns_ede_code *reason_bogus, sldns_pkt_section section, struct module_qstate* qstate, - int* verified); + int* verified, char* reasonbuf, size_t reasonlen); /** * Verify DNSKEYs with DS rrset. Like val_verify_new_DNSKEYs but @@ -146,6 +148,8 @@ enum sec_status val_verify_rrset_entry(struct module_env* env, * @param reason: reason of failure. Fixed string or alloced in scratch. * @param reason_bogus: EDE (RFC8914) code paired with the reason of failure. * @param qstate: qstate with region. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return: sec_status_secure if a DS matches. * sec_status_insecure if end of trust (i.e., unknown algorithms). * sec_status_bogus if it fails. @@ -153,7 +157,8 @@ enum sec_status val_verify_rrset_entry(struct module_env* env, enum sec_status val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason, - sldns_ede_code *reason_bogus, struct module_qstate* qstate); + sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen); /** * Verify DNSKEYs with DS and DNSKEY rrset. Like val_verify_DNSKEY_with_DS @@ -169,6 +174,8 @@ enum sec_status val_verify_DNSKEY_with_DS(struct module_env* env, * @param reason: reason of failure. Fixed string or alloced in scratch. * @param reason_bogus: EDE (RFC8914) code paired with the reason of failure. * @param qstate: qstate with region. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return: sec_status_secure if a DS matches. * sec_status_insecure if end of trust (i.e., unknown algorithms). * sec_status_bogus if it fails. @@ -177,7 +184,8 @@ enum sec_status val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ta_ds, struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason, - sldns_ede_code *reason_bogus, struct module_qstate* qstate); + sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen); /** * Verify new DNSKEYs with DS rrset. The DS contains hash values that should @@ -194,6 +202,8 @@ enum sec_status val_verify_DNSKEY_with_TA(struct module_env* env, * @param reason: reason of failure. Fixed string or alloced in scratch. * @param reason_bogus: EDE (RFC8914) code paired with the reason of failure. * @param qstate: qstate with region. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return a KeyEntry. This will either contain the now trusted * dnskey_rrset, a "null" key entry indicating that this DS * rrset/DNSKEY pair indicate an secure end to the island of trust @@ -208,7 +218,8 @@ struct key_entry_key* val_verify_new_DNSKEYs(struct regional* region, struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ds_rrset, int downprot, char** reason, - sldns_ede_code *reason_bogus, struct module_qstate* qstate); + sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen); /** * Verify rrset with trust anchor: DS and DNSKEY rrset. @@ -224,6 +235,8 @@ struct key_entry_key* val_verify_new_DNSKEYs(struct regional* region, * @param reason: reason of failure. Fixed string or alloced in scratch. * @param reason_bogus: EDE (RFC8914) code paired with the reason of failure. * @param qstate: qstate with region. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return a KeyEntry. This will either contain the now trusted * dnskey_rrset, a "null" key entry indicating that this DS * rrset/DNSKEY pair indicate an secure end to the island of trust @@ -239,7 +252,8 @@ struct key_entry_key* val_verify_new_DNSKEYs_with_ta(struct regional* region, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ta_ds_rrset, struct ub_packed_rrset_key* ta_dnskey_rrset, int downprot, - char** reason, sldns_ede_code *reason_bogus, struct module_qstate* qstate); + char** reason, sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen); /** * Determine if DS rrset is usable for validator or not. diff --git a/sbin/unwind/libunbound/validator/validator.c b/sbin/unwind/libunbound/validator/validator.c index 4fe2cf0f3..be69b85e8 100644 --- a/sbin/unwind/libunbound/validator/validator.c +++ b/sbin/unwind/libunbound/validator/validator.c @@ -72,7 +72,8 @@ /* forward decl for cache response and normal super inform calls of a DS */ static void process_ds_response(struct module_qstate* qstate, struct val_qstate* vq, int id, int rcode, struct dns_msg* msg, - struct query_info* qinfo, struct sock_list* origin, int* suspend); + struct query_info* qinfo, struct sock_list* origin, int* suspend, + struct module_qstate* sub_qstate); /* Updates the suplied EDE (RFC8914) code selectively so we don't lose @@ -273,11 +274,17 @@ val_new_getmsg(struct module_qstate* qstate, struct val_qstate* vq) return NULL; if(vq->orig_msg->rep->rrset_count > RR_COUNT_MAX) return NULL; /* protect against integer overflow */ - vq->chase_reply->rrsets = regional_alloc_init(qstate->region, - vq->orig_msg->rep->rrsets, sizeof(struct ub_packed_rrset_key*) - * vq->orig_msg->rep->rrset_count); + /* Over allocate (+an_numrrsets) in case we need to put extra DNAME + * records for unsigned CNAME repetitions */ + vq->chase_reply->rrsets = regional_alloc(qstate->region, + sizeof(struct ub_packed_rrset_key*) * + (vq->orig_msg->rep->rrset_count + + vq->orig_msg->rep->an_numrrsets)); if(!vq->chase_reply->rrsets) return NULL; + memmove(vq->chase_reply->rrsets, vq->orig_msg->rep->rrsets, + sizeof(struct ub_packed_rrset_key*) * + vq->orig_msg->rep->rrset_count); vq->rrset_skip = 0; return vq; } @@ -640,6 +647,7 @@ validate_msg_signatures(struct module_qstate* qstate, struct val_qstate* vq, struct ub_packed_rrset_key* s; enum sec_status sec; int num_verifies = 0, verified, have_state = 0; + char reasonbuf[256]; char* reason = NULL; sldns_ede_code reason_bogus = LDNS_EDE_DNSSEC_BOGUS; *suspend = 0; @@ -675,7 +683,8 @@ validate_msg_signatures(struct module_qstate* qstate, struct val_qstate* vq, /* Verify the answer rrset */ sec = val_verify_rrset_entry(env, ve, s, key_entry, &reason, - &reason_bogus, LDNS_SECTION_ANSWER, qstate, &verified); + &reason_bogus, LDNS_SECTION_ANSWER, qstate, &verified, + reasonbuf, sizeof(reasonbuf)); /* If the (answer) rrset failed to validate, then this * message is BAD. */ if(sec != sec_status_secure) { @@ -720,7 +729,7 @@ validate_msg_signatures(struct module_qstate* qstate, struct val_qstate* vq, s = chase_reply->rrsets[i]; sec = val_verify_rrset_entry(env, ve, s, key_entry, &reason, &reason_bogus, LDNS_SECTION_AUTHORITY, qstate, - &verified); + &verified, reasonbuf, sizeof(reasonbuf)); /* If anything in the authority section fails to be secure, * we have a bad message. */ if(sec != sec_status_secure) { @@ -766,7 +775,7 @@ validate_msg_signatures(struct module_qstate* qstate, struct val_qstate* vq, if(sname && query_dname_compare(sname, key_entry->name)==0) (void)val_verify_rrset_entry(env, ve, s, key_entry, &reason, NULL, LDNS_SECTION_ADDITIONAL, qstate, - &verified); + &verified, reasonbuf, sizeof(reasonbuf)); /* the additional section can fail to be secure, * it is optional, check signature in case we need * to clean the additional section later. */ @@ -1462,9 +1471,9 @@ validate_any_response(struct module_env* env, struct val_env* ve, * DNAME+CNAME. Possible wildcard proof. * Difference with positive proof is that this routine refuses * wildcarded DNAMEs. - * + * * The answer and authority rrsets must already be verified as secure. - * + * * @param env: module env for verify. * @param ve: validator env for verify. * @param qchase: query that was made. @@ -2060,7 +2069,7 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id) verbose(VERB_ALGO, "Process suspended sub DS response"); msg = vq->sub_ds_msg; process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR, - msg, &msg->qinfo, NULL, &suspend); + msg, &msg->qinfo, NULL, &suspend, NULL); if(suspend) { /* we'll come back here later to continue */ if(!validate_suspend_setup_timer(qstate, vq, @@ -2076,7 +2085,7 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id) vq->key_entry->name)) ) { verbose(VERB_ALGO, "Process cached DS response"); process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR, - msg, &msg->qinfo, NULL, &suspend); + msg, &msg->qinfo, NULL, &suspend, NULL); if(suspend) { /* we'll come back here later to continue */ if(!validate_suspend_setup_timer(qstate, vq, @@ -2658,6 +2667,8 @@ val_operate(struct module_qstate* qstate, enum module_ev event, int id, * @param ta: trust anchor. * @param qstate: qstate that needs key. * @param id: module id. + * @param sub_qstate: the sub query state, that is the lookup that fetched + * the trust anchor data, it contains error information for the answer. * @return new key entry or NULL on allocation failure. * The key entry will either contain a validated DNSKEY rrset, or * represent a Null key (query failed, but validation did not), or a @@ -2665,31 +2676,38 @@ val_operate(struct module_qstate* qstate, enum module_ev event, int id, */ static struct key_entry_key* primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, - struct trust_anchor* ta, struct module_qstate* qstate, int id) + struct trust_anchor* ta, struct module_qstate* qstate, int id, + struct module_qstate* sub_qstate) { struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; struct key_entry_key* kkey = NULL; enum sec_status sec = sec_status_unchecked; + char reasonbuf[256]; char* reason = NULL; sldns_ede_code reason_bogus = LDNS_EDE_DNSSEC_BOGUS; int downprot = qstate->env->cfg->harden_algo_downgrade; if(!dnskey_rrset) { + char* err = errinf_to_str_misc(sub_qstate); + char rstr[1024]; log_nametypeclass(VERB_OPS, "failed to prime trust anchor -- " "could not fetch DNSKEY rrset", ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); reason_bogus = LDNS_EDE_DNSKEY_MISSING; - reason = "no DNSKEY rrset"; + if(!err) { + snprintf(rstr, sizeof(rstr), "no DNSKEY rrset"); + } else { + snprintf(rstr, sizeof(rstr), "no DNSKEY rrset " + "[%s]", err); + } if(qstate->env->cfg->harden_dnssec_stripped) { - errinf_ede(qstate, reason, reason_bogus); + errinf_ede(qstate, rstr, reason_bogus); kkey = key_entry_create_bad(qstate->region, ta->name, ta->namelen, ta->dclass, BOGUS_KEY_TTL, - reason_bogus, reason, - *qstate->env->now); + reason_bogus, rstr, *qstate->env->now); } else kkey = key_entry_create_null(qstate->region, ta->name, ta->namelen, ta->dclass, NULL_KEY_TTL, - reason_bogus, reason, - *qstate->env->now); + reason_bogus, rstr, *qstate->env->now); if(!kkey) { log_err("out of memory: allocate fail prime key"); return NULL; @@ -2699,7 +2717,7 @@ primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, /* attempt to verify with trust anchor DS and DNSKEY */ kkey = val_verify_new_DNSKEYs_with_ta(qstate->region, qstate->env, ve, dnskey_rrset, ta->ds_rrset, ta->dnskey_rrset, downprot, - &reason, &reason_bogus, qstate); + &reason, &reason_bogus, qstate, reasonbuf, sizeof(reasonbuf)); if(!kkey) { log_err("out of memory: verifying prime TA"); return NULL; @@ -2754,6 +2772,9 @@ primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, * DS response indicated an end to secure space, is_good if the DS * validated. It returns ke=NULL if the DS response indicated that the * request wasn't a delegation point. + * @param sub_qstate: the sub query state, that is the lookup that fetched + * the trust anchor data, it contains error information for the answer. + * Can be NULL. * @return * 0 on success, * 1 on servfail error (malloc failure), @@ -2762,9 +2783,10 @@ primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, static int ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, int id, int rcode, struct dns_msg* msg, struct query_info* qinfo, - struct key_entry_key** ke) + struct key_entry_key** ke, struct module_qstate* sub_qstate) { struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; + char reasonbuf[256]; char* reason = NULL; sldns_ede_code reason_bogus = LDNS_EDE_DNSSEC_BOGUS; enum val_classification subtype; @@ -2777,6 +2799,14 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, verbose(VERB_DETAIL, "DS response was error, thus bogus"); errinf(qstate, rc); reason = "no DS"; + if(sub_qstate) { + char* err = errinf_to_str_misc(sub_qstate); + if(err) { + char buf[1024]; + snprintf(buf, sizeof(buf), "[%s]", err); + errinf(qstate, buf); + } + } reason_bogus = LDNS_EDE_NETWORK_ERROR; errinf_ede(qstate, reason, reason_bogus); goto return_bogus; @@ -2799,7 +2829,9 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, /* Verify only returns BOGUS or SECURE. If the rrset is * bogus, then we are done. */ sec = val_verify_rrset_entry(qstate->env, ve, ds, - vq->key_entry, &reason, &reason_bogus, LDNS_SECTION_ANSWER, qstate, &verified); + vq->key_entry, &reason, &reason_bogus, + LDNS_SECTION_ANSWER, qstate, &verified, reasonbuf, + sizeof(reasonbuf)); if(sec != sec_status_secure) { verbose(VERB_DETAIL, "DS rrset in DS response did " "not verify"); @@ -2849,7 +2881,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, /* Try to prove absence of the DS with NSEC */ sec = val_nsec_prove_nodata_dsreply( qstate->env, ve, qinfo, msg->rep, vq->key_entry, - &proof_ttl, &reason, &reason_bogus, qstate); + &proof_ttl, &reason, &reason_bogus, qstate, + reasonbuf, sizeof(reasonbuf)); switch(sec) { case sec_status_secure: verbose(VERB_DETAIL, "NSEC RRset for the " @@ -2886,7 +2919,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, sec = nsec3_prove_nods(qstate->env, ve, msg->rep->rrsets + msg->rep->an_numrrsets, msg->rep->ns_numrrsets, qinfo, vq->key_entry, &reason, - &reason_bogus, qstate, &vq->nsec3_cache_table); + &reason_bogus, qstate, &vq->nsec3_cache_table, + reasonbuf, sizeof(reasonbuf)); switch(sec) { case sec_status_insecure: /* case insecure also continues to unsigned @@ -2953,7 +2987,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, } sec = val_verify_rrset_entry(qstate->env, ve, cname, vq->key_entry, &reason, &reason_bogus, - LDNS_SECTION_ANSWER, qstate, &verified); + LDNS_SECTION_ANSWER, qstate, &verified, reasonbuf, + sizeof(reasonbuf)); if(sec == sec_status_secure) { verbose(VERB_ALGO, "CNAME validated, " "proof that DS does not exist"); @@ -3002,11 +3037,15 @@ return_bogus: * @param origin: the origin of msg. * @param suspend: returned true if the task takes too long and needs to * suspend to continue the effort later. + * @param sub_qstate: the sub query state, that is the lookup that fetched + * the trust anchor data, it contains error information for the answer. + * Can be NULL. */ static void process_ds_response(struct module_qstate* qstate, struct val_qstate* vq, int id, int rcode, struct dns_msg* msg, struct query_info* qinfo, - struct sock_list* origin, int* suspend) + struct sock_list* origin, int* suspend, + struct module_qstate* sub_qstate) { struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; struct key_entry_key* dske = NULL; @@ -3014,7 +3053,8 @@ process_ds_response(struct module_qstate* qstate, struct val_qstate* vq, int ret; *suspend = 0; vq->empty_DS_name = NULL; - ret = ds_response_to_ke(qstate, vq, id, rcode, msg, qinfo, &dske); + ret = ds_response_to_ke(qstate, vq, id, rcode, msg, qinfo, &dske, + sub_qstate); if(ret != 0) { switch(ret) { case 1: @@ -3090,16 +3130,19 @@ process_ds_response(struct module_qstate* qstate, struct val_qstate* vq, * @param msg: result message (if rcode is OK). * @param qinfo: from the sub query state, query info. * @param origin: the origin of msg. + * @param sub_qstate: the sub query state, that is the lookup that fetched + * the trust anchor data, it contains error information for the answer. */ static void process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, int id, int rcode, struct dns_msg* msg, struct query_info* qinfo, - struct sock_list* origin) + struct sock_list* origin, struct module_qstate* sub_qstate) { struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; struct key_entry_key* old = vq->key_entry; struct ub_packed_rrset_key* dnskey = NULL; int downprot; + char reasonbuf[256]; char* reason = NULL; sldns_ede_code reason_bogus = LDNS_EDE_DNSSEC_BOGUS; @@ -3107,6 +3150,8 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, dnskey = reply_find_answer_rrset(qinfo, msg->rep); if(dnskey == NULL) { + char* err; + char rstr[1024]; /* bad response */ verbose(VERB_DETAIL, "Missing DNSKEY RRset in response to " "DNSKEY query."); @@ -3118,17 +3163,22 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, vq->restart_count++; return; } - reason = "No DNSKEY record"; + err = errinf_to_str_misc(sub_qstate); + if(!err) { + snprintf(rstr, sizeof(rstr), "No DNSKEY record"); + } else { + snprintf(rstr, sizeof(rstr), "No DNSKEY record " + "[%s]", err); + } reason_bogus = LDNS_EDE_DNSKEY_MISSING; vq->key_entry = key_entry_create_bad(qstate->region, qinfo->qname, qinfo->qname_len, qinfo->qclass, - BOGUS_KEY_TTL, reason_bogus, reason, - *qstate->env->now); + BOGUS_KEY_TTL, reason_bogus, rstr, *qstate->env->now); if(!vq->key_entry) { log_err("alloc failure in missing dnskey response"); /* key_entry is NULL for failure in Validate */ } - errinf_ede(qstate, reason, reason_bogus); + errinf_ede(qstate, rstr, reason_bogus); errinf_origin(qstate, origin); errinf_dname(qstate, "for key", qinfo->qname); vq->state = VAL_VALIDATE_STATE; @@ -3142,7 +3192,8 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, } downprot = qstate->env->cfg->harden_algo_downgrade; vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env, - ve, dnskey, vq->ds_rrset, downprot, &reason, &reason_bogus, qstate); + ve, dnskey, vq->ds_rrset, downprot, &reason, &reason_bogus, + qstate, reasonbuf, sizeof(reasonbuf)); if(!vq->key_entry) { log_err("out of memory in verify new DNSKEYs"); @@ -3192,10 +3243,13 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, * @param rcode: rcode result value. * @param msg: result message (if rcode is OK). * @param origin: the origin of msg. + * @param sub_qstate: the sub query state, that is the lookup that fetched + * the trust anchor data, it contains error information for the answer. */ static void process_prime_response(struct module_qstate* qstate, struct val_qstate* vq, - int id, int rcode, struct dns_msg* msg, struct sock_list* origin) + int id, int rcode, struct dns_msg* msg, struct sock_list* origin, + struct module_qstate* sub_qstate) { struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; struct ub_packed_rrset_key* dnskey_rrset = NULL; @@ -3227,7 +3281,8 @@ process_prime_response(struct module_qstate* qstate, struct val_qstate* vq, return; } } - vq->key_entry = primeResponseToKE(dnskey_rrset, ta, qstate, id); + vq->key_entry = primeResponseToKE(dnskey_rrset, ta, qstate, id, + sub_qstate); lock_basic_unlock(&ta->lock); if(vq->key_entry) { if(key_entry_isbad(vq->key_entry) @@ -3278,14 +3333,14 @@ val_inform_super(struct module_qstate* qstate, int id, if(vq->wait_prime_ta) { vq->wait_prime_ta = 0; process_prime_response(super, vq, id, qstate->return_rcode, - qstate->return_msg, qstate->reply_origin); + qstate->return_msg, qstate->reply_origin, qstate); return; } if(qstate->qinfo.qtype == LDNS_RR_TYPE_DS) { int suspend; process_ds_response(super, vq, id, qstate->return_rcode, qstate->return_msg, &qstate->qinfo, - qstate->reply_origin, &suspend); + qstate->reply_origin, &suspend, qstate); /* If NSEC3 was needed during validation, NULL the NSEC3 cache; * it will be re-initiated if needed later on. * Validation (and the cache table) are happening/allocated in @@ -3306,7 +3361,7 @@ val_inform_super(struct module_qstate* qstate, int id, } else if(qstate->qinfo.qtype == LDNS_RR_TYPE_DNSKEY) { process_dnskey_response(super, vq, id, qstate->return_rcode, qstate->return_msg, &qstate->qinfo, - qstate->reply_origin); + qstate->reply_origin, qstate); return; } log_err("internal error in validator: no inform_supers possible"); @@ -3344,8 +3399,8 @@ val_get_mem(struct module_env* env, int id) */ static struct module_func_block val_block = { "validator", - &val_init, &val_deinit, &val_operate, &val_inform_super, &val_clear, - &val_get_mem + NULL, NULL, &val_init, &val_deinit, &val_operate, &val_inform_super, + &val_clear, &val_get_mem }; struct module_func_block* diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile index 3d3ed3c51..fbef6aff9 100644 --- a/share/man/man4/Makefile +++ b/share/man/man4/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.850 2024/08/31 04:21:45 dlg Exp $ +# $OpenBSD: Makefile,v 1.851 2024/09/04 11:12:53 jsg Exp $ MAN= aac.4 abcrtc.4 abl.4 ac97.4 acphy.4 acrtc.4 \ acpi.4 acpiac.4 acpials.4 acpiasus.4 acpibat.4 \ @@ -72,7 +72,7 @@ MAN= aac.4 abcrtc.4 abl.4 ac97.4 acphy.4 acrtc.4 \ pcmcia.4 pcn.4 pcppi.4 pcscp.4 pcxrtc.4 pcyrtc.4 \ pf.4 pflog.4 pflow.4 pfsync.4 \ pgt.4 piixpm.4 pijuice.4 pinctrl.4 pipex.4 plgpio.4 plrtc.4 pluart.4 \ - pms.4 ppb.4 ppp.4 pppoe.4 pppx.4 psci.4 pty.4 puc.4 pvbus.4 \ + pms.4 ppb.4 ppp.4 pppoe.4 pppx.4 psci.4 psp.4 pty.4 puc.4 pvbus.4 \ pvclock.4 pwdog.4 pwmbl.4 pwmfan.4 pwmleds.4 pwmreg.4 \ qccpu.4 qcdwusb.4 qcgpio.4 qciic.4 qcpdc.4 qcpmic.4 qcpmicgpio.4 \ qcpon.4 qcpwm.4 qcrng.4 qcrtc.4 qcspmi.4 \ diff --git a/share/man/man4/ccp.4 b/share/man/man4/ccp.4 index eb957767c..3b33596d3 100644 --- a/share/man/man4/ccp.4 +++ b/share/man/man4/ccp.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ccp.4,v 1.5 2024/09/01 19:32:48 bluhm Exp $ +.\" $OpenBSD: ccp.4,v 1.6 2024/09/04 11:12:53 jsg Exp $ .\" .\" Copyright (c) 2018 David Gwynne .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 1 2024 $ +.Dd $Mdocdate: September 4 2024 $ .Dt CCP 4 .Os .Sh NAME @@ -33,14 +33,9 @@ The .Nm driver supports feeding output of the random number generator into the kernel entropy pool. -.Pp -On amd64 -.Nm -provides -.Xr ioctl 2 -access to the platform security processor (PSP). .Sh SEE ALSO .Xr intro 4 , +.Xr psp 4 , .Xr random 4 , .Xr arc4random 9 .Sh HISTORY @@ -54,5 +49,3 @@ The .Nm driver was written by .An David Gwynne Aq Mt dlg@openbsd.org . -PSP support was implemented by -.An Hans-Joerg Hoexer Aq Mt hshoexer@genua.de . diff --git a/share/man/man4/ddb.4 b/share/man/man4/ddb.4 index 690405108..6ca75c4d5 100644 --- a/share/man/man4/ddb.4 +++ b/share/man/man4/ddb.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ddb.4,v 1.107 2024/02/05 21:33:00 jmc Exp $ +.\" $OpenBSD: ddb.4,v 1.108 2024/09/05 08:52:27 bluhm Exp $ .\" $NetBSD: ddb.4,v 1.5 1994/11/30 16:22:09 jtc Exp $ .\" .\" Mach Operating System @@ -25,7 +25,7 @@ .\" any improvements or extensions that they make and grant Carnegie Mellon .\" the rights to redistribute these changes. .\" -.Dd $Mdocdate: February 5 2024 $ +.Dd $Mdocdate: September 5 2024 $ .Dt DDB 4 .Os .Sh NAME @@ -658,7 +658,11 @@ If the .Cm /f modifier is specified, the complete map is printed. .\" -------------------- -.It Ic show mbuf Ar addr +.It Xo +.Ic show mbuf +.Op Cm /cp +.Ar addr +.Xc Prints the .Vt struct mbuf header at @@ -668,6 +672,13 @@ Depending on the mbuf flags and .Vt struct m_ext are printed as well. +If the +.Cm /c +modifier is specified, print the mbuf chain linked with the m_next +pointer. +.Cm /p +does the same using m_nextpkt. +Both can be combined. .\" -------------------- .It Xo .Ic show mount diff --git a/share/man/man4/psp.4 b/share/man/man4/psp.4 new file mode 100644 index 000000000..dbe20f3f7 --- /dev/null +++ b/share/man/man4/psp.4 @@ -0,0 +1,54 @@ +.\" $OpenBSD: psp.4,v 1.2 2024/09/04 14:24:10 jsg Exp $ +.\" +.\" Copyright (c) 2024 Jonathan Gray +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: September 4 2024 $ +.Dt PSP 4 +.Os +.Sh NAME +.Nm psp +.Nd AMD Platform Security Processor +.Sh SYNOPSIS +.Cd "psp* at ccp?" +.Sh DESCRIPTION +The +.Nm +driver provides an interface to the AMD Platform Security Processor. +.Sh FILES +.Bl -tag -width /dev/psp +.It Pa /dev/psp +.El +.Sh SEE ALSO +.Xr ccp 4 , +.Xr vmd 8 +.Rs +.%T Secure Encrypted Virtualization API +.%O Publication #55766 +.Re +.Rs +.%T SEV Secure Nested Paging Firmware ABI Specification +.%O Publication #56860 +.Re +.Sh HISTORY +The +.Nm +device driver first appeared in +.Ox 7.6 . +.Sh AUTHORS +.An -nosplit +The +.Nm +driver was written by +.An Hans-Joerg Hoexer Aq Mt hshoexer@genua.de . diff --git a/share/man/man5/bsd.port.mk.5 b/share/man/man5/bsd.port.mk.5 index 075745e66..a78740249 100644 --- a/share/man/man5/bsd.port.mk.5 +++ b/share/man/man5/bsd.port.mk.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bsd.port.mk.5,v 1.646 2024/08/15 09:46:39 tb Exp $ +.\" $OpenBSD: bsd.port.mk.5,v 1.647 2024/09/04 09:07:03 sthen Exp $ .\" .\" Copyright (c) 2000-2008 Marc Espie .\" @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 15 2024 $ +.Dd $Mdocdate: September 4 2024 $ .Dt BSD.PORT.MK 5 .Os .Sh NAME @@ -1731,12 +1731,7 @@ checksummed and extracted (see .Cm checksum , .Cm extract ) . .Ev DISTFILES -normally holds a list of files, possibly with -.Sq :0 -to -.Sq :9 -appended to select a different -.Ev SITES . +normally holds a list of files. .Pp Preferably, adding a suffix to .Ev DISTFILES , diff --git a/share/man/man5/forward.5 b/share/man/man5/forward.5 deleted file mode 100644 index 1f3a06c97..000000000 --- a/share/man/man5/forward.5 +++ /dev/null @@ -1,65 +0,0 @@ -.\" $OpenBSD: forward.5,v 1.11 2015/12/28 23:30:59 mmcc Exp $ -.\" -.\" Copyright (c) 2001 Marco S. Hyman -.\" -.\" Permission to copy all or part of this material with or without -.\" modification for any purpose is granted provided that the above -.\" copyright notice and this paragraph are duplicated in all copies. -.\" -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -.\" -.Dd $Mdocdate: December 28 2015 $ -.Dt FORWARD 5 -.Os -.Sh NAME -.Nm forward -.Nd email forwarding information file -.Sh DESCRIPTION -Users may put a file named -.Pa .forward -in their home directory. -If this file exists, -.Xr sendmail 8 -(and sendmail-like mailers) will redirect mail for the user to the list of -addresses found in the -.Pa .forward -file. -.Pp -A -.Pa .forward -file contains one or more lines where each line is an email address -or the name of a private incoming mailer where incoming mail will be -forwarded. -Multiple entries may be specified on one line, comma separated. -Additionally, a copy of all mail may be retained -on the local machine using a -.Dq \euser -entry. -.Pp -.Pa .forward -files must not be group or world writable. -The user's home directory should not be group writable. -The -.Pa .forward -file must be owned by and readable by the indicated user. -.Sh FILES -.Bl -tag -width $HOME/.forward -compact -.It Pa $HOME/.forward -email forwarding information -.El -.Sh EXAMPLES -.Bd -literal -offset indent -# lines with # in the first column are ignored -# empty lines are ignored -# #@# with whitespace on both sides may be used to start a comment - -foo@bar.baz.com, \euser #@# is a comment anywhere -"| /usr/local/libexec/slocal -user foo" -.Ed -.Sh SEE ALSO -.Xr aliases 5 , -.Xr sendmail 8 -.Pp -.Lk http://www.sendmail.org/ diff --git a/share/man/man8/man8.amd64/MAKEDEV.8 b/share/man/man8/man8.amd64/MAKEDEV.8 index 53c8cc9b5..bff87f888 100644 --- a/share/man/man8/man8.amd64/MAKEDEV.8 +++ b/share/man/man8/man8.amd64/MAKEDEV.8 @@ -1,10 +1,10 @@ -.\" $OpenBSD: MAKEDEV.8,v 1.97 2023/01/14 12:19:11 kettenis Exp $ +.\" $OpenBSD: MAKEDEV.8,v 1.98 2024/09/04 13:45:25 jsg Exp $ .\" .\" THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. .\" generated from: .\" -.\" OpenBSD: etc.amd64/MAKEDEV.md,v 1.82 2023/01/14 12:15:12 kettenis Exp -.\" OpenBSD: MAKEDEV.common,v 1.119 2023/01/14 12:15:12 kettenis Exp +.\" OpenBSD: etc.amd64/MAKEDEV.md,v 1.83 2024/09/03 09:35:46 bluhm Exp +.\" OpenBSD: MAKEDEV.common,v 1.121 2024/09/03 09:35:46 bluhm Exp .\" OpenBSD: MAKEDEV.man,v 1.9 2017/06/06 08:11:23 tb Exp .\" OpenBSD: MAKEDEV.mansub,v 1.2 2004/02/20 19:13:01 miod Exp .\" @@ -23,7 +23,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: January 14 2023 $ +.Dd $Mdocdate: September 4 2024 $ .Dt MAKEDEV 8 amd64 .Os .Sh NAME @@ -299,6 +299,9 @@ paravirtual device tree root, see .It Ar kstat Kernel Statistics, see .Xr kstat 4 . +.It Ar psp +Platform Security Processor, see +.Xr psp 4 . .El .Sh FILES .Bl -tag -width /dev -compact diff --git a/share/tabset/Makefile b/share/tabset/Makefile index 687f9549c..61ff534fd 100644 --- a/share/tabset/Makefile +++ b/share/tabset/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.6 2024/08/23 15:13:58 nicm Exp $ +# $OpenBSD: Makefile,v 1.7 2024/09/04 14:18:36 deraadt Exp $ # from: @(#)Makefile 5.3 (Berkeley) 10/22/90 FILES= std stdcrt vt100 vt300 @@ -7,7 +7,7 @@ CLEANFILES+= ${FILES} all: ${FILES} ${FILES}: - sh ${.CURDIR}/gentabset.sh ${.CURDIR}/obj + sh ${.CURDIR}/gentabset.sh ${.OBJDIR} realinstall: ${FILES} install -c -o ${BINOWN} -g ${BINGRP} -m 444 ${FILES} \ diff --git a/sys/arch/amd64/amd64/conf.c b/sys/arch/amd64/amd64/conf.c index ddcb29aac..20aea88e6 100644 --- a/sys/arch/amd64/amd64/conf.c +++ b/sys/arch/amd64/amd64/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.81 2024/06/12 12:54:54 bluhm Exp $ */ +/* $OpenBSD: conf.c,v 1.82 2024/09/04 07:45:08 jsg Exp $ */ /* * Copyright (c) 1994, 1995 Charles M. Hannum. All rights reserved. @@ -152,8 +152,6 @@ cdev_decl(nvram); #include "drm.h" #include "viocon.h" cdev_decl(viocon); -#include "ccp.h" -cdev_decl(psp); #include "wsdisplay.h" #include "wskbd.h" @@ -292,7 +290,7 @@ struct cdevsw cdevsw[] = cdev_fido_init(NFIDO,fido), /* 98: FIDO/U2F security keys */ cdev_pppx_init(NPPPX,pppac), /* 99: PPP Access Concentrator */ cdev_ujoy_init(NUJOY,ujoy), /* 100: USB joystick/gamecontroller */ - cdev_psp_init(NCCP,psp), /* 101: PSP */ + cdev_psp_init(NPSP,psp), /* 101: PSP */ }; int nchrdev = nitems(cdevsw); diff --git a/sys/arch/amd64/amd64/trap.c b/sys/arch/amd64/amd64/trap.c index a40de9202..433db1be7 100644 --- a/sys/arch/amd64/amd64/trap.c +++ b/sys/arch/amd64/amd64/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.105 2024/02/21 15:53:07 deraadt Exp $ */ +/* $OpenBSD: trap.c,v 1.106 2024/09/04 07:54:51 mglocker Exp $ */ /* $NetBSD: trap.c,v 1.2 2003/05/04 23:51:56 fvdl Exp $ */ /*- @@ -182,7 +182,7 @@ upageflttrap(struct trapframe *frame, uint64_t cr2) int signal, sicode, error; /* - * If NX is not enabled, we cant distinguish between PROT_READ + * If NX is not enabled, we can't distinguish between PROT_READ * and PROT_EXEC access, so try both. */ error = uvm_fault(&p->p_vmspace->vm_map, va, 0, access_type); diff --git a/sys/arch/amd64/amd64/vmm_machdep.c b/sys/arch/amd64/amd64/vmm_machdep.c index 7e87ccc7d..04944d513 100644 --- a/sys/arch/amd64/amd64/vmm_machdep.c +++ b/sys/arch/amd64/amd64/vmm_machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm_machdep.c,v 1.34 2024/09/03 13:36:19 dv Exp $ */ +/* $OpenBSD: vmm_machdep.c,v 1.36 2024/09/04 16:12:40 dv Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -4181,7 +4181,8 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp) break; } if (!(exitinfo & VMX_EXIT_INFO_HAVE_REASON)) { - printf("%s: cant read exit reason\n", __func__); + printf("%s: can't read exit reason\n", + __func__); ret = EINVAL; break; } @@ -6281,7 +6282,8 @@ vmm_handle_cpuid(struct vcpu *vcpu) *rdx = 0; break; case 0x80000000: /* Extended function level */ - *rax = 0x8000001f; /* curcpu()->ci_pnfeatset */ + /* We don't emulate past 0x8000001f currently. */ + *rax = min(curcpu()->ci_pnfeatset, 0x8000001f); *rbx = 0; *rcx = 0; *rdx = 0; diff --git a/sys/arch/amd64/conf/GENERIC b/sys/arch/amd64/conf/GENERIC index 8711eb82b..f06a77c20 100644 --- a/sys/arch/amd64/conf/GENERIC +++ b/sys/arch/amd64/conf/GENERIC @@ -1,4 +1,4 @@ -# $OpenBSD: GENERIC,v 1.525 2024/08/14 14:40:45 patrick Exp $ +# $OpenBSD: GENERIC,v 1.526 2024/09/04 07:45:08 jsg Exp $ # # For further information on compiling SecBSD kernels, see the config(8) # man page. @@ -123,6 +123,7 @@ ksmn* at pci? # AMD K17 temperature sensor amas* at pci? disable # AMD memory configuration pchtemp* at pci? # Intel C610 temperature sensor ccp* at pci? # AMD Cryptographic Co-processor +psp* at ccp? # AMD Platform Security Processor # National Semiconductor LM7[89] and compatible hardware monitors lm0 at isa? port 0x290 diff --git a/sys/arch/amd64/conf/files.amd64 b/sys/arch/amd64/conf/files.amd64 index 0325062ef..01967be09 100644 --- a/sys/arch/amd64/conf/files.amd64 +++ b/sys/arch/amd64/conf/files.amd64 @@ -1,4 +1,4 @@ -# $OpenBSD: files.amd64,v 1.110 2024/09/03 00:23:05 jsg Exp $ +# $OpenBSD: files.amd64,v 1.111 2024/09/04 07:45:08 jsg Exp $ maxpartitions 16 maxusers 2 16 128 @@ -65,8 +65,6 @@ file arch/amd64/amd64/powernow-k8.c !small_kernel file arch/amd64/amd64/est.c !small_kernel file arch/amd64/amd64/k1x-pstate.c !small_kernel -file dev/ic/psp.c ccp - include "dev/rasops/files.rasops" include "dev/wsfont/files.wsfont" diff --git a/sys/arch/amd64/include/conf.h b/sys/arch/amd64/include/conf.h index 730a5b2c2..312187c0c 100644 --- a/sys/arch/amd64/include/conf.h +++ b/sys/arch/amd64/include/conf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.h,v 1.10 2024/09/01 17:13:46 bluhm Exp $ */ +/* $OpenBSD: conf.h,v 1.11 2024/09/04 07:45:08 jsg Exp $ */ /* $NetBSD: conf.h,v 1.2 1996/05/05 19:28:34 christos Exp $ */ /* @@ -55,5 +55,5 @@ cdev_decl(pctr); #include "vmm.h" cdev_decl(vmm); -#include "ccp.h" +#include "psp.h" cdev_decl(psp); diff --git a/sys/arch/i386/i386/trap.c b/sys/arch/i386/i386/trap.c index 73634e238..acba6dd57 100644 --- a/sys/arch/i386/i386/trap.c +++ b/sys/arch/i386/i386/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.164 2023/12/13 15:57:22 miod Exp $ */ +/* $OpenBSD: trap.c,v 1.165 2024/09/04 07:54:51 mglocker Exp $ */ /* $NetBSD: trap.c,v 1.95 1996/05/05 06:50:02 mycroft Exp $ */ /*- @@ -121,7 +121,7 @@ upageflttrap(struct trapframe *frame, uint32_t cr2) /* * cpu_pae is true if system has PAE + NX. - * If NX is not enabled, we cant distinguish between PROT_READ + * If NX is not enabled, we can't distinguish between PROT_READ * and PROT_EXEC access, so try both. */ error = uvm_fault(&p->p_vmspace->vm_map, va, 0, access_type); diff --git a/sys/conf/files b/sys/conf/files index f6efcb0d7..accdb2d98 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1,4 +1,4 @@ -# $OpenBSD: files,v 1.736 2024/08/31 04:17:14 dlg Exp $ +# $OpenBSD: files,v 1.737 2024/09/04 07:45:08 jsg Exp $ # $NetBSD: files,v 1.87 1996/05/19 17:17:50 jonathan Exp $ # @(#)files.newconf 7.5 (Berkeley) 5/10/93 @@ -470,9 +470,14 @@ device xhci: usbus file dev/usb/xhci.c xhci needs-flag # AMD Cryptographic Co-processor -device ccp +device ccp {} file dev/ic/ccp.c ccp needs-flag +# AMD Platform Security Processor +device psp +attach psp at ccp +file dev/ic/psp.c psp needs-flag + # SDHC SD/MMC controller define sdhc device sdhc: sdmmcbus diff --git a/sys/crypto/siphash.h b/sys/crypto/siphash.h index fa12be2cc..980adeb16 100644 --- a/sys/crypto/siphash.h +++ b/sys/crypto/siphash.h @@ -1,4 +1,4 @@ -/* $OpenBSD: siphash.h,v 1.5 2015/02/20 11:51:03 tedu Exp $ */ +/* $OpenBSD: siphash.h,v 1.6 2024/09/04 07:54:52 mglocker Exp $ */ /*- * Copyright (c) 2013 Andre Oppermann * All rights reserved. @@ -35,7 +35,7 @@ * optimized for speed on short messages returning a 64bit hash/digest value. * * The number of rounds is defined during the initialization: - * SipHash24_Init() for the fast and resonable strong version + * SipHash24_Init() for the fast and reasonably strong version * SipHash48_Init() for the strong version (half as fast) * * struct SIPHASH_CTX ctx; diff --git a/sys/ddb/db_command.c b/sys/ddb/db_command.c index 562053d11..1e129c2e0 100644 --- a/sys/ddb/db_command.c +++ b/sys/ddb/db_command.c @@ -1,4 +1,4 @@ -/* $OpenBSD: db_command.c,v 1.101 2024/05/13 01:15:50 jsg Exp $ */ +/* $OpenBSD: db_command.c,v 1.102 2024/09/05 08:52:27 bluhm Exp $ */ /* $NetBSD: db_command.c,v 1.20 1996/03/30 22:30:05 christos Exp $ */ /* @@ -340,7 +340,15 @@ db_malloc_print_cmd(db_expr_t addr, int have_addr, db_expr_t count, char *modif) void db_mbuf_print_cmd(db_expr_t addr, int have_addr, db_expr_t count, char *modif) { - m_print((void *)addr, db_printf); + if ((modif[0] == 'c' && modif[1] == 'p') || + (modif[0] == 'p' && modif[1] == 'c')) + m_print_packet((void *)addr, 1, db_printf); + else if (modif[0] == 'c') + m_print_chain((void *)addr, 0, db_printf); + else if (modif[0] == 'p') + m_print_packet((void *)addr, 0, db_printf); + else + m_print((void *)addr, db_printf); } void diff --git a/sys/ddb/db_elf.c b/sys/ddb/db_elf.c index 2eeb1835b..6b9281bbf 100644 --- a/sys/ddb/db_elf.c +++ b/sys/ddb/db_elf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: db_elf.c,v 1.32 2021/03/12 10:22:46 jsg Exp $ */ +/* $OpenBSD: db_elf.c,v 1.33 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: db_elf.c,v 1.13 2000/07/07 21:55:18 jhawk Exp $ */ /*- @@ -280,7 +280,7 @@ db_elf_sym_search(vaddr_t off, db_strategy_t strategy, db_expr_t *diffp) if (symp->st_name == 0) continue; #if 0 - /* This prevents me from seeing anythin in locore.s -- eeh */ + /* This prevents me from seeing anything in locore.s -- eeh */ if (ELF_SYM_TYPE(symp->st_info) != Elf_estt_object && ELF_SYM_TYPE(symp->st_info) != Elf_estt_func) continue; diff --git a/sys/ddb/db_interface.h b/sys/ddb/db_interface.h index cccec9ed6..bdde7ae34 100644 --- a/sys/ddb/db_interface.h +++ b/sys/ddb/db_interface.h @@ -1,4 +1,4 @@ -/* $OpenBSD: db_interface.h,v 1.27 2024/02/03 18:51:58 beck Exp $ */ +/* $OpenBSD: db_interface.h,v 1.28 2024/09/05 08:52:27 bluhm Exp $ */ /* $NetBSD: db_interface.h,v 1.1 1996/02/05 01:57:03 christos Exp $ */ /* @@ -61,6 +61,8 @@ void db_show_all_pools(db_expr_t, int, db_expr_t, char *); /* kern/uipc_mbuf.c */ void m_print(void *, int (*)(const char *, ...)); +void m_print_chain(void *, int, int (*)(const char *, ...)); +void m_print_packet(void *, int, int (*)(const char *, ...)); /* kern/uipc_socket.c */ void so_print(void *, int (*)(const char *, ...)); diff --git a/sys/dev/acpi/acpi.c b/sys/dev/acpi/acpi.c index 5da2524cb..46b09fcf1 100644 --- a/sys/dev/acpi/acpi.c +++ b/sys/dev/acpi/acpi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: acpi.c,v 1.438 2024/08/18 02:53:08 deraadt Exp $ */ +/* $OpenBSD: acpi.c,v 1.439 2024/09/04 21:39:18 hastings Exp $ */ /* * Copyright (c) 2005 Thorsten Lockert * Copyright (c) 2005 Jordan Hargrave @@ -3249,7 +3249,6 @@ acpi_foundhid(struct aml_node *node, void *arg) aaa.aaa_node = node->parent; aaa.aaa_dev = dev; aaa.aaa_cdev = cdev; - acpi_parse_crs(sc, &aaa); #ifndef SMALL_KERNEL if (!strcmp(cdev, ACPI_DEV_MOUSE)) { @@ -3266,6 +3265,8 @@ acpi_foundhid(struct aml_node *node, void *arg) acpi_matchhids(&aaa, acpi_isa_hids, "none")) return (0); + acpi_parse_crs(sc, &aaa); + aaa.aaa_dmat = acpi_iommu_device_map(node->parent, aaa.aaa_dmat); if (!node->parent->attached) { diff --git a/sys/dev/acpi/atk0110.c b/sys/dev/acpi/atk0110.c index d4baa8452..a3d0e374a 100644 --- a/sys/dev/acpi/atk0110.c +++ b/sys/dev/acpi/atk0110.c @@ -1,4 +1,4 @@ -/* $OpenBSD: atk0110.c,v 1.19 2022/04/06 18:59:27 naddy Exp $ */ +/* $OpenBSD: atk0110.c,v 1.20 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2009 Constantine A. Murenin @@ -215,7 +215,7 @@ aibs_attach_sif(struct aibs_softc *sc, enum sensor_type st) aml_freevalue(&res); return; } else if (res.length - 1 > n) { - printf("%s: %s: misformed package: %i/%i", + printf("%s: %s: malformed package: %i/%i", DEVNAME(sc), name, n, res.length - 1); #ifdef AIBS_MORE_SENSORS n = res.length - 1; diff --git a/sys/dev/ata/atascsi.c b/sys/dev/ata/atascsi.c index 24d60fedf..b2e5e9e0f 100644 --- a/sys/dev/ata/atascsi.c +++ b/sys/dev/ata/atascsi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: atascsi.c,v 1.155 2024/05/26 10:01:01 jsg Exp $ */ +/* $OpenBSD: atascsi.c,v 1.156 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2007 David Gwynne @@ -418,7 +418,7 @@ atascsi_probe(struct scsi_link *link) xa->pmp_port = ap->ap_pmp_port; xa->atascsi_private = &ahp->ahp_iopool; ata_exec(as, xa); - ata_polled(xa); /* we dont care if it doesnt work */ + ata_polled(xa); /* we don't care if it doesn't work */ return (0); error: @@ -1797,7 +1797,7 @@ ata_polled(struct ata_xfer *xa) int rv; if (!ISSET(xa->flags, ATA_F_DONE)) - panic("ata_polled: xa isnt complete"); + panic("ata_polled: xa isn't complete"); switch (xa->state) { case ATA_S_COMPLETE: diff --git a/sys/dev/cardbus/com_cardbus.c b/sys/dev/cardbus/com_cardbus.c index b3346d257..7dcc560a3 100644 --- a/sys/dev/cardbus/com_cardbus.c +++ b/sys/dev/cardbus/com_cardbus.c @@ -1,4 +1,4 @@ -/* $OpenBSD: com_cardbus.c,v 1.45 2024/05/24 06:26:47 jsg Exp $ */ +/* $OpenBSD: com_cardbus.c,v 1.46 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: com_cardbus.c,v 1.4 2000/04/17 09:21:59 joda Exp $ */ /* @@ -36,7 +36,7 @@ /* This is a driver for CardBus based serial devices. It is less generic than it could be, but it keeps the complexity down. So far it assumes that anything that reports itself as a `serial' device - is infact a 16x50 or 8250, which is not necessarily true (in + is in fact a 16x50 or 8250, which is not necessarily true (in practice this shouldn't be a problem). It also does not handle devices in the `multiport serial' or `modem' sub-classes, I've never seen any of these, so I don't know what they might look like. diff --git a/sys/dev/i2c/i2c_scan.c b/sys/dev/i2c/i2c_scan.c index d39271383..0218cd846 100644 --- a/sys/dev/i2c/i2c_scan.c +++ b/sys/dev/i2c/i2c_scan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: i2c_scan.c,v 1.146 2019/12/16 19:17:04 claudio Exp $ */ +/* $OpenBSD: i2c_scan.c,v 1.147 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2005 Theo de Raadt @@ -657,7 +657,7 @@ iic_probe_sensor(struct device *self, u_int8_t addr) (iicprobe(0x03) & 0x3f) == 0x00 && iicprobe(0x04) <= 0x08) /* * Genesys Logic doesn't make the datasheet - * for the GL523SM publically available, so + * for the GL523SM publicly available, so * the checks above are nothing more than a * (conservative) educated guess. */ diff --git a/sys/dev/ic/ahci.c b/sys/dev/ic/ahci.c index 0f7ac5dec..bd3fdbe7c 100644 --- a/sys/dev/ic/ahci.c +++ b/sys/dev/ic/ahci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ahci.c,v 1.41 2024/05/28 01:37:53 jsg Exp $ */ +/* $OpenBSD: ahci.c,v 1.42 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2006 David Gwynne @@ -268,7 +268,7 @@ noccc: sc->sc_ncmds = max(2, sc->sc_ncmds); for (i = 0; i < AHCI_MAX_PORTS; i++) { if (!ISSET(pi, 1U << i)) { - /* dont allocate stuff if the port isnt implemented */ + /* don't allocate stuff if the port isn't implemented */ continue; } diff --git a/sys/dev/ic/aic6360.c b/sys/dev/ic/aic6360.c index b6477552a..dd4efb32c 100644 --- a/sys/dev/ic/aic6360.c +++ b/sys/dev/ic/aic6360.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aic6360.c,v 1.40 2022/04/16 19:19:58 naddy Exp $ */ +/* $OpenBSD: aic6360.c,v 1.41 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: aic6360.c,v 1.52 1996/12/10 21:27:51 thorpej Exp $ */ #ifdef DDB @@ -69,7 +69,7 @@ */ /* Use doubleword transfers to/from SCSI chip. Note: This requires - * motherboard support. Basicly, some motherboard chipsets are able to + * motherboard support. Basically, some motherboard chipsets are able to * split a 32 bit I/O operation into two 16 bit I/O operations, * transparently to the processor. This speeds up some things, notably long * data transfers. diff --git a/sys/dev/ic/aic6360var.h b/sys/dev/ic/aic6360var.h index 3ee5ff8dd..0ba60af7a 100644 --- a/sys/dev/ic/aic6360var.h +++ b/sys/dev/ic/aic6360var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: aic6360var.h,v 1.10 2020/07/22 13:16:04 krw Exp $ */ +/* $OpenBSD: aic6360var.h,v 1.11 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: aic6360.c,v 1.52 1996/12/10 21:27:51 thorpej Exp $ */ /* @@ -68,7 +68,7 @@ struct aic_dma_seg { /* * ACB. Holds additional information for each SCSI command Comments: We * need a separate scsi command block because we may need to overwrite it - * with a request sense command. Basicly, we refrain from fiddling with + * with a request sense command. Basically, we refrain from fiddling with * the scsi_xfer struct (except do the expected updating of return values). * We'll generally update: xs->{flags,resid,error,sense,status} and * occasionally xs->retries. diff --git a/sys/dev/ic/aic79xx.c b/sys/dev/ic/aic79xx.c index 6ad091f3a..e4fab4b96 100644 --- a/sys/dev/ic/aic79xx.c +++ b/sys/dev/ic/aic79xx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aic79xx.c,v 1.68 2024/09/01 03:08:56 jsg Exp $ */ +/* $OpenBSD: aic79xx.c,v 1.69 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2004 Milos Urbanek, Kenneth R. Westerback & Marco Peereboom @@ -1624,7 +1624,7 @@ ahd_handle_scsiint(struct ahd_softc *ahd, u_int intstat) * 'Selection in Progress' status bit, the busy * LED does. SELINGO is only cleared by a successful * selection, so we must manually clear it to insure - * the LED turns off just incase no future successful + * the LED turns off just in case no future successful * selections occur (e.g. no devices on the bus). */ ahd_outb(ahd, CLRSINT0, CLRSELINGO); diff --git a/sys/dev/ic/aic79xx.h b/sys/dev/ic/aic79xx.h index 250ac9f15..03d6af31d 100644 --- a/sys/dev/ic/aic79xx.h +++ b/sys/dev/ic/aic79xx.h @@ -1,4 +1,4 @@ -/* $OpenBSD: aic79xx.h,v 1.32 2024/09/01 03:08:56 jsg Exp $ */ +/* $OpenBSD: aic79xx.h,v 1.33 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2004 Milos Urbanek, Kenneth R. Westerback & Marco Peereboom @@ -831,8 +831,8 @@ struct seeprom_config { * BIOS Control Bits */ uint16_t bios_control; /* word 16 */ -#define CFSUPREM 0x0001 /* support all removeable drives */ -#define CFSUPREMB 0x0002 /* support removeable boot drives */ +#define CFSUPREM 0x0001 /* support all removable drives */ +#define CFSUPREMB 0x0002 /* support removable boot drives */ #define CFBIOSSTATE 0x000C /* BIOS Action State */ #define CFBS_DISABLED 0x00 #define CFBS_ENABLED 0x04 diff --git a/sys/dev/ic/aic7xxx.c b/sys/dev/ic/aic7xxx.c index b442a19e1..20f09bca2 100644 --- a/sys/dev/ic/aic7xxx.c +++ b/sys/dev/ic/aic7xxx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aic7xxx.c,v 1.97 2022/01/09 05:42:38 jsg Exp $ */ +/* $OpenBSD: aic7xxx.c,v 1.98 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: aic7xxx.c,v 1.108 2003/11/02 11:07:44 wiz Exp $ */ /* @@ -40,7 +40,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGES. * - * $Id: aic7xxx.c,v 1.97 2022/01/09 05:42:38 jsg Exp $ + * $Id: aic7xxx.c,v 1.98 2024/09/04 07:54:52 mglocker Exp $ */ /* * Ported from FreeBSD by Pascal Renauld, Network Storage Solutions, Inc. - April 2003 @@ -1199,7 +1199,7 @@ ahc_handle_scsiint(struct ahc_softc *ahc, u_int intstat) * 'Selection in Progress' status bit, the busy * LED does. SELINGO is only cleared by a successful * selection, so we must manually clear it to insure - * the LED turns off just incase no future successful + * the LED turns off just in case no future successful * selections occur (e.g. no devices on the bus). */ ahc_outb(ahc, CLRSINT0, CLRSELINGO); diff --git a/sys/dev/ic/atwvar.h b/sys/dev/ic/atwvar.h index f31f71487..5a2845e92 100644 --- a/sys/dev/ic/atwvar.h +++ b/sys/dev/ic/atwvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: atwvar.h,v 1.26 2013/12/06 21:03:02 deraadt Exp $ */ +/* $OpenBSD: atwvar.h,v 1.27 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: atwvar.h,v 1.13 2004/07/23 07:07:55 dyoung Exp $ */ /* @@ -37,7 +37,7 @@ #include /* - * Some misc. statics, useful for debugging. + * Some misc. statistics, useful for debugging. */ struct atw_stats { u_long ts_tx_tuf; /* transmit underflow errors */ diff --git a/sys/dev/ic/ccp.c b/sys/dev/ic/ccp.c index 024291c86..af5980c24 100644 --- a/sys/dev/ic/ccp.c +++ b/sys/dev/ic/ccp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ccp.c,v 1.10 2024/09/03 00:23:05 jsg Exp $ */ +/* $OpenBSD: ccp.c,v 1.11 2024/09/04 07:45:08 jsg Exp $ */ /* * Copyright (c) 2018 David Gwynne @@ -41,10 +41,7 @@ ccp_attach(struct ccp_softc *sc) timeout_set(&sc->sc_tick, ccp_rng, sc); ccp_rng(sc); - if (sc->sc_psp_attached != 0) - printf(", RNG\n"); - else - printf(": RNG\n"); + printf("\n"); } static void diff --git a/sys/dev/ic/ccpvar.h b/sys/dev/ic/ccpvar.h index 59fb2e9e6..61be13088 100644 --- a/sys/dev/ic/ccpvar.h +++ b/sys/dev/ic/ccpvar.h @@ -1,8 +1,7 @@ -/* $OpenBSD: ccpvar.h,v 1.5 2024/09/03 00:23:05 jsg Exp $ */ +/* $OpenBSD: ccpvar.h,v 1.6 2024/09/04 07:45:08 jsg Exp $ */ /* * Copyright (c) 2018 David Gwynne - * Copyright (c) 2023, 2024 Hans-Joerg Hoexer * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -18,7 +17,6 @@ */ #include -#include struct ccp_softc { struct device sc_dev; @@ -26,25 +24,8 @@ struct ccp_softc { bus_space_handle_t sc_ioh; struct timeout sc_tick; - - int sc_psp_attached; - - bus_dma_tag_t sc_dmat; - uint32_t sc_capabilities; - int (*sc_sev_intr)(struct ccp_softc *, uint32_t); - void * sc_ih; - - bus_dmamap_t sc_cmd_map; - bus_dma_segment_t sc_cmd_seg; - size_t sc_cmd_size; - caddr_t sc_cmd_kva; - - bus_dmamap_t sc_tmr_map; - bus_dma_segment_t sc_tmr_seg; - size_t sc_tmr_size; - caddr_t sc_tmr_kva; - - struct rwlock sc_lock; + struct device *sc_psp; + void *sc_irqh; }; void ccp_attach(struct ccp_softc *); diff --git a/sys/dev/ic/fxpreg.h b/sys/dev/ic/fxpreg.h index 1b4863a40..a80f32d29 100644 --- a/sys/dev/ic/fxpreg.h +++ b/sys/dev/ic/fxpreg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: fxpreg.h,v 1.14 2012/04/03 23:39:09 deraadt Exp $ */ +/* $OpenBSD: fxpreg.h,v 1.15 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 1995, David Greenman @@ -121,7 +121,7 @@ struct fxp_cb_ias { * Bitfields cleaned out since it is not endian compatible. OK * you can define a big endian structure but can never be 100% safe... * - * ANY PROGRAMER TRYING THE STUNT WITH BITFIELDS IN A DEVICE DRIVER + * ANY PROGRAMMER TRYING THE STUNT WITH BITFIELDS IN A DEVICE DRIVER * SHOULD BE PUT UP AGAINST THE WALL, BLINDFOLDED AND SHOT! */ struct fxp_cb_config { diff --git a/sys/dev/ic/gemvar.h b/sys/dev/ic/gemvar.h index e4847c98e..f08f6bb30 100644 --- a/sys/dev/ic/gemvar.h +++ b/sys/dev/ic/gemvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: gemvar.h,v 1.32 2024/05/13 01:15:50 jsg Exp $ */ +/* $OpenBSD: gemvar.h,v 1.33 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: gemvar.h,v 1.1 2001/09/16 00:11:43 eeh Exp $ */ /* @@ -106,7 +106,7 @@ struct gem_txthresh_tab { }; /* - * Some misc. statics, useful for debugging. + * Some misc. statistics, useful for debugging. */ struct gem_stats { u_long ts_tx_uf; /* transmit underflow errors */ diff --git a/sys/dev/ic/ncr53c9xvar.h b/sys/dev/ic/ncr53c9xvar.h index 03fbe50ae..cc6dbac44 100644 --- a/sys/dev/ic/ncr53c9xvar.h +++ b/sys/dev/ic/ncr53c9xvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ncr53c9xvar.h,v 1.25 2024/04/03 18:41:38 miod Exp $ */ +/* $OpenBSD: ncr53c9xvar.h,v 1.26 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: ncr53c9xvar.h,v 1.13 1998/05/26 23:17:34 thorpej Exp $ */ /*- @@ -88,7 +88,7 @@ /* * ECB. Holds additional information for each SCSI command Comments: We * need a separate scsi command block because we may need to overwrite it - * with a request sense command. Basicly, we refrain from fiddling with + * with a request sense command. Basically, we refrain from fiddling with * the scsi_xfer struct (except do the expected updating of return values). * We'll generally update: xs->{flags,resid,error,sense,status} and * occasionally xs->retries. diff --git a/sys/dev/ic/osiopvar.h b/sys/dev/ic/osiopvar.h index e5f53d5b5..9f0d73d18 100644 --- a/sys/dev/ic/osiopvar.h +++ b/sys/dev/ic/osiopvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: osiopvar.h,v 1.12 2020/07/22 13:16:04 krw Exp $ */ +/* $OpenBSD: osiopvar.h,v 1.13 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: osiopvar.h,v 1.3 2002/05/14 02:58:35 matt Exp $ */ /* @@ -133,7 +133,7 @@ struct osiop_ds { /* * ACB. Holds additional information for each SCSI command Comments: - * Basicly, we refrain from fiddling with the scsi_xfer struct + * Basically, we refrain from fiddling with the scsi_xfer struct * (except do the expected updating of return values). * We'll generally update: xs->{flags,resid,error,status} and * occasionally xs->retries. diff --git a/sys/dev/ic/psp.c b/sys/dev/ic/psp.c index d6a80998e..5bbbf2de5 100644 --- a/sys/dev/ic/psp.c +++ b/sys/dev/ic/psp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: psp.c,v 1.1 2024/09/03 00:23:05 jsg Exp $ */ +/* $OpenBSD: psp.c,v 1.4 2024/09/04 08:14:18 jsg Exp $ */ /* * Copyright (c) 2023, 2024 Hans-Joerg Hoexer @@ -19,8 +19,8 @@ #include #include #include -#include #include +#include #include @@ -31,14 +31,52 @@ #include #include -struct ccp_softc *ccp_softc; +struct psp_softc { + struct device sc_dev; + bus_space_tag_t sc_iot; + bus_space_handle_t sc_ioh; -int psp_get_pstatus(struct psp_platform_status *); -int psp_init(struct psp_init *); + bus_dma_tag_t sc_dmat; + uint32_t sc_capabilities; + + bus_dmamap_t sc_cmd_map; + bus_dma_segment_t sc_cmd_seg; + size_t sc_cmd_size; + caddr_t sc_cmd_kva; + + bus_dmamap_t sc_tmr_map; + bus_dma_segment_t sc_tmr_seg; + size_t sc_tmr_size; + caddr_t sc_tmr_kva; + + struct rwlock sc_lock; +}; + +int psp_get_pstatus(struct psp_softc *, struct psp_platform_status *); +int psp_init(struct psp_softc *, struct psp_init *); +int psp_match(struct device *, void *, void *); +void psp_attach(struct device *, struct device *, void *); + +struct cfdriver psp_cd = { + NULL, "psp", DV_DULL +}; + +const struct cfattach psp_ca = { + sizeof(struct psp_softc), + psp_match, + psp_attach +}; int -psp_sev_intr(struct ccp_softc *sc, uint32_t status) +psp_sev_intr(void *arg) { + struct ccp_softc *csc = arg; + struct psp_softc *sc = (struct psp_softc *)csc->sc_psp; + uint32_t status; + + status = bus_space_read_4(sc->sc_iot, sc->sc_ioh, PSP_REG_INTSTS); + bus_space_write_4(sc->sc_iot, sc->sc_ioh, PSP_REG_INTSTS, status); + if (!(status & PSP_CMDRESP_COMPLETE)) return (0); @@ -48,24 +86,34 @@ psp_sev_intr(struct ccp_softc *sc, uint32_t status) } int -psp_attach(struct ccp_softc *sc) +psp_match(struct device *parent, void *match, void *aux) { + return (1); +} + +void +psp_attach(struct device *parent, struct device *self, void *aux) +{ + struct psp_softc *sc = (struct psp_softc *)self; + struct psp_attach_args *arg = aux; struct psp_platform_status pst; struct psp_init init; size_t size; int nsegs; - if (!(sc->sc_capabilities & PSP_CAP_SEV)) - return (0); + sc->sc_iot = arg->iot; + sc->sc_ioh = arg->ioh; + sc->sc_dmat = arg->dmat; + sc->sc_capabilities = arg->capabilities; - rw_init(&sc->sc_lock, "ccp_lock"); + rw_init(&sc->sc_lock, "psp_lock"); /* create and map SEV command buffer */ sc->sc_cmd_size = size = PAGE_SIZE; if (bus_dmamap_create(sc->sc_dmat, size, 1, size, 0, BUS_DMA_WAITOK | BUS_DMA_ALLOCNOW | BUS_DMA_64BIT, &sc->sc_cmd_map) != 0) - return (0); + return; if (bus_dmamem_alloc(sc->sc_dmat, size, 0, 0, &sc->sc_cmd_seg, 1, &nsegs, BUS_DMA_WAITOK | BUS_DMA_ZERO) != 0) @@ -79,10 +127,7 @@ psp_attach(struct ccp_softc *sc) size, NULL, BUS_DMA_WAITOK) != 0) goto fail_2; - sc->sc_sev_intr = psp_sev_intr; - ccp_softc = sc; - - if (psp_get_pstatus(&pst) || pst.state != 0) + if (psp_get_pstatus(sc, &pst) || pst.state != 0) goto fail_3; /* @@ -111,18 +156,18 @@ psp_attach(struct ccp_softc *sc) init.enable_es = 1; init.tmr_length = PSP_TMR_SIZE; init.tmr_paddr = sc->sc_tmr_map->dm_segs[0].ds_addr; - if (psp_init(&init)) + if (psp_init(sc, &init)) goto fail_7; - printf(", SEV"); + printf(": SEV"); - psp_get_pstatus(&pst); + psp_get_pstatus(sc, &pst); if ((pst.state == 1) && (pst.cfges_build & 0x1)) printf(", SEV-ES"); - sc->sc_psp_attached = 1; + printf("\n"); - return (1); + return; fail_7: bus_dmamap_unload(sc->sc_dmat, sc->sc_tmr_map); @@ -141,14 +186,13 @@ fail_1: fail_0: bus_dmamap_destroy(sc->sc_dmat, sc->sc_cmd_map); - ccp_softc = NULL; - sc->sc_psp_attached = -1; + printf("\n"); - return (0); + return; } static int -ccp_wait(struct ccp_softc *sc, uint32_t *status, int poll) +ccp_wait(struct psp_softc *sc, uint32_t *status, int poll) { uint32_t cmdword; int count; @@ -180,7 +224,7 @@ done: } static int -ccp_docmd(struct ccp_softc *sc, int cmd, uint64_t paddr) +ccp_docmd(struct psp_softc *sc, int cmd, uint64_t paddr) { uint32_t plo, phi, cmdword, status; @@ -207,9 +251,8 @@ ccp_docmd(struct ccp_softc *sc, int cmd, uint64_t paddr) } int -psp_init(struct psp_init *uinit) +psp_init(struct psp_softc *sc, struct psp_init *uinit) { - struct ccp_softc *sc = ccp_softc; struct psp_init *init; int ret; @@ -230,9 +273,8 @@ psp_init(struct psp_init *uinit) } int -psp_get_pstatus(struct psp_platform_status *ustatus) +psp_get_pstatus(struct psp_softc *sc, struct psp_platform_status *ustatus) { - struct ccp_softc *sc = ccp_softc; struct psp_platform_status *status; int ret; @@ -251,9 +293,8 @@ psp_get_pstatus(struct psp_platform_status *ustatus) } int -psp_df_flush(void) +psp_df_flush(struct psp_softc *sc) { - struct ccp_softc *sc = ccp_softc; int ret; wbinvd_on_all_cpus(); @@ -267,9 +308,8 @@ psp_df_flush(void) } int -psp_decommission(struct psp_decommission *udecom) +psp_decommission(struct psp_softc *sc, struct psp_decommission *udecom) { - struct ccp_softc *sc = ccp_softc; struct psp_decommission *decom; int ret; @@ -288,9 +328,8 @@ psp_decommission(struct psp_decommission *udecom) } int -psp_get_gstatus(struct psp_guest_status *ustatus) +psp_get_gstatus(struct psp_softc *sc, struct psp_guest_status *ustatus) { - struct ccp_softc *sc = ccp_softc; struct psp_guest_status *status; int ret; @@ -313,9 +352,8 @@ psp_get_gstatus(struct psp_guest_status *ustatus) } int -psp_launch_start(struct psp_launch_start *ustart) +psp_launch_start(struct psp_softc *sc, struct psp_launch_start *ustart) { - struct ccp_softc *sc = ccp_softc; struct psp_launch_start *start; int ret; @@ -339,9 +377,9 @@ psp_launch_start(struct psp_launch_start *ustart) } int -psp_launch_update_data(struct psp_launch_update_data *ulud, struct proc *p) +psp_launch_update_data(struct psp_softc *sc, + struct psp_launch_update_data *ulud, struct proc *p) { - struct ccp_softc *sc = ccp_softc; struct psp_launch_update_data *ludata; pmap_t pmap; vaddr_t v, next, end; @@ -397,10 +435,9 @@ psp_launch_update_data(struct psp_launch_update_data *ulud, struct proc *p) } int -psp_launch_measure(struct psp_launch_measure *ulm) +psp_launch_measure(struct psp_softc *sc, struct psp_launch_measure *ulm) { struct psp_launch_measure *lm; - struct ccp_softc *sc = ccp_softc; int ret; uint64_t paddr; @@ -427,9 +464,8 @@ psp_launch_measure(struct psp_launch_measure *ulm) } int -psp_launch_finish(struct psp_launch_finish *ulf) +psp_launch_finish(struct psp_softc *sc, struct psp_launch_finish *ulf) { - struct ccp_softc *sc = ccp_softc; struct psp_launch_finish *lf; int ret; @@ -448,9 +484,8 @@ psp_launch_finish(struct psp_launch_finish *ulf) } int -psp_attestation(struct psp_attestation *uat) +psp_attestation(struct psp_softc *sc, struct psp_attestation *uat) { - struct ccp_softc *sc = ccp_softc; struct psp_attestation *at; int ret; uint64_t paddr; @@ -479,9 +514,8 @@ psp_attestation(struct psp_attestation *uat) } int -psp_activate(struct psp_activate *uact) +psp_activate(struct psp_softc *sc, struct psp_activate *uact) { - struct ccp_softc *sc = ccp_softc; struct psp_activate *act; int ret; @@ -501,9 +535,8 @@ psp_activate(struct psp_activate *uact) } int -psp_deactivate(struct psp_deactivate *udeact) +psp_deactivate(struct psp_softc *sc, struct psp_deactivate *udeact) { - struct ccp_softc *sc = ccp_softc; struct psp_deactivate *deact; int ret; @@ -522,7 +555,7 @@ psp_deactivate(struct psp_deactivate *udeact) } int -psp_guest_shutdown(struct psp_guest_shutdown *ugshutdown) +psp_guest_shutdown(struct psp_softc *sc, struct psp_guest_shutdown *ugshutdown) { struct psp_deactivate deact; struct psp_decommission decom; @@ -530,24 +563,24 @@ psp_guest_shutdown(struct psp_guest_shutdown *ugshutdown) bzero(&deact, sizeof(deact)); deact.handle = ugshutdown->handle; - if ((ret = psp_deactivate(&deact)) != 0) + if ((ret = psp_deactivate(sc, &deact)) != 0) return (ret); - if ((ret = psp_df_flush()) != 0) + if ((ret = psp_df_flush(sc)) != 0) return (ret); bzero(&decom, sizeof(decom)); decom.handle = ugshutdown->handle; - if ((ret = psp_decommission(&decom)) != 0) + if ((ret = psp_decommission(sc, &decom)) != 0) return (ret); return (0); } int -psp_snp_get_pstatus(struct psp_snp_platform_status *ustatus) +psp_snp_get_pstatus(struct psp_softc *sc, + struct psp_snp_platform_status *ustatus) { - struct ccp_softc *sc = ccp_softc; struct psp_snp_platform_status *status; int ret; @@ -568,8 +601,11 @@ psp_snp_get_pstatus(struct psp_snp_platform_status *ustatus) int pspopen(dev_t dev, int flag, int mode, struct proc *p) { - if (ccp_softc == NULL) - return (ENODEV); + struct psp_softc *sc; + + sc = (struct psp_softc *)device_lookup(&psp_cd, minor(dev)); + if (sc == NULL) + return (ENXIO); return (0); } @@ -577,64 +613,75 @@ pspopen(dev_t dev, int flag, int mode, struct proc *p) int pspclose(dev_t dev, int flag, int mode, struct proc *p) { + struct psp_softc *sc; + + sc = (struct psp_softc *)device_lookup(&psp_cd, minor(dev)); + if (sc == NULL) + return (ENXIO); + return (0); } int pspioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p) { - int ret; + struct psp_softc *sc; + int ret; - rw_enter_write(&ccp_softc->sc_lock); + sc = (struct psp_softc *)device_lookup(&psp_cd, minor(dev)); + if (sc == NULL) + return (ENXIO); + + rw_enter_write(&sc->sc_lock); switch (cmd) { case PSP_IOC_GET_PSTATUS: - ret = psp_get_pstatus((struct psp_platform_status *)data); + ret = psp_get_pstatus(sc, (struct psp_platform_status *)data); break; case PSP_IOC_DF_FLUSH: - ret = psp_df_flush(); + ret = psp_df_flush(sc); break; case PSP_IOC_DECOMMISSION: - ret = psp_decommission((struct psp_decommission *)data); + ret = psp_decommission(sc, (struct psp_decommission *)data); break; case PSP_IOC_GET_GSTATUS: - ret = psp_get_gstatus((struct psp_guest_status *)data); + ret = psp_get_gstatus(sc, (struct psp_guest_status *)data); break; case PSP_IOC_LAUNCH_START: - ret = psp_launch_start((struct psp_launch_start *)data); + ret = psp_launch_start(sc, (struct psp_launch_start *)data); break; case PSP_IOC_LAUNCH_UPDATE_DATA: - ret = psp_launch_update_data( + ret = psp_launch_update_data(sc, (struct psp_launch_update_data *)data, p); break; case PSP_IOC_LAUNCH_MEASURE: - ret = psp_launch_measure((struct psp_launch_measure *)data); + ret = psp_launch_measure(sc, (struct psp_launch_measure *)data); break; case PSP_IOC_LAUNCH_FINISH: - ret = psp_launch_finish((struct psp_launch_finish *)data); + ret = psp_launch_finish(sc, (struct psp_launch_finish *)data); break; case PSP_IOC_ATTESTATION: - ret = psp_attestation((struct psp_attestation *)data); + ret = psp_attestation(sc, (struct psp_attestation *)data); break; case PSP_IOC_ACTIVATE: - ret = psp_activate((struct psp_activate *)data); + ret = psp_activate(sc, (struct psp_activate *)data); break; case PSP_IOC_DEACTIVATE: - ret = psp_deactivate((struct psp_deactivate *)data); + ret = psp_deactivate(sc, (struct psp_deactivate *)data); break; case PSP_IOC_GUEST_SHUTDOWN: - ret = psp_guest_shutdown((struct psp_guest_shutdown *)data); + ret = psp_guest_shutdown(sc, (struct psp_guest_shutdown *)data); break; case PSP_IOC_SNP_GET_PSTATUS: - ret = - psp_snp_get_pstatus((struct psp_snp_platform_status *)data); + ret = psp_snp_get_pstatus(sc, + (struct psp_snp_platform_status *)data); break; default: ret = ENOTTY; break; } - rw_exit_write(&ccp_softc->sc_lock); + rw_exit_write(&sc->sc_lock); return (ret); } @@ -657,3 +704,20 @@ pledge_ioctl_psp(struct proc *p, long com) return (pledge_fail(p, EPERM, PLEDGE_VMM)); } } + +int +pspprint(void *aux, const char *pnp) +{ + return QUIET; +} + +int +pspsubmatch(struct device *parent, void *match, void *aux) +{ + struct psp_attach_args *arg = aux; + struct cfdata *cf = match; + + if (!(arg->capabilities & PSP_CAP_SEV)) + return (0); + return ((*cf->cf_attach->ca_match)(parent, cf, aux)); +} diff --git a/sys/dev/ic/pspvar.h b/sys/dev/ic/pspvar.h index 84f715d83..a1d7c8384 100644 --- a/sys/dev/ic/pspvar.h +++ b/sys/dev/ic/pspvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pspvar.h,v 1.1 2024/09/03 00:23:05 jsg Exp $ */ +/* $OpenBSD: pspvar.h,v 1.2 2024/09/04 07:45:08 jsg Exp $ */ /* * Copyright (c) 2023, 2024 Hans-Joerg Hoexer @@ -246,10 +246,16 @@ struct psp_snp_platform_status { #ifdef _KERNEL -int psp_attach(struct ccp_softc *); +struct psp_attach_args { + bus_space_tag_t iot; + bus_space_handle_t ioh; -int pspclose(dev_t, int, int, struct proc *); -int pspopen(dev_t, int, int, struct proc *); -int pspioctl(dev_t, u_long, caddr_t, int, struct proc *); + bus_dma_tag_t dmat; + uint32_t capabilities; +}; + +int pspsubmatch(struct device *, void *, void *); +int pspprint(void *aux, const char *pnp); +int psp_sev_intr(void *); #endif /* _KERNEL */ diff --git a/sys/dev/ic/sili.c b/sys/dev/ic/sili.c index 748f017c4..444825420 100644 --- a/sys/dev/ic/sili.c +++ b/sys/dev/ic/sili.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sili.c,v 1.61 2022/04/09 20:10:26 naddy Exp $ */ +/* $OpenBSD: sili.c,v 1.62 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2007 David Gwynne @@ -123,7 +123,7 @@ void sili_ports_free(struct sili_softc *); /* * you can fit 22 sge's into 7 sgts and a prb: - * there's 1 sgl in an atapi prb (two in the ata one, but we cant over + * there's 1 sgl in an atapi prb (two in the ata one, but we can't over * advertise), but that's needed for the chain element. you get three sges * per sgt cos you lose the 4th sge for the chaining, but you keep it in * the last sgt. so 3 x 6 + 4 is 22. diff --git a/sys/dev/ic/trm.c b/sys/dev/ic/trm.c index c8ca7842c..5e78a9da0 100644 --- a/sys/dev/ic/trm.c +++ b/sys/dev/ic/trm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trm.c,v 1.46 2024/06/22 10:22:29 jsg Exp $ +/* $OpenBSD: trm.c,v 1.47 2024/09/04 07:54:52 mglocker Exp $ * ------------------------------------------------------------ * O.S : OpenBSD * File Name : trm.c @@ -1124,7 +1124,7 @@ trm_DataInPhase0(struct trm_softc *sc, struct trm_scsi_req_q *pSRB, u_int8_t *ps * * parsing the case: * when a transfer not yet complete - * but be disconnected by uper layer + * but be disconnected by upper layer * if transfer not yet complete * there were some data residue in SCSI FIFO or * SCSI transfer counter not empty diff --git a/sys/dev/ic/trm.h b/sys/dev/ic/trm.h index 42f607ee3..3f0bf34d6 100644 --- a/sys/dev/ic/trm.h +++ b/sys/dev/ic/trm.h @@ -1,4 +1,4 @@ -/* $OpenBSD: trm.h,v 1.7 2020/07/22 13:16:04 krw Exp $ +/* $OpenBSD: trm.h,v 1.8 2024/09/04 07:54:52 mglocker Exp $ * ------------------------------------------------------------ * O.S : OpenBSD * File Name : trm.h @@ -123,7 +123,7 @@ struct trm_scsi_req_q #define TRM_NO_TAG 0x00 u_int8_t TargetStatus; /* SCSI status codes + Tekram: */ -#define TRM_SCSI_UNEXP_BUS_FREE 0xFD /* Unexpect Bus Free */ +#define TRM_SCSI_UNEXP_BUS_FREE 0xFD /* Unexpected Bus Free */ #define TRM_SCSI_BUS_RST_DETECTED 0xFE /* Scsi Bus Reset detected */ #define TRM_SCSI_SELECT_TIMEOUT 0xFF /* Selection Time out */ diff --git a/sys/dev/kstat.c b/sys/dev/kstat.c index b5a4ddcea..ee6e490b1 100644 --- a/sys/dev/kstat.c +++ b/sys/dev/kstat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kstat.c,v 1.3 2024/07/08 14:46:47 mpi Exp $ */ +/* $OpenBSD: kstat.c,v 1.4 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2020 David Gwynne @@ -252,7 +252,7 @@ kstatioc_leave(struct kstat_req *ksreq, struct kstat *ks) /* KSTAT_F_REALLOC */ KASSERTMSG(ks->ks_datalen == klen, - "kstat doesnt support resized data yet"); + "kstat doesn't support resized data yet"); error = (*ks->ks_copy)(ks, buf); } diff --git a/sys/dev/pci/arc.c b/sys/dev/pci/arc.c index c0ba8a18d..e15fcae7b 100644 --- a/sys/dev/pci/arc.c +++ b/sys/dev/pci/arc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: arc.c,v 1.126 2024/05/24 06:02:53 jsg Exp $ */ +/* $OpenBSD: arc.c,v 1.127 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2006 David Gwynne @@ -2219,7 +2219,7 @@ arc_bio_disk(struct arc_softc *sc, struct bioc_disk *bd) bd->bd_lun = diskinfo->scsi_attr.lun; #endif /* - * the firmware doesnt seem to fill scsi_attr in, so fake it with + * the firmware doesn't seem to fill scsi_attr in, so fake it with * the diskid. */ bd->bd_channel = 0; diff --git a/sys/dev/pci/auich.c b/sys/dev/pci/auich.c index 3ac6e6ad2..b945004a3 100644 --- a/sys/dev/pci/auich.c +++ b/sys/dev/pci/auich.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auich.c,v 1.119 2022/10/26 20:19:08 kn Exp $ */ +/* $OpenBSD: auich.c,v 1.120 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2000,2001 Michael Shalayeff @@ -1422,7 +1422,7 @@ auich_calibrate(struct auich_softc *sc) break; /* * check for strange changes in STS - - * XXX remove it when everythings fine + * XXX remove it when everything is fine */ if (sts != osts) { printf("%s: ac97 sts changed after %d us sts=%b civ=%u\n", diff --git a/sys/dev/pci/bktr/bktr_audio.c b/sys/dev/pci/bktr/bktr_audio.c index 4757a630f..b844a21a6 100644 --- a/sys/dev/pci/bktr/bktr_audio.c +++ b/sys/dev/pci/bktr/bktr_audio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bktr_audio.c,v 1.14 2022/01/09 05:42:58 jsg Exp $ */ +/* $OpenBSD: bktr_audio.c,v 1.15 2024/09/04 07:54:52 mglocker Exp $ */ /* $FreeBSD: src/sys/dev/bktr/bktr_audio.c,v 1.8 2000/10/31 13:09:56 roger Exp $ */ /* * This is part of the Driver for Video Capture Cards (Frame grabbers) @@ -267,7 +267,7 @@ init_BTSC( bktr_ptr_t bktr ) /* * setup the dbx chip - * XXX FIXME: alot of work to be done here, this merely unmutes it. + * XXX FIXME: a lot of work to be done here, this merely unmutes it. */ int set_BTSC( bktr_ptr_t bktr, int control ) diff --git a/sys/dev/pci/ccp_pci.c b/sys/dev/pci/ccp_pci.c index 1285603eb..8e1168689 100644 --- a/sys/dev/pci/ccp_pci.c +++ b/sys/dev/pci/ccp_pci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ccp_pci.c,v 1.12 2024/09/03 00:23:05 jsg Exp $ */ +/* $OpenBSD: ccp_pci.c,v 1.13 2024/09/04 07:45:08 jsg Exp $ */ /* * Copyright (c) 2018 David Gwynne @@ -29,13 +29,15 @@ #include #include +#include "psp.h" + #define CCP_PCI_BAR 0x18 int ccp_pci_match(struct device *, void *, void *); void ccp_pci_attach(struct device *, struct device *, void *); -void psp_pci_attach(struct device *, struct device *, void *); -int psp_pci_intr(void *); +void ccp_pci_intr_map(struct ccp_softc *, struct pci_attach_args *); +void ccp_pci_psp_attach(struct ccp_softc *, struct pci_attach_args *); const struct cfattach ccp_pci_ca = { sizeof(struct ccp_softc), @@ -78,24 +80,20 @@ ccp_pci_attach(struct device *parent, struct device *self, void *aux) return; } - psp_pci_attach(parent, self, aux); + ccp_pci_intr_map(sc, pa); ccp_attach(sc); + + ccp_pci_psp_attach(sc, pa); } void -psp_pci_attach(struct device *parent, struct device *self, void *aux) +ccp_pci_intr_map(struct ccp_softc *sc, struct pci_attach_args *pa) { - struct ccp_softc *sc = (struct ccp_softc *)self; - struct pci_attach_args *pa = aux; +#if NPSP > 0 pci_intr_handle_t ih; const char *intrstr = NULL; - sc->sc_dmat = pa->pa_dmat; - - sc->sc_capabilities = bus_space_read_4(sc->sc_iot, sc->sc_ioh, - PSP_REG_CAPABILITIES); - /* clear and disable interrupts */ bus_space_write_4(sc->sc_iot, sc->sc_ioh, PSP_REG_INTEN, 0); bus_space_write_4(sc->sc_iot, sc->sc_ioh, PSP_REG_INTSTS, -1); @@ -107,32 +105,34 @@ psp_pci_attach(struct device *parent, struct device *self, void *aux) } intrstr = pci_intr_string(pa->pa_pc, ih); - sc->sc_ih = pci_intr_establish(pa->pa_pc, ih, IPL_BIO, psp_pci_intr, + sc->sc_irqh = pci_intr_establish(pa->pa_pc, ih, IPL_BIO, psp_sev_intr, sc, sc->sc_dev.dv_xname); - if (sc->sc_ih != NULL) + if (sc->sc_irqh != NULL) printf(": %s", intrstr); +#endif +} - if (!psp_attach(sc)) { - pci_intr_disestablish(pa->pa_pc, sc->sc_ih); - sc->sc_ih = NULL; +void +ccp_pci_psp_attach(struct ccp_softc *sc, struct pci_attach_args *pa) +{ +#if NPSP > 0 + struct psp_attach_args arg; + struct device *self = (struct device *)sc; + + memset(&arg, 0, sizeof(arg)); + arg.iot = sc->sc_iot; + arg.ioh = sc->sc_ioh; + arg.dmat = pa->pa_dmat; + arg.capabilities = bus_space_read_4(sc->sc_iot, sc->sc_ioh, + PSP_REG_CAPABILITIES); + + sc->sc_psp = config_found_sm(self, &arg, pspprint, pspsubmatch); + if (sc->sc_psp == NULL) { + pci_intr_disestablish(pa->pa_pc, sc->sc_irqh); return; } /* enable interrupts */ bus_space_write_4(sc->sc_iot, sc->sc_ioh, PSP_REG_INTEN, -1); -} - -int -psp_pci_intr(void *arg) -{ - struct ccp_softc *sc = arg; - uint32_t status; - - status = bus_space_read_4(sc->sc_iot, sc->sc_ioh, PSP_REG_INTSTS); - bus_space_write_4(sc->sc_iot, sc->sc_ioh, PSP_REG_INTSTS, status); - - if (sc->sc_sev_intr) - return (sc->sc_sev_intr(sc, status)); - - return (1); +#endif } diff --git a/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c b/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c index cc74dd69a..fa9f53b31 100644 --- a/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c +++ b/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include "amdgpu.h" @@ -848,10 +849,14 @@ static int dm_plane_helper_prepare_fb(struct drm_plane *plane, } afb = to_amdgpu_framebuffer(new_state->fb); - obj = new_state->fb->obj[0]; + obj = drm_gem_fb_get_obj(new_state->fb, 0); + if (!obj) { + DRM_ERROR("Failed to get obj from framebuffer\n"); + return -EINVAL; + } + rbo = gem_to_amdgpu_bo(obj); adev = amdgpu_ttm_adev(rbo->tbo.bdev); - r = amdgpu_bo_reserve(rbo, true); if (r) { dev_err(adev->dev, "fail to reserve bo (%d)\n", r); diff --git a/sys/dev/pci/drm/amd/pm/swsmu/amdgpu_smu.c b/sys/dev/pci/drm/amd/pm/swsmu/amdgpu_smu.c index d6daf3c1c..ab7f5a274 100644 --- a/sys/dev/pci/drm/amd/pm/swsmu/amdgpu_smu.c +++ b/sys/dev/pci/drm/amd/pm/swsmu/amdgpu_smu.c @@ -1841,8 +1841,9 @@ static int smu_bump_power_profile_mode(struct smu_context *smu, } static int smu_adjust_power_state_dynamic(struct smu_context *smu, - enum amd_dpm_forced_level level, - bool skip_display_settings) + enum amd_dpm_forced_level level, + bool skip_display_settings, + bool force_update) { int ret = 0; int index = 0; @@ -1871,7 +1872,7 @@ static int smu_adjust_power_state_dynamic(struct smu_context *smu, } } - if (smu_dpm_ctx->dpm_level != level) { + if (force_update || smu_dpm_ctx->dpm_level != level) { ret = smu_asic_set_performance_level(smu, level); if (ret) { dev_err(smu->adev->dev, "Failed to set performance level!"); @@ -1882,13 +1883,12 @@ static int smu_adjust_power_state_dynamic(struct smu_context *smu, smu_dpm_ctx->dpm_level = level; } - if (smu_dpm_ctx->dpm_level != AMD_DPM_FORCED_LEVEL_MANUAL && - smu_dpm_ctx->dpm_level != AMD_DPM_FORCED_LEVEL_PERF_DETERMINISM) { + if (smu_dpm_ctx->dpm_level != AMD_DPM_FORCED_LEVEL_PERF_DETERMINISM) { index = fls(smu->workload_mask); index = index > 0 && index <= WORKLOAD_POLICY_MAX ? index - 1 : 0; workload[0] = smu->workload_setting[index]; - if (smu->power_profile_mode != workload[0]) + if (force_update || smu->power_profile_mode != workload[0]) smu_bump_power_profile_mode(smu, workload, 0); } @@ -1909,11 +1909,13 @@ static int smu_handle_task(struct smu_context *smu, ret = smu_pre_display_config_changed(smu); if (ret) return ret; - ret = smu_adjust_power_state_dynamic(smu, level, false); + ret = smu_adjust_power_state_dynamic(smu, level, false, false); break; case AMD_PP_TASK_COMPLETE_INIT: + ret = smu_adjust_power_state_dynamic(smu, level, true, true); + break; case AMD_PP_TASK_READJUST_POWER_STATE: - ret = smu_adjust_power_state_dynamic(smu, level, true); + ret = smu_adjust_power_state_dynamic(smu, level, true, false); break; default: break; @@ -1960,8 +1962,7 @@ static int smu_switch_power_profile(void *handle, workload[0] = smu->workload_setting[index]; } - if (smu_dpm_ctx->dpm_level != AMD_DPM_FORCED_LEVEL_MANUAL && - smu_dpm_ctx->dpm_level != AMD_DPM_FORCED_LEVEL_PERF_DETERMINISM) + if (smu_dpm_ctx->dpm_level != AMD_DPM_FORCED_LEVEL_PERF_DETERMINISM) smu_bump_power_profile_mode(smu, workload, 0); return 0; diff --git a/sys/dev/pci/i82365_pci.c b/sys/dev/pci/i82365_pci.c index 6cc788be4..44e4a3453 100644 --- a/sys/dev/pci/i82365_pci.c +++ b/sys/dev/pci/i82365_pci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: i82365_pci.c,v 1.16 2024/05/24 06:02:53 jsg Exp $ */ +/* $OpenBSD: i82365_pci.c,v 1.17 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: i82365_pci.c,v 1.11 2000/02/24 03:42:44 itohy Exp $ */ /* @@ -170,7 +170,8 @@ pcic_pci_attach(struct device *parent, struct device *self, void *aux) if (irq) { sc->ih = pcic_pci_machdep_pcic_intr_establish(sc, pcic_intr); if (sc->ih == NULL) { - printf("%s: couldnt map interrupt\n", sc->dev.dv_xname); + printf("%s: couldn't map interrupt\n", + sc->dev.dv_xname); bus_space_unmap(memt, memh, 0x10000); bus_space_unmap(sc->iot, sc->ioh, size); return; diff --git a/sys/dev/pci/if_bge.c b/sys/dev/pci/if_bge.c index abcc7bd83..e6bf18129 100644 --- a/sys/dev/pci/if_bge.c +++ b/sys/dev/pci/if_bge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bge.c,v 1.406 2024/08/31 16:23:09 deraadt Exp $ */ +/* $OpenBSD: if_bge.c,v 1.407 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2001 Wind River Systems @@ -1364,7 +1364,7 @@ bge_fill_rx_ring_std(struct bge_softc *sc) bge_writembx(sc, BGE_MBX_RX_STD_PROD_LO, sc->bge_std); /* - * bge always needs more than 8 packets on the ring. if we cant do + * bge always needs more than 8 packets on the ring. if we can't do * that now, then try again later. */ if (if_rxr_inuse(&sc->bge_std_ring) <= 8) @@ -1468,7 +1468,7 @@ bge_fill_rx_ring_jumbo(struct bge_softc *sc) bge_writembx(sc, BGE_MBX_RX_JUMBO_PROD_LO, sc->bge_jumbo); /* - * bge always needs more than 8 packets on the ring. if we cant do + * bge always needs more than 8 packets on the ring. if we can't do * that now, then try again later. */ if (if_rxr_inuse(&sc->bge_jumbo_ring) <= 8) diff --git a/sys/dev/pci/if_devar.h b/sys/dev/pci/if_devar.h index bd0a34e4a..a58973ba8 100644 --- a/sys/dev/pci/if_devar.h +++ b/sys/dev/pci/if_devar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_devar.h,v 1.41 2022/03/11 18:00:45 mpi Exp $ */ +/* $OpenBSD: if_devar.h,v 1.42 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: if_devar.h,v 1.13 1997/06/08 18:46:36 thorpej Exp $ */ /*- @@ -750,7 +750,7 @@ static const struct { /* * This driver supports a maximum of 32 tulip boards. - * This should be enough for the forseeable future. + * This should be enough for the foreseeable future. */ #define TULIP_MAX_DEVICES 32 diff --git a/sys/dev/pci/if_em_hw.c b/sys/dev/pci/if_em_hw.c index 04942a614..4ca2a95cc 100644 --- a/sys/dev/pci/if_em_hw.c +++ b/sys/dev/pci/if_em_hw.c @@ -31,7 +31,7 @@ *******************************************************************************/ -/* $OpenBSD: if_em_hw.c,v 1.122 2024/06/26 01:40:49 jsg Exp $ */ +/* $OpenBSD: if_em_hw.c,v 1.123 2024/09/04 07:54:52 mglocker Exp $ */ /* * if_em_hw.c Shared functions for accessing and configuring the MAC */ @@ -3039,7 +3039,7 @@ em_copper_link_rtl8211_setup(struct em_hw *hw) return ret_val; } - /* pulse streching= 42-84ms, blink rate=84mm */ + /* pulse stretching= 42-84ms, blink rate=84mm */ phy_data = 0x140 | RGEPHY_LC_PULSE_42MS | RGEPHY_LC_LINK | RGEPHY_LC_DUPLEX | RGEPHY_LC_RX; @@ -4271,7 +4271,7 @@ em_check_for_link(struct em_hw *hw) ctrl = E1000_READ_REG(hw, CTRL); status = E1000_READ_REG(hw, STATUS); /* - * On adapters with a MAC newer than 82544, SW Defineable pin 1 will + * On adapters with a MAC newer than 82544, SW Definable pin 1 will * be set when the optics detect a signal. On older adapters, it will * be cleared when there is a signal. This applies to fiber media * only. diff --git a/sys/dev/pci/if_em_hw.h b/sys/dev/pci/if_em_hw.h index 2370bf1bb..8ee929af9 100644 --- a/sys/dev/pci/if_em_hw.h +++ b/sys/dev/pci/if_em_hw.h @@ -31,7 +31,7 @@ *******************************************************************************/ -/* $OpenBSD: if_em_hw.h,v 1.96 2024/09/01 03:08:56 jsg Exp $ */ +/* $OpenBSD: if_em_hw.h,v 1.97 2024/09/04 07:54:52 mglocker Exp $ */ /* $FreeBSD: if_em_hw.h,v 1.15 2005/05/26 23:32:02 tackerman Exp $ */ /* if_em_hw.h @@ -1672,12 +1672,12 @@ struct em_hw { #define E1000_CTRL_EXT_GPI2_EN 0x00000004 /* Maps SDP6 to GPI2 */ #define E1000_CTRL_EXT_LPCD 0x00000004 /* LCD Power Cycle Done */ #define E1000_CTRL_EXT_GPI3_EN 0x00000008 /* Maps SDP7 to GPI3 */ -#define E1000_CTRL_EXT_SDP4_DATA 0x00000010 /* Value of SW Defineable Pin 4 */ -#define E1000_CTRL_EXT_SDP5_DATA 0x00000020 /* Value of SW Defineable Pin 5 */ +#define E1000_CTRL_EXT_SDP4_DATA 0x00000010 /* Value of SW Definable Pin 4 */ +#define E1000_CTRL_EXT_SDP5_DATA 0x00000020 /* Value of SW Definable Pin 5 */ #define E1000_CTRL_EXT_PHY_INT E1000_CTRL_EXT_SDP5_DATA -#define E1000_CTRL_EXT_SDP6_DATA 0x00000040 /* Value of SW Defineable Pin 6 */ -#define E1000_CTRL_EXT_SDP7_DATA 0x00000080 /* Value of SW Defineable Pin 7 */ -#define E1000_CTRL_EXT_SDP3_DATA 0x00000080 /* Value of SW Defineable Pin 3 */ +#define E1000_CTRL_EXT_SDP6_DATA 0x00000040 /* Value of SW Definable Pin 6 */ +#define E1000_CTRL_EXT_SDP7_DATA 0x00000080 /* Value of SW Definable Pin 7 */ +#define E1000_CTRL_EXT_SDP3_DATA 0x00000080 /* Value of SW Definable Pin 3 */ #define E1000_CTRL_EXT_SDP4_DIR 0x00000100 /* Direction of SDP4 0=in 1=out */ #define E1000_CTRL_EXT_SDP5_DIR 0x00000200 /* Direction of SDP5 0=in 1=out */ #define E1000_CTRL_EXT_SDP6_DIR 0x00000400 /* Direction of SDP6 0=in 1=out */ diff --git a/sys/dev/pci/if_ix.c b/sys/dev/pci/if_ix.c index b447547c3..0adf47a79 100644 --- a/sys/dev/pci/if_ix.c +++ b/sys/dev/pci/if_ix.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ix.c,v 1.216 2024/08/31 16:23:09 deraadt Exp $ */ +/* $OpenBSD: if_ix.c,v 1.217 2024/09/04 07:54:52 mglocker Exp $ */ /****************************************************************************** @@ -2697,7 +2697,7 @@ ixgbe_get_buf(struct ix_rxring *rxr, int i) return (ENOBUFS); } - /* needed in any case so prealocate since this one will fail for sure */ + /* needed in any case so preallocate since this one will fail for sure */ mp = MCLGETL(NULL, M_DONTWAIT, sc->rx_mbuf_sz); if (!mp) return (ENOBUFS); diff --git a/sys/dev/pci/if_nxe.c b/sys/dev/pci/if_nxe.c index 8e39c2969..b28467d9a 100644 --- a/sys/dev/pci/if_nxe.c +++ b/sys/dev/pci/if_nxe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_nxe.c,v 1.81 2024/05/24 06:02:56 jsg Exp $ */ +/* $OpenBSD: if_nxe.c,v 1.82 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2007 David Gwynne @@ -2077,7 +2077,7 @@ nxe_crb_set(struct nxe_softc *sc, int window) nxe_write(sc, NXE_WIN_CRB(sc->sc_function), r); if (nxe_read(sc, NXE_WIN_CRB(sc->sc_function)) != r) - printf("%s: crb window hasnt moved\n", DEVNAME(sc)); + printf("%s: crb window hasn't moved\n", DEVNAME(sc)); } return (oldwindow); diff --git a/sys/dev/pci/if_sk.c b/sys/dev/pci/if_sk.c index 021205c6b..400d8dcda 100644 --- a/sys/dev/pci/if_sk.c +++ b/sys/dev/pci/if_sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_sk.c,v 1.198 2024/08/31 16:23:09 deraadt Exp $ */ +/* $OpenBSD: if_sk.c,v 1.199 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 1997, 1998, 1999, 2000 @@ -2271,7 +2271,7 @@ sk_init(void *xsc_if) * transmit command due to CPU/cache related interim storage problems * under certain conditions. The document recommends a polling * mechanism to send a Start transmit command to initiate transfer - * of ready descriptors regulary. To cope with this issue sk(4) now + * of ready descriptors regularly. To cope with this issue sk(4) now * enables descriptor poll timer to initiate descriptor processing * periodically as defined by SK_DPT_TIMER_MAX. However sk(4) still * issue SK_TXBMU_TX_START to Tx BMU to get fast execution of Tx diff --git a/sys/dev/pci/if_tht.c b/sys/dev/pci/if_tht.c index 9ed198ae0..3b47c62a1 100644 --- a/sys/dev/pci/if_tht.c +++ b/sys/dev/pci/if_tht.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_tht.c,v 1.148 2024/05/24 06:02:57 jsg Exp $ */ +/* $OpenBSD: if_tht.c,v 1.149 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2007 David Gwynne @@ -260,7 +260,7 @@ int thtdebug = THT_D_TX | THT_D_RX | THT_D_INTR; #define THT_FIFO_GAP 8 /* keep 8 bytes between ptrs */ #define THT_FIFO_PTR_MASK 0x00007ff8 /* rptr/wptr mask */ -#define THT_FIFO_DESC_LEN 208 /* a descriptor cant be bigger than this */ +#define THT_FIFO_DESC_LEN 208 /* a descriptor can't be bigger than this */ #define THT_IMR_DOWN(_p) (THT_REG_IMR_LINKCHG(_p)) #define THT_IMR_UP(_p) (THT_REG_IMR_LINKCHG(_p) | \ @@ -1034,7 +1034,7 @@ tht_iff(struct tht_softc *sc) } #endif - /* fill the imperfect multicast filter with whats left */ + /* fill the imperfect multicast filter with what's left */ while (enm != NULL) { hash = 0x00; for (i = 0; i < ETHER_ADDR_LEN; i++) diff --git a/sys/dev/pci/ixgbe_type.h b/sys/dev/pci/ixgbe_type.h index 42551d056..64d492667 100644 --- a/sys/dev/pci/ixgbe_type.h +++ b/sys/dev/pci/ixgbe_type.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ixgbe_type.h,v 1.38 2023/08/15 08:27:30 miod Exp $ */ +/* $OpenBSD: ixgbe_type.h,v 1.39 2024/09/04 07:54:52 mglocker Exp $ */ /****************************************************************************** SPDX-License-Identifier: BSD-3-Clause @@ -306,7 +306,7 @@ #define NVM_VER_INVALID 0xFFFF #define NVM_ETK_VALID 0x8000 #define NVM_INVALID_PTR 0xFFFF -#define NVM_VER_SIZE 32 /* version sting size */ +#define NVM_VER_SIZE 32 /* version string size */ struct ixgbe_nvm_version { uint32_t etk_id; diff --git a/sys/dev/pci/maestro.c b/sys/dev/pci/maestro.c index 37e29dcb6..02e9dc773 100644 --- a/sys/dev/pci/maestro.c +++ b/sys/dev/pci/maestro.c @@ -1,4 +1,4 @@ -/* $OpenBSD: maestro.c,v 1.54 2024/08/18 20:28:41 deraadt Exp $ */ +/* $OpenBSD: maestro.c,v 1.55 2024/09/04 07:54:52 mglocker Exp $ */ /* $FreeBSD: /c/ncvs/src/sys/dev/sound/pci/maestro.c,v 1.3 2000/11/21 12:22:11 julian Exp $ */ /* * FreeBSD's ESS Agogo/Maestro driver @@ -991,7 +991,7 @@ maestro_open(void *hdl, int flags) if ((flags & (FWRITE | FREAD)) == (FWRITE | FREAD)) return ENXIO; /* XXX */ -/* XXX work around VM brokeness */ +/* XXX work around VM brokenness */ #if 0 if ((OFLAGS(flags) & O_ACCMODE) != O_WRONLY) return (EINVAL); diff --git a/sys/dev/pci/pcidevs b/sys/dev/pci/pcidevs index 9e15de72d..43c71f726 100644 --- a/sys/dev/pci/pcidevs +++ b/sys/dev/pci/pcidevs @@ -1,4 +1,4 @@ -$OpenBSD: pcidevs,v 1.2087 2024/09/02 03:59:40 yasuoka Exp $ +$OpenBSD: pcidevs,v 1.2088 2024/09/04 23:56:43 dlg Exp $ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ /* @@ -8569,7 +8569,8 @@ product PLX PEX_8616 0x8616 PEX 8616 product PLX PEX_8624 0x8624 PEX 8624 product PLX PEX_8632 0x8632 PEX 8632 product PLX PEX_8648 0x8648 PEX 8648 -product PLX PEX_8617 0x8717 PEX 8617 +product PLX PEX_8717 0x8717 PEX 8717 +product PLX PEX_8718 0x8718 PEX 8718 product PLX PEX_8724 0x8724 PEX 8724 product PLX PEX_8732 0x8732 PEX 8732 product PLX PEX_8733 0x8733 PEX 8733 @@ -9179,7 +9180,8 @@ product SIS 7300 0x7300 7300 VGA product SIS 966_HDA 0x7502 966 HD Audio /* SK hynix products */ -product SKHYNIX SSD 0x1327 BC501 NVMe +product SKHYNIX BC501 0x1327 BC501 +product SKHYNIX PC601 0x1627 PC601 product SKHYNIX BC901 0x1d59 BC901 /* SMC products */ diff --git a/sys/dev/pci/pcidevs.h b/sys/dev/pci/pcidevs.h index 5ebba19ec..49fd31f04 100644 --- a/sys/dev/pci/pcidevs.h +++ b/sys/dev/pci/pcidevs.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2087 2024/09/02 03:59:40 yasuoka Exp + * OpenBSD: pcidevs,v 1.2088 2024/09/04 23:56:43 dlg Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -8574,7 +8574,8 @@ #define PCI_PRODUCT_PLX_PEX_8624 0x8624 /* PEX 8624 */ #define PCI_PRODUCT_PLX_PEX_8632 0x8632 /* PEX 8632 */ #define PCI_PRODUCT_PLX_PEX_8648 0x8648 /* PEX 8648 */ -#define PCI_PRODUCT_PLX_PEX_8617 0x8717 /* PEX 8617 */ +#define PCI_PRODUCT_PLX_PEX_8717 0x8717 /* PEX 8717 */ +#define PCI_PRODUCT_PLX_PEX_8718 0x8718 /* PEX 8718 */ #define PCI_PRODUCT_PLX_PEX_8724 0x8724 /* PEX 8724 */ #define PCI_PRODUCT_PLX_PEX_8732 0x8732 /* PEX 8732 */ #define PCI_PRODUCT_PLX_PEX_8733 0x8733 /* PEX 8733 */ @@ -9184,7 +9185,8 @@ #define PCI_PRODUCT_SIS_966_HDA 0x7502 /* 966 HD Audio */ /* SK hynix products */ -#define PCI_PRODUCT_SKHYNIX_SSD 0x1327 /* BC501 NVMe */ +#define PCI_PRODUCT_SKHYNIX_BC501 0x1327 /* BC501 */ +#define PCI_PRODUCT_SKHYNIX_PC601 0x1627 /* PC601 */ #define PCI_PRODUCT_SKHYNIX_BC901 0x1d59 /* BC901 */ /* SMC products */ diff --git a/sys/dev/pci/pcidevs_data.h b/sys/dev/pci/pcidevs_data.h index b11ef6fd6..2a0e08f58 100644 --- a/sys/dev/pci/pcidevs_data.h +++ b/sys/dev/pci/pcidevs_data.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2087 2024/09/02 03:59:40 yasuoka Exp + * OpenBSD: pcidevs,v 1.2088 2024/09/04 23:56:43 dlg Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -30928,8 +30928,12 @@ static const struct pci_known_product pci_known_products[] = { "PEX 8648", }, { - PCI_VENDOR_PLX, PCI_PRODUCT_PLX_PEX_8617, - "PEX 8617", + PCI_VENDOR_PLX, PCI_PRODUCT_PLX_PEX_8717, + "PEX 8717", + }, + { + PCI_VENDOR_PLX, PCI_PRODUCT_PLX_PEX_8718, + "PEX 8718", }, { PCI_VENDOR_PLX, PCI_PRODUCT_PLX_PEX_8724, @@ -33104,8 +33108,12 @@ static const struct pci_known_product pci_known_products[] = { "966 HD Audio", }, { - PCI_VENDOR_SKHYNIX, PCI_PRODUCT_SKHYNIX_SSD, - "BC501 NVMe", + PCI_VENDOR_SKHYNIX, PCI_PRODUCT_SKHYNIX_BC501, + "BC501", + }, + { + PCI_VENDOR_SKHYNIX, PCI_PRODUCT_SKHYNIX_PC601, + "PC601", }, { PCI_VENDOR_SKHYNIX, PCI_PRODUCT_SKHYNIX_BC901, diff --git a/sys/dev/pci/qla_pci.c b/sys/dev/pci/qla_pci.c index 722fae61c..6a5804887 100644 --- a/sys/dev/pci/qla_pci.c +++ b/sys/dev/pci/qla_pci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: qla_pci.c,v 1.10 2024/05/24 06:02:58 jsg Exp $ */ +/* $OpenBSD: qla_pci.c,v 1.11 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2011 David Gwynne @@ -217,7 +217,7 @@ qla_pci_detach(struct device *self, int flags) int rv; if (psc->psc_ih == NULL) { - /* we didnt attach properly, so nothing to detach */ + /* we didn't attach properly, so nothing to detach */ return (0); } diff --git a/sys/dev/pci/qle.c b/sys/dev/pci/qle.c index 152154ce2..67e041614 100644 --- a/sys/dev/pci/qle.c +++ b/sys/dev/pci/qle.c @@ -1,4 +1,4 @@ -/* $OpenBSD: qle.c,v 1.65 2024/05/24 06:02:58 jsg Exp $ */ +/* $OpenBSD: qle.c,v 1.66 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2013, 2014 Jonathan Matthew @@ -691,7 +691,7 @@ qle_detach(struct device *self, int flags) struct qle_softc *sc = (struct qle_softc *)self; if (sc->sc_ih == NULL) { - /* we didnt attach properly, so nothing to detach */ + /* we didn't attach properly, so nothing to detach */ return (0); } diff --git a/sys/dev/pci/qlw_pci.c b/sys/dev/pci/qlw_pci.c index 9ed90d834..45cdcdbb2 100644 --- a/sys/dev/pci/qlw_pci.c +++ b/sys/dev/pci/qlw_pci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: qlw_pci.c,v 1.13 2024/05/24 06:02:58 jsg Exp $ */ +/* $OpenBSD: qlw_pci.c,v 1.14 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2011 David Gwynne @@ -302,7 +302,7 @@ qlw_pci_detach(struct device *self, int flags) int rv; if (psc->psc_ih == NULL) { - /* we didnt attach properly, so nothing to detach */ + /* we didn't attach properly, so nothing to detach */ return (0); } diff --git a/sys/dev/pci/vmwpvs.c b/sys/dev/pci/vmwpvs.c index 5b37a807e..6ac67d1db 100644 --- a/sys/dev/pci/vmwpvs.c +++ b/sys/dev/pci/vmwpvs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmwpvs.c,v 1.28 2024/05/24 06:02:58 jsg Exp $ */ +/* $OpenBSD: vmwpvs.c,v 1.29 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2013 David Gwynne @@ -499,7 +499,7 @@ vmwpvs_attach(struct device *parent, struct device *self, void *aux) sc->sc_ccbs = mallocarray(r, sizeof(struct vmwpvs_ccb), M_DEVBUF, M_WAITOK); - /* cant fail */ + /* can't fail */ sgls = VMWPVS_DMA_KVA(sc->sc_sgls); sense = VMWPVS_DMA_KVA(sc->sc_sense); diff --git a/sys/dev/pv/if_vio.c b/sys/dev/pv/if_vio.c index 470331d1d..7a3740058 100644 --- a/sys/dev/pv/if_vio.c +++ b/sys/dev/pv/if_vio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vio.c,v 1.51 2024/08/28 12:40:22 sf Exp $ */ +/* $OpenBSD: if_vio.c,v 1.54 2024/09/04 09:12:55 sf Exp $ */ /* * Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg. @@ -215,14 +215,24 @@ enum vio_ctrl_state { FREE, INUSE, DONE, RESET }; +struct vio_queue { + struct vio_softc *viq_sc; + struct virtio_net_hdr *viq_txhdrs; + bus_dmamap_t *viq_arrays; +#define viq_rxdmamaps viq_arrays + bus_dmamap_t *viq_txdmamaps; + struct mbuf **viq_rxmbufs; + struct mbuf **viq_txmbufs; + struct if_rxring viq_rxring; + struct virtqueue *viq_rxvq; + struct virtqueue *viq_txvq; +}; + struct vio_softc { struct device sc_dev; struct virtio_softc *sc_virtio; -#define VQRX 0 -#define VQTX 1 -#define VQCTL 2 - struct virtqueue sc_vq[3]; + struct virtqueue *sc_ctl_vq; struct arpcom sc_ac; struct ifmedia sc_media; @@ -236,7 +246,6 @@ struct vio_softc { caddr_t sc_dma_kva; int sc_hdr_size; - struct virtio_net_hdr *sc_tx_hdrs; struct virtio_net_ctrl_cmd *sc_ctrl_cmd; struct virtio_net_ctrl_status *sc_ctrl_status; struct virtio_net_ctrl_rx *sc_ctrl_rx; @@ -245,13 +254,8 @@ struct vio_softc { #define sc_ctrl_mac_info sc_ctrl_mac_tbl_uc struct virtio_net_ctrl_mac_tbl *sc_ctrl_mac_tbl_mc; - /* kmem */ - bus_dmamap_t *sc_arrays; -#define sc_rx_dmamaps sc_arrays - bus_dmamap_t *sc_tx_dmamaps; - struct mbuf **sc_rx_mbufs; - struct mbuf **sc_tx_mbufs; - struct if_rxring sc_rx_ring; + struct vio_queue *sc_q; + uint16_t sc_nqueues; enum vio_ctrl_state sc_ctrl_inuse; @@ -262,9 +266,6 @@ struct vio_softc { #define VIO_DMAMEM_SYNC(vsc, sc, p, size, flags) \ bus_dmamap_sync((vsc)->sc_dmat, (sc)->sc_dma_map, \ VIO_DMAMEM_OFFSET((sc), (p)), (size), (flags)) -#define VIO_DMAMEM_ENQUEUE(sc, vq, slot, p, size, write) \ - virtio_enqueue_p((vq), (slot), (sc)->sc_dma_map, \ - VIO_DMAMEM_OFFSET((sc), (p)), (size), (write)) #define VIO_HAVE_MRG_RXBUF(sc) \ ((sc)->sc_hdr_size == sizeof(struct virtio_net_hdr)) @@ -291,10 +292,10 @@ void vio_get_lladdr(struct arpcom *ac, struct virtio_softc *vsc); void vio_put_lladdr(struct arpcom *ac, struct virtio_softc *vsc); /* rx */ -int vio_add_rx_mbuf(struct vio_softc *, int); -void vio_free_rx_mbuf(struct vio_softc *, int); -void vio_populate_rx_mbufs(struct vio_softc *); -int vio_rxeof(struct vio_softc *); +int vio_add_rx_mbuf(struct vio_softc *, struct vio_queue *, int); +void vio_free_rx_mbuf(struct vio_softc *, struct vio_queue *, int); +void vio_populate_rx_mbufs(struct vio_softc *, struct vio_queue *); +int vio_rxeof(struct vio_queue *); int vio_rx_intr(struct virtqueue *); void vio_rx_drain(struct vio_softc *); void vio_rxtick(void *); @@ -303,7 +304,7 @@ void vio_rxtick(void *); int vio_tx_intr(struct virtqueue *); int vio_txeof(struct virtqueue *); void vio_tx_drain(struct vio_softc *); -int vio_encap(struct vio_softc *, int, struct mbuf *); +int vio_encap(struct vio_queue *, int, struct mbuf *); void vio_txtick(void *); /* other control */ @@ -381,6 +382,7 @@ void vio_free_dmamem(struct vio_softc *sc) { struct virtio_softc *vsc = sc->sc_virtio; + bus_dmamap_unload(vsc->sc_dmat, sc->sc_dma_map); bus_dmamem_unmap(vsc->sc_dmat, sc->sc_dma_kva, sc->sc_dma_size); bus_dmamem_free(vsc->sc_dmat, &sc->sc_dma_seg, 1); @@ -390,7 +392,7 @@ vio_free_dmamem(struct vio_softc *sc) /* allocate memory */ /* * dma memory is used for: - * sc_tx_hdrs[slot]: metadata array for frames to be sent (WRITE) + * viq_txhdrs[slot]: metadata array for frames to be sent (WRITE) * sc_ctrl_cmd: command to be sent via ctrl vq (WRITE) * sc_ctrl_status: return value for a command via ctrl vq (READ) * sc_ctrl_rx: parameter for a VIRTIO_NET_CTRL_RX class command @@ -407,30 +409,30 @@ vio_free_dmamem(struct vio_softc *sc) */ /* * dynamically allocated memory is used for: - * sc_rx_dmamaps[slot]: bus_dmamap_t array for received payload - * sc_tx_dmamaps[slot]: bus_dmamap_t array for sent payload - * sc_rx_mbufs[slot]: mbuf pointer array for received frames - * sc_tx_mbufs[slot]: mbuf pointer array for sent frames + * viq_rxdmamaps[slot]: bus_dmamap_t array for received payload + * viq_txdmamaps[slot]: bus_dmamap_t array for sent payload + * viq_rxmbufs[slot]: mbuf pointer array for received frames + * viq_txmbufs[slot]: mbuf pointer array for sent frames */ int vio_alloc_mem(struct vio_softc *sc) { - struct virtio_softc *vsc = sc->sc_virtio; - struct ifnet *ifp = &sc->sc_ac.ac_if; - int allocsize, r, i, txsize; - unsigned int offset = 0; - int rxqsize, txqsize; - caddr_t kva; + struct virtio_softc *vsc = sc->sc_virtio; + struct ifnet *ifp = &sc->sc_ac.ac_if; + size_t allocsize, rxqsize, txqsize, offset = 0; + bus_size_t txsize; + caddr_t kva; + int i, qidx, r; - rxqsize = vsc->sc_vqs[0].vq_num; - txqsize = vsc->sc_vqs[1].vq_num; + rxqsize = sc->sc_q[0].viq_rxvq->vq_num; + txqsize = sc->sc_q[0].viq_txvq->vq_num; /* * For simplicity, we always allocate the full virtio_net_hdr size * even if VIRTIO_NET_F_MRG_RXBUF is not negotiated and * only a part of the memory is ever used. */ - allocsize = sizeof(struct virtio_net_hdr) * txqsize; + allocsize = sizeof(struct virtio_net_hdr) * txqsize * sc->sc_nqueues; if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_VQ)) { allocsize += sizeof(struct virtio_net_ctrl_cmd) * 1; @@ -447,76 +449,105 @@ vio_alloc_mem(struct vio_softc *sc) } kva = sc->sc_dma_kva; - sc->sc_tx_hdrs = (struct virtio_net_hdr*)(kva + offset); - offset += sizeof(struct virtio_net_hdr) * txqsize; + + for (qidx = 0; qidx < sc->sc_nqueues; qidx++) { + sc->sc_q[qidx].viq_txhdrs = + (struct virtio_net_hdr *)(kva + offset); + offset += sizeof(struct virtio_net_hdr) * txqsize; + } + if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_VQ)) { - sc->sc_ctrl_cmd = (void*)(kva + offset); + sc->sc_ctrl_cmd = (void *)(kva + offset); offset += sizeof(*sc->sc_ctrl_cmd); - sc->sc_ctrl_status = (void*)(kva + offset); + sc->sc_ctrl_status = (void *)(kva + offset); offset += sizeof(*sc->sc_ctrl_status); - sc->sc_ctrl_rx = (void*)(kva + offset); + sc->sc_ctrl_rx = (void *)(kva + offset); offset += sizeof(*sc->sc_ctrl_rx); - sc->sc_ctrl_guest_offloads = (void*)(kva + offset); + sc->sc_ctrl_guest_offloads = (void *)(kva + offset); offset += sizeof(*sc->sc_ctrl_guest_offloads); - sc->sc_ctrl_mac_tbl_uc = (void*)(kva + offset); + sc->sc_ctrl_mac_tbl_uc = (void *)(kva + offset); offset += sizeof(*sc->sc_ctrl_mac_tbl_uc) + ETHER_ADDR_LEN * VIRTIO_NET_CTRL_MAC_UC_ENTRIES; - sc->sc_ctrl_mac_tbl_mc = (void*)(kva + offset); - } - - sc->sc_arrays = mallocarray(rxqsize + txqsize, - sizeof(bus_dmamap_t) + sizeof(struct mbuf *), M_DEVBUF, - M_WAITOK | M_CANFAIL | M_ZERO); - if (sc->sc_arrays == NULL) { - printf("unable to allocate mem for dmamaps\n"); - goto err_hdr; - } - allocsize = (rxqsize + txqsize) * - (sizeof(bus_dmamap_t) + sizeof(struct mbuf *)); - - sc->sc_tx_dmamaps = sc->sc_arrays + rxqsize; - sc->sc_rx_mbufs = (void*) (sc->sc_tx_dmamaps + txqsize); - sc->sc_tx_mbufs = sc->sc_rx_mbufs + rxqsize; - - for (i = 0; i < rxqsize; i++) { - r = bus_dmamap_create(vsc->sc_dmat, MAXMCLBYTES, - MAXMCLBYTES/PAGE_SIZE + 1, MCLBYTES, 0, - BUS_DMA_NOWAIT|BUS_DMA_ALLOCNOW, &sc->sc_rx_dmamaps[i]); - if (r != 0) - goto err_reqs; + sc->sc_ctrl_mac_tbl_mc = (void *)(kva + offset); + offset += sizeof(*sc->sc_ctrl_mac_tbl_mc) + + ETHER_ADDR_LEN * VIRTIO_NET_CTRL_MAC_MC_ENTRIES; } + KASSERT(offset == allocsize); txsize = ifp->if_hardmtu + sc->sc_hdr_size + ETHER_HDR_LEN; - for (i = 0; i < txqsize; i++) { - r = bus_dmamap_create(vsc->sc_dmat, txsize, - VIRTIO_NET_TX_MAXNSEGS, txsize, 0, - BUS_DMA_NOWAIT|BUS_DMA_ALLOCNOW, - &sc->sc_tx_dmamaps[i]); - if (r != 0) - goto err_reqs; + + for (qidx = 0; qidx < sc->sc_nqueues; qidx++) { + struct vio_queue *vioq = &sc->sc_q[qidx]; + + vioq->viq_arrays = mallocarray(rxqsize + txqsize, + sizeof(bus_dmamap_t) + sizeof(struct mbuf *), M_DEVBUF, + M_WAITOK|M_ZERO); + if (vioq->viq_arrays == NULL) { + printf("unable to allocate mem for dmamaps\n"); + goto free; + } + + vioq->viq_txdmamaps = vioq->viq_arrays + rxqsize; + vioq->viq_rxmbufs = (void *)(vioq->viq_txdmamaps + txqsize); + vioq->viq_txmbufs = vioq->viq_rxmbufs + rxqsize; + + for (i = 0; i < rxqsize; i++) { + r = bus_dmamap_create(vsc->sc_dmat, MAXMCLBYTES, + MAXMCLBYTES/PAGE_SIZE + 1, MCLBYTES, 0, + BUS_DMA_NOWAIT|BUS_DMA_ALLOCNOW, + &vioq->viq_rxdmamaps[i]); + if (r != 0) + goto destroy; + } + + for (i = 0; i < txqsize; i++) { + r = bus_dmamap_create(vsc->sc_dmat, txsize, + VIRTIO_NET_TX_MAXNSEGS, txsize, 0, + BUS_DMA_NOWAIT|BUS_DMA_ALLOCNOW, + &vioq->viq_txdmamaps[i]); + if (r != 0) + goto destroy; + } } return 0; -err_reqs: + destroy: printf("dmamap creation failed, error %d\n", r); - for (i = 0; i < txqsize; i++) { - if (sc->sc_tx_dmamaps[i]) - bus_dmamap_destroy(vsc->sc_dmat, sc->sc_tx_dmamaps[i]); + for (qidx = 0; qidx < sc->sc_nqueues; qidx++) { + struct vio_queue *vioq = &sc->sc_q[qidx]; + + for (i = 0; i < txqsize; i++) { + if (vioq->viq_txdmamaps[i] == NULL) + break; + bus_dmamap_destroy(vsc->sc_dmat, + vioq->viq_txdmamaps[i]); + } + for (i = 0; i < rxqsize; i++) { + if (vioq->viq_rxdmamaps[i] == NULL) + break; + bus_dmamap_destroy(vsc->sc_dmat, + vioq->viq_rxdmamaps[i]); + } + free(vioq->viq_arrays, M_DEVBUF, (rxqsize + txqsize) * + (sizeof(bus_dmamap_t) + sizeof(struct mbuf *))); + vioq->viq_arrays = NULL; } - for (i = 0; i < rxqsize; i++) { - if (sc->sc_rx_dmamaps[i]) - bus_dmamap_destroy(vsc->sc_dmat, sc->sc_rx_dmamaps[i]); - } - if (sc->sc_arrays) { - free(sc->sc_arrays, M_DEVBUF, allocsize); - sc->sc_arrays = 0; - } -err_hdr: + free: vio_free_dmamem(sc); return -1; } +static void +vio_dmamem_enqueue(struct virtio_softc *vsc, struct vio_softc *sc, + struct virtqueue *vq, int slot, void *p, size_t size, int write) +{ + VIO_DMAMEM_SYNC(vsc, sc, p, size, write ? BUS_DMASYNC_PREWRITE : + BUS_DMASYNC_PREREAD); + virtio_enqueue_p(vq, slot, sc->sc_dma_map, VIO_DMAMEM_OFFSET(sc, p), + size, write); +} + void vio_get_lladdr(struct arpcom *ac, struct virtio_softc *vsc) { @@ -567,7 +598,6 @@ vio_attach(struct device *parent, struct device *self, void *aux) vsc->sc_child = self; vsc->sc_ipl = IPL_NET; - vsc->sc_vqs = &sc->sc_vq[0]; vsc->sc_config_change = NULL; vsc->sc_driver_features = VIRTIO_NET_F_MAC | VIRTIO_NET_F_STATUS | VIRTIO_NET_F_CTRL_VQ | VIRTIO_NET_F_CTRL_RX | @@ -582,6 +612,24 @@ vio_attach(struct device *parent, struct device *self, void *aux) vsc->sc_driver_features |= VIRTIO_NET_F_GUEST_TSO6; virtio_negotiate_features(vsc, virtio_net_feature_names); + + sc->sc_nqueues = 1; + vsc->sc_nvqs = 2 * sc->sc_nqueues; + if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_VQ)) + vsc->sc_nvqs++; + + vsc->sc_vqs = mallocarray(vsc->sc_nvqs, sizeof(*vsc->sc_vqs), M_DEVBUF, + M_WAITOK|M_ZERO); + if (vsc->sc_vqs == NULL) { + vsc->sc_nvqs = 0; + goto err; + } + + sc->sc_q = mallocarray(sc->sc_nqueues, sizeof(*sc->sc_q), M_DEVBUF, + M_WAITOK|M_ZERO); + if (sc->sc_q == NULL) + goto err; + if (virtio_has_feature(vsc, VIRTIO_NET_F_MAC)) { vio_get_lladdr(&sc->sc_ac, vsc); } else { @@ -601,28 +649,38 @@ vio_attach(struct device *parent, struct device *self, void *aux) else ifp->if_hardmtu = MCLBYTES - sc->sc_hdr_size - ETHER_HDR_LEN; - if (virtio_alloc_vq(vsc, &sc->sc_vq[VQRX], 0, 2, "rx") != 0) - goto err; - vsc->sc_nvqs = 1; - sc->sc_vq[VQRX].vq_done = vio_rx_intr; - if (virtio_alloc_vq(vsc, &sc->sc_vq[VQTX], 1, - VIRTIO_NET_TX_MAXNSEGS + 1, "tx") != 0) { - goto err; - } - vsc->sc_nvqs = 2; - sc->sc_vq[VQTX].vq_done = vio_tx_intr; - virtio_start_vq_intr(vsc, &sc->sc_vq[VQRX]); - if (virtio_has_feature(vsc, VIRTIO_F_RING_EVENT_IDX)) - virtio_postpone_intr_far(&sc->sc_vq[VQTX]); - else - virtio_stop_vq_intr(vsc, &sc->sc_vq[VQTX]); - if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_VQ)) { - if (virtio_alloc_vq(vsc, &sc->sc_vq[VQCTL], 2, 1, - "control") == 0) { - sc->sc_vq[VQCTL].vq_done = vio_ctrleof; - virtio_start_vq_intr(vsc, &sc->sc_vq[VQCTL]); - vsc->sc_nvqs = 3; + for (i = 0; i < sc->sc_nqueues; i++) { + int vqidx = 2 * i; + struct vio_queue *vioq = &sc->sc_q[i]; + + vioq->viq_rxvq = &vsc->sc_vqs[vqidx]; + vioq->viq_sc = sc; + if (virtio_alloc_vq(vsc, vioq->viq_rxvq, vqidx, 2, "rx") != 0) + goto err; + vioq->viq_rxvq->vq_done = vio_rx_intr; + virtio_start_vq_intr(vsc, vioq->viq_rxvq); + + vqidx++; + vioq->viq_txvq = &vsc->sc_vqs[vqidx]; + if (virtio_alloc_vq(vsc, vioq->viq_txvq, vqidx, + VIRTIO_NET_TX_MAXNSEGS + 1, "tx") != 0) { + goto err; } + vioq->viq_txvq->vq_done = vio_tx_intr; + if (virtio_has_feature(vsc, VIRTIO_F_RING_EVENT_IDX)) + virtio_postpone_intr_far(vioq->viq_txvq); + else + virtio_stop_vq_intr(vsc, vioq->viq_txvq); + } + + /* control queue */ + if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_VQ)) { + sc->sc_ctl_vq = &vsc->sc_vqs[2]; + if (virtio_alloc_vq(vsc, sc->sc_ctl_vq, 2, 1, + "control") != 0) + goto err; + sc->sc_ctl_vq->vq_done = vio_ctrleof; + virtio_start_vq_intr(vsc, sc->sc_ctl_vq); } if (vio_alloc_mem(sc) < 0) @@ -658,8 +716,8 @@ vio_attach(struct device *parent, struct device *self, void *aux) ifmedia_add(&sc->sc_media, IFM_ETHER | IFM_AUTO, 0, NULL); ifmedia_set(&sc->sc_media, IFM_ETHER | IFM_AUTO); vsc->sc_config_change = vio_config_change; - timeout_set(&sc->sc_txtick, vio_txtick, &sc->sc_vq[VQTX]); - timeout_set(&sc->sc_rxtick, vio_rxtick, &sc->sc_vq[VQRX]); + timeout_set(&sc->sc_txtick, vio_txtick, sc->sc_q[0].viq_txvq); + timeout_set(&sc->sc_rxtick, vio_rxtick, sc->sc_q[0].viq_rxvq); virtio_set_status(vsc, VIRTIO_CONFIG_DEVICE_STATUS_DRIVER_OK); if_attach(ifp); @@ -669,7 +727,9 @@ vio_attach(struct device *parent, struct device *self, void *aux) err: for (i = 0; i < vsc->sc_nvqs; i++) - virtio_free_vq(vsc, &sc->sc_vq[i]); + virtio_free_vq(vsc, &vsc->sc_vqs[i]); + free(vsc->sc_vqs, M_DEVBUF, vsc->sc_nvqs * sizeof(*vsc->sc_vqs)); + free(sc->sc_q, M_DEVBUF, sc->sc_nqueues * sizeof(*sc->sc_q)); vsc->sc_nvqs = 0; vsc->sc_child = VIRTIO_CHILD_ERROR; return; @@ -730,12 +790,17 @@ vio_init(struct ifnet *ifp) { struct vio_softc *sc = ifp->if_softc; struct virtio_softc *vsc = sc->sc_virtio; + int qidx; vio_stop(ifp, 0); - if_rxr_init(&sc->sc_rx_ring, 2 * ((ifp->if_hardmtu / MCLBYTES) + 1), - sc->sc_vq[VQRX].vq_num); - vio_populate_rx_mbufs(sc); - ifp->if_flags |= IFF_RUNNING; + for (qidx = 0; qidx < sc->sc_nqueues; qidx++) { + struct vio_queue *vioq = &sc->sc_q[qidx]; + + if_rxr_init(&vioq->viq_rxring, + 2 * ((ifp->if_hardmtu / MCLBYTES) + 1), + vioq->viq_rxvq->vq_num); + vio_populate_rx_mbufs(sc, vioq); + } ifq_clr_oactive(&ifp->if_snd); vio_iff(sc); vio_link_state(ifp); @@ -756,6 +821,8 @@ vio_init(struct ifnet *ifp) vio_ctrl_guest_offloads(sc, features); } + SET(ifp->if_flags, IFF_RUNNING); + return 0; } @@ -764,14 +831,17 @@ vio_stop(struct ifnet *ifp, int disable) { struct vio_softc *sc = ifp->if_softc; struct virtio_softc *vsc = sc->sc_virtio; + int i; + CLR(ifp->if_flags, IFF_RUNNING); timeout_del(&sc->sc_txtick); timeout_del(&sc->sc_rxtick); - ifp->if_flags &= ~IFF_RUNNING; ifq_clr_oactive(&ifp->if_snd); /* only way to stop I/O and DMA is resetting... */ virtio_reset(vsc); - vio_rxeof(sc); + for (i = 0; i < sc->sc_nqueues; i++) + vio_rxeof(&sc->sc_q[i]); + if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_VQ)) vio_ctrl_wakeup(sc, RESET); vio_tx_drain(sc); @@ -779,10 +849,12 @@ vio_stop(struct ifnet *ifp, int disable) vio_rx_drain(sc); virtio_reinit_start(vsc); - virtio_start_vq_intr(vsc, &sc->sc_vq[VQRX]); - virtio_stop_vq_intr(vsc, &sc->sc_vq[VQTX]); + for (i = 0; i < sc->sc_nqueues; i++) { + virtio_start_vq_intr(vsc, sc->sc_q[i].viq_rxvq); + virtio_stop_vq_intr(vsc, sc->sc_q[i].viq_txvq); + } if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_VQ)) - virtio_start_vq_intr(vsc, &sc->sc_vq[VQCTL]); + virtio_start_vq_intr(vsc, sc->sc_ctl_vq); virtio_reinit_end(vsc); if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_VQ)) vio_ctrl_wakeup(sc, FREE); @@ -859,7 +931,9 @@ vio_tx_offload(struct virtio_net_hdr *hdr, struct mbuf *m) hdr->gso_type = VIRTIO_NET_HDR_GSO_TCPV6; #endif - /* VirtIO-Net need pseudo header cksum with IP-payload length for TSO */ + /* + * VirtIO-Net needs pseudo header cksum with IP-payload length for TSO + */ ext.tcp->th_sum = vio_cksum_update(ext.tcp->th_sum, htons(ext.iplen - ext.iphlen)); @@ -872,7 +946,8 @@ vio_start(struct ifnet *ifp) { struct vio_softc *sc = ifp->if_softc; struct virtio_softc *vsc = sc->sc_virtio; - struct virtqueue *vq = &sc->sc_vq[VQTX]; + struct vio_queue *vioq = &sc->sc_q[0]; + struct virtqueue *vq = vioq->viq_txvq; struct mbuf *m; int queued = 0; @@ -902,11 +977,11 @@ again: panic("%s: enqueue_prep for tx buffer: %d", sc->sc_dev.dv_xname, r); - hdr = &sc->sc_tx_hdrs[slot]; + hdr = &vioq->viq_txhdrs[slot]; memset(hdr, 0, sc->sc_hdr_size); vio_tx_offload(hdr, m); - r = vio_encap(sc, slot, m); + r = vio_encap(vioq, slot, m); if (r != 0) { virtio_enqueue_abort(vq, slot); ifq_deq_commit(&ifp->if_snd, m); @@ -915,23 +990,22 @@ again: continue; } r = virtio_enqueue_reserve(vq, slot, - sc->sc_tx_dmamaps[slot]->dm_nsegs + 1); + vioq->viq_txdmamaps[slot]->dm_nsegs + 1); if (r != 0) { bus_dmamap_unload(vsc->sc_dmat, - sc->sc_tx_dmamaps[slot]); + vioq->viq_txdmamaps[slot]); ifq_deq_rollback(&ifp->if_snd, m); - sc->sc_tx_mbufs[slot] = NULL; + vioq->viq_txmbufs[slot] = NULL; ifq_set_oactive(&ifp->if_snd); break; } ifq_deq_commit(&ifp->if_snd, m); - bus_dmamap_sync(vsc->sc_dmat, sc->sc_tx_dmamaps[slot], 0, - sc->sc_tx_dmamaps[slot]->dm_mapsize, BUS_DMASYNC_PREWRITE); - VIO_DMAMEM_SYNC(vsc, sc, hdr, sc->sc_hdr_size, + bus_dmamap_sync(vsc->sc_dmat, vioq->viq_txdmamaps[slot], 0, + vioq->viq_txdmamaps[slot]->dm_mapsize, BUS_DMASYNC_PREWRITE); - VIO_DMAMEM_ENQUEUE(sc, vq, slot, hdr, sc->sc_hdr_size, 1); - virtio_enqueue(vq, slot, sc->sc_tx_dmamaps[slot], 1); + vio_dmamem_enqueue(vsc, sc, vq, slot, hdr, sc->sc_hdr_size, 1); + virtio_enqueue(vq, slot, vioq->viq_txdmamaps[slot], 1); virtio_enqueue_commit(vsc, vq, slot, 0); queued++; #if NBPFILTER > 0 @@ -942,9 +1016,9 @@ again: if (ifq_is_oactive(&ifp->if_snd)) { int r; if (virtio_has_feature(vsc, VIRTIO_F_RING_EVENT_IDX)) - r = virtio_postpone_intr_smart(&sc->sc_vq[VQTX]); + r = virtio_postpone_intr_smart(vioq->viq_txvq); else - r = virtio_start_vq_intr(vsc, &sc->sc_vq[VQTX]); + r = virtio_start_vq_intr(vsc, vioq->viq_txvq); if (r) { vio_txeof(vq); goto again; @@ -963,17 +1037,20 @@ vio_dump(struct vio_softc *sc) { struct ifnet *ifp = &sc->sc_ac.ac_if; struct virtio_softc *vsc = sc->sc_virtio; + int i; printf("%s status dump:\n", ifp->if_xname); - printf("TX virtqueue:\n"); - virtio_vq_dump(&vsc->sc_vqs[VQTX]); printf("tx tick active: %d\n", !timeout_triggered(&sc->sc_txtick)); printf("rx tick active: %d\n", !timeout_triggered(&sc->sc_rxtick)); - printf("RX virtqueue:\n"); - virtio_vq_dump(&vsc->sc_vqs[VQRX]); + for (i = 0; i < sc->sc_nqueues; i++) { + printf("%d: TX virtqueue:\n", i); + virtio_vq_dump(sc->sc_q[i].viq_txvq); + printf("%d: RX virtqueue:\n", i); + virtio_vq_dump(sc->sc_q[i].viq_rxvq); + } if (virtio_has_feature(vsc, VIRTIO_NET_F_CTRL_VQ)) { printf("CTL virtqueue:\n"); - virtio_vq_dump(&vsc->sc_vqs[VQCTL]); + virtio_vq_dump(sc->sc_ctl_vq); printf("ctrl_inuse: %d\n", sc->sc_ctrl_inuse); } } @@ -1014,7 +1091,7 @@ vio_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) break; case SIOCGIFRXR: r = if_rxr_ioctl((struct if_rxrinfo *)ifr->ifr_data, - NULL, MCLBYTES, &sc->sc_rx_ring); + NULL, MCLBYTES, &sc->sc_q[0].viq_rxring); break; default: r = ether_ioctl(ifp, &sc->sc_ac, cmd, data); @@ -1034,7 +1111,7 @@ vio_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) */ /* allocate and initialize a mbuf for receive */ int -vio_add_rx_mbuf(struct vio_softc *sc, int i) +vio_add_rx_mbuf(struct vio_softc *sc, struct vio_queue *vioq, int i) { struct mbuf *m; int r; @@ -1042,13 +1119,14 @@ vio_add_rx_mbuf(struct vio_softc *sc, int i) m = MCLGETL(NULL, M_DONTWAIT, MCLBYTES); if (m == NULL) return ENOBUFS; - sc->sc_rx_mbufs[i] = m; + vioq->viq_rxmbufs[i] = m; m->m_len = m->m_pkthdr.len = m->m_ext.ext_size; - r = bus_dmamap_load_mbuf(sc->sc_virtio->sc_dmat, sc->sc_rx_dmamaps[i], - m, BUS_DMA_READ|BUS_DMA_NOWAIT); + /* XXX m_adj ETHER_ALIGN ? */ + r = bus_dmamap_load_mbuf(sc->sc_virtio->sc_dmat, + vioq->viq_rxdmamaps[i], m, BUS_DMA_READ|BUS_DMA_NOWAIT); if (r) { m_freem(m); - sc->sc_rx_mbufs[i] = NULL; + vioq->viq_rxmbufs[i] = NULL; return r; } @@ -1057,24 +1135,24 @@ vio_add_rx_mbuf(struct vio_softc *sc, int i) /* free a mbuf for receive */ void -vio_free_rx_mbuf(struct vio_softc *sc, int i) +vio_free_rx_mbuf(struct vio_softc *sc, struct vio_queue *vioq, int i) { - bus_dmamap_unload(sc->sc_virtio->sc_dmat, sc->sc_rx_dmamaps[i]); - m_freem(sc->sc_rx_mbufs[i]); - sc->sc_rx_mbufs[i] = NULL; + bus_dmamap_unload(sc->sc_virtio->sc_dmat, vioq->viq_rxdmamaps[i]); + m_freem(vioq->viq_rxmbufs[i]); + vioq->viq_rxmbufs[i] = NULL; } /* add mbufs for all the empty receive slots */ void -vio_populate_rx_mbufs(struct vio_softc *sc) +vio_populate_rx_mbufs(struct vio_softc *sc, struct vio_queue *vioq) { struct virtio_softc *vsc = sc->sc_virtio; int r, done = 0; u_int slots; - struct virtqueue *vq = &sc->sc_vq[VQRX]; + struct virtqueue *vq = vioq->viq_rxvq; int mrg_rxbuf = VIO_HAVE_MRG_RXBUF(sc); - for (slots = if_rxr_get(&sc->sc_rx_ring, vq->vq_num); + for (slots = if_rxr_get(&vioq->viq_rxring, vq->vq_num); slots > 0; slots--) { int slot; r = virtio_enqueue_prep(vq, &slot); @@ -1083,38 +1161,39 @@ vio_populate_rx_mbufs(struct vio_softc *sc) if (r != 0) panic("%s: enqueue_prep for rx buffer: %d", sc->sc_dev.dv_xname, r); - if (sc->sc_rx_mbufs[slot] == NULL) { - r = vio_add_rx_mbuf(sc, slot); + if (vioq->viq_rxmbufs[slot] == NULL) { + r = vio_add_rx_mbuf(sc, vioq, slot); if (r != 0) { virtio_enqueue_abort(vq, slot); break; } } r = virtio_enqueue_reserve(vq, slot, - sc->sc_rx_dmamaps[slot]->dm_nsegs + (mrg_rxbuf ? 0 : 1)); + vioq->viq_rxdmamaps[slot]->dm_nsegs + (mrg_rxbuf ? 0 : 1)); if (r != 0) { - vio_free_rx_mbuf(sc, slot); + vio_free_rx_mbuf(sc, vioq, slot); break; } - bus_dmamap_sync(vsc->sc_dmat, sc->sc_rx_dmamaps[slot], 0, - sc->sc_rx_dmamaps[slot]->dm_mapsize, BUS_DMASYNC_PREREAD); + bus_dmamap_sync(vsc->sc_dmat, vioq->viq_rxdmamaps[slot], 0, + vioq->viq_rxdmamaps[slot]->dm_mapsize, + BUS_DMASYNC_PREREAD); if (mrg_rxbuf) { - virtio_enqueue(vq, slot, sc->sc_rx_dmamaps[slot], 0); + virtio_enqueue(vq, slot, vioq->viq_rxdmamaps[slot], 0); } else { /* * Buggy kvm wants a buffer of exactly the size of * the header in this case, so we have to split in * two. */ - virtio_enqueue_p(vq, slot, sc->sc_rx_dmamaps[slot], + virtio_enqueue_p(vq, slot, vioq->viq_rxdmamaps[slot], 0, sc->sc_hdr_size, 0); - virtio_enqueue_p(vq, slot, sc->sc_rx_dmamaps[slot], + virtio_enqueue_p(vq, slot, vioq->viq_rxdmamaps[slot], sc->sc_hdr_size, MCLBYTES - sc->sc_hdr_size, 0); } virtio_enqueue_commit(vsc, vq, slot, 0); done = 1; } - if_rxr_put(&sc->sc_rx_ring, slots); + if_rxr_put(&vioq->viq_rxring, slots); if (done) virtio_notify(vsc, vq); @@ -1163,10 +1242,10 @@ vio_rx_offload(struct mbuf *m, struct virtio_net_hdr *hdr) /* dequeue received packets */ int -vio_rxeof(struct vio_softc *sc) +vio_rxeof(struct vio_queue *vioq) { + struct vio_softc *sc = vioq->viq_sc; struct virtio_softc *vsc = sc->sc_virtio; - struct virtqueue *vq = &sc->sc_vq[VQRX]; struct ifnet *ifp = &sc->sc_ac.ac_if; struct mbuf_list ml = MBUF_LIST_INITIALIZER(); struct mbuf *m, *m0 = NULL, *mlast; @@ -1174,16 +1253,17 @@ vio_rxeof(struct vio_softc *sc) int slot, len, bufs_left; struct virtio_net_hdr *hdr; - while (virtio_dequeue(vsc, vq, &slot, &len) == 0) { + while (virtio_dequeue(vsc, vioq->viq_rxvq, &slot, &len) == 0) { r = 1; - bus_dmamap_sync(vsc->sc_dmat, sc->sc_rx_dmamaps[slot], 0, - sc->sc_rx_dmamaps[slot]->dm_mapsize, BUS_DMASYNC_POSTREAD); - m = sc->sc_rx_mbufs[slot]; + bus_dmamap_sync(vsc->sc_dmat, vioq->viq_rxdmamaps[slot], 0, + vioq->viq_rxdmamaps[slot]->dm_mapsize, + BUS_DMASYNC_POSTREAD); + m = vioq->viq_rxmbufs[slot]; KASSERT(m != NULL); - bus_dmamap_unload(vsc->sc_dmat, sc->sc_rx_dmamaps[slot]); - sc->sc_rx_mbufs[slot] = NULL; - virtio_dequeue_commit(vq, slot); - if_rxr_put(&sc->sc_rx_ring, 1); + bus_dmamap_unload(vsc->sc_dmat, vioq->viq_rxdmamaps[slot]); + vioq->viq_rxmbufs[slot] = NULL; + virtio_dequeue_commit(vioq->viq_rxvq, slot); + if_rxr_put(&vioq->viq_rxring, 1); m->m_len = m->m_pkthdr.len = len; m->m_pkthdr.csum_flags = 0; if (m0 == NULL) { @@ -1217,7 +1297,7 @@ vio_rxeof(struct vio_softc *sc) } if (ifiq_input(&ifp->if_rcv, &ml)) - if_rxr_livelocked(&sc->sc_rx_ring); + if_rxr_livelocked(&vioq->viq_rxring); return r; } @@ -1227,13 +1307,15 @@ vio_rx_intr(struct virtqueue *vq) { struct virtio_softc *vsc = vq->vq_owner; struct vio_softc *sc = (struct vio_softc *)vsc->sc_child; + /* vioq N uses the rx/tx vq pair 2*N and 2*N + 1 */ + struct vio_queue *vioq = &sc->sc_q[vq->vq_index/2]; int r, sum = 0; again: - r = vio_rxeof(sc); + r = vio_rxeof(vioq); sum += r; if (r) { - vio_populate_rx_mbufs(sc); + vio_populate_rx_mbufs(sc, vioq); /* set used event index to the next slot */ if (virtio_has_feature(vsc, VIRTIO_F_RING_EVENT_IDX)) { if (virtio_start_vq_intr(vq->vq_owner, vq)) @@ -1250,10 +1332,14 @@ vio_rxtick(void *arg) struct virtqueue *vq = arg; struct virtio_softc *vsc = vq->vq_owner; struct vio_softc *sc = (struct vio_softc *)vsc->sc_child; - int s; + struct vio_queue *vioq; + int s, qidx; s = splnet(); - vio_populate_rx_mbufs(sc); + for (qidx = 0; qidx < sc->sc_nqueues; qidx++) { + vioq = &sc->sc_q[qidx]; + vio_populate_rx_mbufs(sc, vioq); + } splx(s); } @@ -1261,13 +1347,16 @@ vio_rxtick(void *arg) void vio_rx_drain(struct vio_softc *sc) { - struct virtqueue *vq = &sc->sc_vq[VQRX]; - int i; + struct vio_queue *vioq; + int i, qidx; - for (i = 0; i < vq->vq_num; i++) { - if (sc->sc_rx_mbufs[i] == NULL) - continue; - vio_free_rx_mbuf(sc, i); + for (qidx = 0; qidx < sc->sc_nqueues; qidx++) { + vioq = &sc->sc_q[qidx]; + for (i = 0; i < vioq->viq_rxvq->vq_num; i++) { + if (vioq->viq_rxmbufs[i] == NULL) + continue; + vio_free_rx_mbuf(sc, vioq, i); + } } } @@ -1308,6 +1397,8 @@ vio_txeof(struct virtqueue *vq) { struct virtio_softc *vsc = vq->vq_owner; struct vio_softc *sc = (struct vio_softc *)vsc->sc_child; + /* vioq N uses the rx/tx vq pair 2*N and 2*N + 1 */ + struct vio_queue *vioq = &sc->sc_q[vq->vq_index/2]; struct ifnet *ifp = &sc->sc_ac.ac_if; struct mbuf *m; int r = 0; @@ -1317,22 +1408,23 @@ vio_txeof(struct virtqueue *vq) return 0; while (virtio_dequeue(vsc, vq, &slot, &len) == 0) { - struct virtio_net_hdr *hdr = &sc->sc_tx_hdrs[slot]; + struct virtio_net_hdr *hdr = &vioq->viq_txhdrs[slot]; r++; VIO_DMAMEM_SYNC(vsc, sc, hdr, sc->sc_hdr_size, BUS_DMASYNC_POSTWRITE); - bus_dmamap_sync(vsc->sc_dmat, sc->sc_tx_dmamaps[slot], 0, - sc->sc_tx_dmamaps[slot]->dm_mapsize, BUS_DMASYNC_POSTWRITE); - m = sc->sc_tx_mbufs[slot]; - bus_dmamap_unload(vsc->sc_dmat, sc->sc_tx_dmamaps[slot]); - sc->sc_tx_mbufs[slot] = NULL; + bus_dmamap_sync(vsc->sc_dmat, vioq->viq_txdmamaps[slot], 0, + vioq->viq_txdmamaps[slot]->dm_mapsize, + BUS_DMASYNC_POSTWRITE); + m = vioq->viq_txmbufs[slot]; + bus_dmamap_unload(vsc->sc_dmat, vioq->viq_txdmamaps[slot]); + vioq->viq_txmbufs[slot] = NULL; virtio_dequeue_commit(vq, slot); m_freem(m); } if (r) { ifq_clr_oactive(&ifp->if_snd); - virtio_stop_vq_intr(vsc, &sc->sc_vq[VQTX]); + virtio_stop_vq_intr(vsc, vioq->viq_txvq); } if (vq->vq_used_idx == vq->vq_avail_idx) timeout_del(&sc->sc_txtick); @@ -1342,10 +1434,10 @@ vio_txeof(struct virtqueue *vq) } int -vio_encap(struct vio_softc *sc, int slot, struct mbuf *m) +vio_encap(struct vio_queue *vioq, int slot, struct mbuf *m) { - struct virtio_softc *vsc = sc->sc_virtio; - bus_dmamap_t dmap= sc->sc_tx_dmamaps[slot]; + struct virtio_softc *vsc = vioq->viq_sc->sc_virtio; + bus_dmamap_t dmap = vioq->viq_txdmamaps[slot]; int r; r = bus_dmamap_load_mbuf(vsc->sc_dmat, dmap, m, @@ -1363,7 +1455,7 @@ vio_encap(struct vio_softc *sc, int slot, struct mbuf *m) default: return ENOBUFS; } - sc->sc_tx_mbufs[slot] = m; + vioq->viq_txmbufs[slot] = m; return 0; } @@ -1372,15 +1464,19 @@ void vio_tx_drain(struct vio_softc *sc) { struct virtio_softc *vsc = sc->sc_virtio; - struct virtqueue *vq = &sc->sc_vq[VQTX]; - int i; + struct vio_queue *vioq; + int i, q; - for (i = 0; i < vq->vq_num; i++) { - if (sc->sc_tx_mbufs[i] == NULL) - continue; - bus_dmamap_unload(vsc->sc_dmat, sc->sc_tx_dmamaps[i]); - m_freem(sc->sc_tx_mbufs[i]); - sc->sc_tx_mbufs[i] = NULL; + for (q = 0; q < sc->sc_nqueues; q++) { + vioq = &sc->sc_q[q]; + for (i = 0; i < vioq->viq_txvq->vq_num; i++) { + if (vioq->viq_txmbufs[i] == NULL) + continue; + bus_dmamap_unload(vsc->sc_dmat, + vioq->viq_txdmamaps[i]); + m_freem(vioq->viq_txmbufs[i]); + vioq->viq_txmbufs[i] = NULL; + } } } @@ -1392,7 +1488,7 @@ int vio_ctrl_rx(struct vio_softc *sc, int cmd, int onoff) { struct virtio_softc *vsc = sc->sc_virtio; - struct virtqueue *vq = &sc->sc_vq[VQCTL]; + struct virtqueue *vq = sc->sc_ctl_vq; int r, slot; splassert(IPL_NET); @@ -1404,13 +1500,6 @@ vio_ctrl_rx(struct vio_softc *sc, int cmd, int onoff) sc->sc_ctrl_cmd->command = cmd; sc->sc_ctrl_rx->onoff = onoff; - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd, - sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_PREWRITE); - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_rx, - sizeof(*sc->sc_ctrl_rx), BUS_DMASYNC_PREWRITE); - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status, - sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_PREREAD); - r = virtio_enqueue_prep(vq, &slot); if (r != 0) panic("%s: %s virtio_enqueue_prep: control vq busy", @@ -1419,11 +1508,11 @@ vio_ctrl_rx(struct vio_softc *sc, int cmd, int onoff) if (r != 0) panic("%s: %s virtio_enqueue_reserve: control vq busy", sc->sc_dev.dv_xname, __func__); - VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_cmd, + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_cmd, sizeof(*sc->sc_ctrl_cmd), 1); - VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_rx, + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_rx, sizeof(*sc->sc_ctrl_rx), 1); - VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_status, + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_status, sizeof(*sc->sc_ctrl_status), 0); virtio_enqueue_commit(vsc, vq, slot, 1); @@ -1454,7 +1543,7 @@ int vio_ctrl_guest_offloads(struct vio_softc *sc, uint64_t features) { struct virtio_softc *vsc = sc->sc_virtio; - struct virtqueue *vq = &sc->sc_vq[VQCTL]; + struct virtqueue *vq = sc->sc_ctl_vq; int r, slot; splassert(IPL_NET); @@ -1466,13 +1555,6 @@ vio_ctrl_guest_offloads(struct vio_softc *sc, uint64_t features) sc->sc_ctrl_cmd->command = VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET; sc->sc_ctrl_guest_offloads->offloads = features; - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd, - sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_PREWRITE); - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_guest_offloads, - sizeof(*sc->sc_ctrl_guest_offloads), BUS_DMASYNC_PREWRITE); - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status, - sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_PREREAD); - r = virtio_enqueue_prep(vq, &slot); if (r != 0) panic("%s: %s virtio_enqueue_prep: control vq busy", @@ -1481,11 +1563,11 @@ vio_ctrl_guest_offloads(struct vio_softc *sc, uint64_t features) if (r != 0) panic("%s: %s virtio_enqueue_reserve: control vq busy", sc->sc_dev.dv_xname, __func__); - VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_cmd, + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_cmd, sizeof(*sc->sc_ctrl_cmd), 1); - VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_guest_offloads, + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_guest_offloads, sizeof(*sc->sc_ctrl_guest_offloads), 1); - VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_status, + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_status, sizeof(*sc->sc_ctrl_status), 0); virtio_enqueue_commit(vsc, vq, slot, 1); @@ -1539,7 +1621,8 @@ vio_wait_ctrl_done(struct vio_softc *sc) r = tsleep_nsec(&sc->sc_ctrl_inuse, PRIBIO, "viodone", VIRTIO_NET_CTRL_TIMEOUT); if (r == EWOULDBLOCK) { - printf("%s: ctrl queue timeout\n", sc->sc_dev.dv_xname); + printf("%s: ctrl queue timeout\n", + sc->sc_dev.dv_xname); vio_ctrl_wakeup(sc, RESET); return ENXIO; } @@ -1580,7 +1663,7 @@ vio_set_rx_filter(struct vio_softc *sc) { /* filter already set in sc_ctrl_mac_tbl */ struct virtio_softc *vsc = sc->sc_virtio; - struct virtqueue *vq = &sc->sc_vq[VQCTL]; + struct virtqueue *vq = sc->sc_ctl_vq; int r, slot; splassert(IPL_NET); @@ -1591,13 +1674,6 @@ vio_set_rx_filter(struct vio_softc *sc) sc->sc_ctrl_cmd->class = VIRTIO_NET_CTRL_MAC; sc->sc_ctrl_cmd->command = VIRTIO_NET_CTRL_MAC_TABLE_SET; - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd, - sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_PREWRITE); - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_mac_info, - VIO_CTRL_MAC_INFO_SIZE, BUS_DMASYNC_PREWRITE); - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status, - sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_PREREAD); - r = virtio_enqueue_prep(vq, &slot); if (r != 0) panic("%s: %s virtio_enqueue_prep: control vq busy", @@ -1606,15 +1682,15 @@ vio_set_rx_filter(struct vio_softc *sc) if (r != 0) panic("%s: %s virtio_enqueue_reserve: control vq busy", sc->sc_dev.dv_xname, __func__); - VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_cmd, + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_cmd, sizeof(*sc->sc_ctrl_cmd), 1); - VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_mac_tbl_uc, + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_mac_tbl_uc, sizeof(*sc->sc_ctrl_mac_tbl_uc) + sc->sc_ctrl_mac_tbl_uc->nentries * ETHER_ADDR_LEN, 1); - VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_mac_tbl_mc, + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_mac_tbl_mc, sizeof(*sc->sc_ctrl_mac_tbl_mc) + sc->sc_ctrl_mac_tbl_mc->nentries * ETHER_ADDR_LEN, 1); - VIO_DMAMEM_ENQUEUE(sc, vq, slot, sc->sc_ctrl_status, + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_status, sizeof(*sc->sc_ctrl_status), 0); virtio_enqueue_commit(vsc, vq, slot, 1); diff --git a/sys/dev/pv/xenreg.h b/sys/dev/pv/xenreg.h index e398f89be..a9a24ee2d 100644 --- a/sys/dev/pv/xenreg.h +++ b/sys/dev/pv/xenreg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xenreg.h,v 1.11 2022/01/09 05:42:58 jsg Exp $ */ +/* $OpenBSD: xenreg.h,v 1.12 2024/09/04 07:54:52 mglocker Exp $ */ /* * Permission is hereby granted, free of charge, to any person obtaining a copy @@ -534,7 +534,7 @@ struct evtchn_unmask { }; /* - * Superceded by new event_channel_op() hypercall since 0x00030202. + * Superseded by new event_channel_op() hypercall since 0x00030202. */ struct evtchn_op { uint32_t cmd; /* EVTCHNOP_* */ diff --git a/sys/dev/sbus/uperf_sbusreg.h b/sys/dev/sbus/uperf_sbusreg.h index 5a5a94a7a..461a16256 100644 --- a/sys/dev/sbus/uperf_sbusreg.h +++ b/sys/dev/sbus/uperf_sbusreg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uperf_sbusreg.h,v 1.3 2003/06/02 18:32:41 jason Exp $ */ +/* $OpenBSD: uperf_sbusreg.h,v 1.4 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2002 Jason L. Wright (jason@thought.net) @@ -174,7 +174,7 @@ #define USC_MEM0_MRE 0x01000000 /* missed refresh error */ #define USC_MEM0_RPMC 0x00800000 /* RAS Phi 0 cookie for refresh */ #define USC_MEM0_RWMC 0x00400000 /* RAS Phi 0 cookie for writers */ -#define USC_MEM0_SW0 0x001f0000 /* strecth count for first write */ +#define USC_MEM0_SW0 0x001f0000 /* stretch count for first write */ #define USC_MEM0_SP 0x00000f00 /* simm present mask */ #define USC_MEM0_REFI 0x000000ff /* refresh interval */ diff --git a/sys/dev/usb/if_axe.c b/sys/dev/usb/if_axe.c index 7f66a4ca5..0e0d60225 100644 --- a/sys/dev/usb/if_axe.c +++ b/sys/dev/usb/if_axe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_axe.c,v 1.143 2024/05/23 03:21:08 jsg Exp $ */ +/* $OpenBSD: if_axe.c,v 1.144 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2005, 2006, 2007 Jonathan Gray @@ -305,7 +305,7 @@ axe_miibus_readreg(struct device *dev, int phy, int reg) /* * BMSR of AX88772 indicates that it supports extended * capability but the extended status register is - * revered for embedded ethernet PHY. So clear the + * reserved for embedded ethernet PHY. So clear the * extended capability bit of BMSR. */ ival &= ~BMSR_EXTCAP; diff --git a/sys/dev/usb/usb.c b/sys/dev/usb/usb.c index 662a0aba2..395bc2576 100644 --- a/sys/dev/usb/usb.c +++ b/sys/dev/usb/usb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: usb.c,v 1.132 2024/08/18 02:59:51 deraadt Exp $ */ +/* $OpenBSD: usb.c,v 1.133 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: usb.c,v 1.77 2003/01/01 00:10:26 thorpej Exp $ */ /* @@ -260,7 +260,7 @@ usb_detach_roothub(struct usb_softc *sc) sc->sc_bus->flags |= USB_BUS_DISCONNECTING; /* * Reset the dying flag in case it has been set by the interrupt - * handler when unplugging an HC card otherwise the task wont be + * handler when unplugging an HC card otherwise the task won't be * scheduled. This is safe since a dead HC should not trigger * new interrupt. */ diff --git a/sys/dev/usb/xhcireg.h b/sys/dev/usb/xhcireg.h index 854684954..177e293a1 100644 --- a/sys/dev/usb/xhcireg.h +++ b/sys/dev/usb/xhcireg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xhcireg.h,v 1.19 2024/04/23 04:12:53 jsg Exp $ */ +/* $OpenBSD: xhcireg.h,v 1.20 2024/09/04 07:54:52 mglocker Exp $ */ /*- * Copyright (c) 2014 Martin Pieuchot. All rights reserved. @@ -65,12 +65,12 @@ #define XHCI_HCIVERSION_0_9 0x0090 /* xHCI version 0.9 */ #define XHCI_HCIVERSION_1_0 0x0100 /* xHCI version 1.0 */ -#define XHCI_HCSPARAMS1 0x04 /* RO structual parameters 1 */ +#define XHCI_HCSPARAMS1 0x04 /* RO structural parameters 1 */ #define XHCI_HCS1_DEVSLOT_MAX(x)((x) & 0xff) #define XHCI_HCS1_IRQ_MAX(x) (((x) >> 8) & 0x3ff) #define XHCI_HCS1_N_PORTS(x) (((x) >> 24) & 0xff) -#define XHCI_HCSPARAMS2 0x08 /* RO structual parameters 2 */ +#define XHCI_HCSPARAMS2 0x08 /* RO structural parameters 2 */ #define XHCI_HCS2_IST(x) ((x) & 0x7) #define XHCI_HCS2_IST_MICRO(x) (!((x) & 0x8)) #define XHCI_HCS2_ERST_MAX(x) (((x) >> 4) & 0xf) @@ -78,7 +78,7 @@ #define XHCI_HCS2_SPR(x) (((x) >> 26) & 0x1) #define XHCI_HCS2_SPB_MAX(x) ((((x) >> 16) & 0x3e0) | (((x) >> 27) & 0x1f)) -#define XHCI_HCSPARAMS3 0x0c /* RO structual parameters 3 */ +#define XHCI_HCSPARAMS3 0x0c /* RO structural parameters 3 */ #define XHCI_HCS3_U1_DEL(x) ((x) & 0xff) #define XHCI_HCS3_U2_DEL(x) (((x) >> 16) & 0xffff) diff --git a/sys/dev/x86emu/x86emu.c b/sys/dev/x86emu/x86emu.c index f6c103b59..ec80ab56a 100644 --- a/sys/dev/x86emu/x86emu.c +++ b/sys/dev/x86emu/x86emu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x86emu.c,v 1.12 2022/01/09 05:43:02 jsg Exp $ */ +/* $OpenBSD: x86emu.c,v 1.13 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: x86emu.c,v 1.7 2009/02/03 19:26:29 joerg Exp $ */ /* @@ -398,7 +398,7 @@ fetch_long_imm(struct x86emu *emu) * gs segment override * ss segment override * - * ds/ss select (in absense of override) + * ds/ss select (in absence of override) * * Each of the above 7 items are handled with a bit in the mode field. */ diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index e1483fdbd..c51c93a1f 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.318 2024/09/02 11:08:41 jsg Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.319 2024/09/04 07:45:08 jsg Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -73,7 +73,7 @@ #if defined(__amd64__) #include "vmm.h" -#include "ccp.h" +#include "psp.h" #include #endif @@ -1348,7 +1348,7 @@ pledge_ioctl(struct proc *p, long com, struct file *fp) } #endif -#if NCCP > 0 +#if NPSP > 0 if ((pledge & PLEDGE_VMM)) { if ((fp->f_type == DTYPE_VNODE) && (vp->v_type == VCHR) && diff --git a/sys/kern/uipc_mbuf.c b/sys/kern/uipc_mbuf.c index db942bfd7..a0c0ebc94 100644 --- a/sys/kern/uipc_mbuf.c +++ b/sys/kern/uipc_mbuf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_mbuf.c,v 1.291 2024/08/29 10:44:40 bluhm Exp $ */ +/* $OpenBSD: uipc_mbuf.c,v 1.292 2024/09/05 08:52:27 bluhm Exp $ */ /* $NetBSD: uipc_mbuf.c,v 1.15.4.1 1996/06/13 17:11:44 cgd Exp $ */ /* @@ -1533,6 +1533,80 @@ m_print(void *v, } } + +const char *m_types[MT_NTYPES] = { + "fre", + "dat", + "hdr", + "nam", + "opt", + "ftb", + "ctl", + "oob", +}; + +void +m_print_chain(void *v, int deep, + int (*pr)(const char *, ...) __attribute__((__format__(__kprintf__,1,2)))) +{ + struct mbuf *m; + const char *indent = deep ? "++-" : "-+-"; + size_t chain = 0, len = 0, size = 0; + + for (m = v; m != NULL; m = m->m_next) { + const char *type; + + chain++; + len += m->m_len; + size += M_SIZE(m); + type = (m->m_type >= 0 && m->m_type < MT_NTYPES) ? + m_types[m->m_type] : "???"; + (*pr)("%s mbuf %p, %s, off %zd, len %u", indent, m, type, + m->m_data - M_DATABUF(m), m->m_len); + if (m->m_flags & M_PKTHDR) + (*pr)(", pktlen %d", m->m_pkthdr.len); + if (m->m_flags & M_EXT) + (*pr)(", clsize %u", m->m_ext.ext_size); + (*pr)("\n"); + indent = deep ? "|+-" : " +-"; + } + indent = deep ? "|\\-" : " \\-"; + if (v != NULL) { + (*pr)("%s total chain %zu, len %zu, size %zu\n", + indent, chain, len, size); + } +} + +void +m_print_packet(void *v, int deep, + int (*pr)(const char *, ...) __attribute__((__format__(__kprintf__,1,2)))) +{ + struct mbuf *m, *n; + const char *indent = "+--"; + size_t pkts = 0; + + for (m = v; m != NULL; m = m->m_nextpkt) { + size_t chain = 0, len = 0, size = 0; + + pkts++; + if (deep) { + m_print_chain(m, deep, pr); + continue; + } + for (n = m; n != NULL; n = n->m_next) { + chain++; + len += n->m_len; + size += M_SIZE(n); + } + (*pr)("%s mbuf %p, chain %zu", indent, m, chain); + if (m->m_flags & M_PKTHDR) + (*pr)(", pktlen %d", m->m_pkthdr.len); + (*pr)(", len %zu, size %zu\n", len, size); + } + indent = "\\--"; + if (v != NULL) + (*pr)("%s total packets %zu\n", indent, pkts); +} #endif /* diff --git a/sys/lib/libkern/arch/arm/divsi3.S b/sys/lib/libkern/arch/arm/divsi3.S index b7c1eb1b6..03da28f46 100644 --- a/sys/lib/libkern/arch/arm/divsi3.S +++ b/sys/lib/libkern/arch/arm/divsi3.S @@ -1,4 +1,4 @@ -/* $OpenBSD: divsi3.S,v 1.6 2022/12/08 01:25:46 guenther Exp $ */ +/* $OpenBSD: divsi3.S,v 1.7 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: divsi3.S,v 1.2 2001/11/13 20:06:40 chris Exp $ */ /* @@ -371,7 +371,7 @@ L_divide_b0: cmp ip, #0 rsbmi r1, r1, #0 movs ip, ip, lsl #1 - bicmi r0, r0, #0x80000000 /* Fix incase we divided 0x80000000 */ + bicmi r0, r0, #0x80000000 /* Fix in case we divided 0x80000000 */ rsbmi r0, r0, #0 mov pc, lr diff --git a/sys/lib/libkern/arch/mips64/memmove.S b/sys/lib/libkern/arch/mips64/memmove.S index 411a187f3..f4f7a5c8d 100644 --- a/sys/lib/libkern/arch/mips64/memmove.S +++ b/sys/lib/libkern/arch/mips64/memmove.S @@ -1,4 +1,4 @@ -/* $OpenBSD: memmove.S,v 1.6 2022/01/29 05:47:36 visa Exp $ */ +/* $OpenBSD: memmove.S,v 1.7 2024/09/04 07:54:52 mglocker Exp $ */ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. @@ -70,7 +70,7 @@ ALEAF(bcopy) PTR_ADDU t1, a1, a2 # t1 = end of to region 1: lb v1, -1(t0) # copy bytes backwards, - PTR_SUBU t0, t0, 1 # doesnt happen often so do slow way + PTR_SUBU t0, t0, 1 # doesn't happen often so do slow way PTR_SUBU t1, t1, 1 bne t0, a0, 1b sb v1, 0(t1) diff --git a/sys/lib/libz/inflate.c b/sys/lib/libz/inflate.c index cb741c6fa..02d95279f 100644 --- a/sys/lib/libz/inflate.c +++ b/sys/lib/libz/inflate.c @@ -959,7 +959,7 @@ int ZEXPORT inflate(z_streamp strm, int flush) { while (state->have < 19) state->lens[order[state->have++]] = 0; state->next = state->codes; - state->lencode = (const code FAR *)(state->next); + state->lencode = state->distcode = (const code FAR *)(state->next); state->lenbits = 7; ret = inflate_table(CODES, state->lens, 19, &(state->next), &(state->lenbits), state->work); diff --git a/sys/msdosfs/msdosfs_vnops.c b/sys/msdosfs/msdosfs_vnops.c index 5e912766d..5e4373c07 100644 --- a/sys/msdosfs/msdosfs_vnops.c +++ b/sys/msdosfs/msdosfs_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msdosfs_vnops.c,v 1.141 2024/05/13 11:17:40 semarie Exp $ */ +/* $OpenBSD: msdosfs_vnops.c,v 1.142 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: msdosfs_vnops.c,v 1.63 1997/10/17 11:24:19 ws Exp $ */ /*- @@ -717,7 +717,7 @@ msdosfs_write(void *v) * it. Otherwise, if on a cluster boundary write it * asynchronously so we can move on to the next block * without delay. Otherwise do a delayed write because we - * may want to write somemore into the block later. + * may want to write some more into the block later. */ #if 0 if (ioflag & IO_NOCACHE) diff --git a/sys/net/if_aggr.c b/sys/net/if_aggr.c index 3780d82df..ca59131da 100644 --- a/sys/net/if_aggr.c +++ b/sys/net/if_aggr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_aggr.c,v 1.45 2024/03/18 06:14:50 dlg Exp $ */ +/* $OpenBSD: if_aggr.c,v 1.46 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2019 The University of Queensland @@ -1885,7 +1885,7 @@ aggr_set_selected(struct aggr_port *p, enum aggr_port_selected s, aggr_port_selected_names[s]); /* - * setting p_selected doesnt need the mtx except to + * setting p_selected doesn't need the mtx except to * coordinate with a kstat read. */ diff --git a/sys/net/pf.c b/sys/net/pf.c index a5eac9edb..29aee94f4 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1204 2024/08/06 16:56:09 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.1205 2024/09/04 07:54:52 mglocker Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5008,7 +5008,7 @@ pf_tcp_track_full(struct pf_pdesc *pd, struct pf_state **stp, u_short *reason, * (Selective ACK). We could optionally validate the SACK values * against the current ACK window, either forwards or backwards, but * I'm not confident that SACK has been implemented properly - * everywhere. It wouldn't surprise me if several stacks accidently + * everywhere. It wouldn't surprise me if several stacks accidentally * SACK too far backwards of previously ACKed data. There really aren't * any security implications of bad SACKing unless the target stack * doesn't validate the option length correctly. Someone trying to diff --git a/sys/net80211/ieee80211_node.c b/sys/net80211/ieee80211_node.c index 0bf1a4009..ba09a48a5 100644 --- a/sys/net80211/ieee80211_node.c +++ b/sys/net80211/ieee80211_node.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_node.c,v 1.198 2023/10/22 12:01:36 stsp Exp $ */ +/* $OpenBSD: ieee80211_node.c,v 1.199 2024/09/04 07:54:52 mglocker Exp $ */ /* $NetBSD: ieee80211_node.c,v 1.14 2004/05/09 09:18:47 dyoung Exp $ */ /*- @@ -2444,7 +2444,7 @@ ieee80211_40mhz_valid_secondary_below(uint8_t primary_chan) * Only accept 40 MHz channel configurations that conform to * regulatory operating classes as defined by the 802.11ac spec. * Passing other configurations down to firmware can result in - * regulatory assertions being trigged, such as fatal firmware + * regulatory assertions being triggered, such as fatal firmware * error 14FD in iwm(4). * * See 802.11ac 2013, page 380, Tables E-1 to E-5. @@ -2521,7 +2521,7 @@ ieee80211_setup_vhtcaps(struct ieee80211_node *ni, const uint8_t *data, * Only accept 80 MHz channel configurations that conform to * regulatory operating classes as defined by the 802.11ac spec. * Passing other configurations down to firmware can result in - * regulatory assertions being trigged, such as fatal firmware + * regulatory assertions being triggered, such as fatal firmware * error 14FD in iwm(4). * * See 802.11ac 2013, page 380, Tables E-1 to E-5. diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index fce85be1a..6b7613476 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nd6.c,v 1.282 2024/07/14 18:53:39 bluhm Exp $ */ +/* $OpenBSD: nd6.c,v 1.283 2024/09/04 07:54:52 mglocker Exp $ */ /* $KAME: nd6.c,v 1.280 2002/06/08 19:52:07 itojun Exp $ */ /* @@ -99,7 +99,7 @@ struct mutex nd6_mtx = MUTEX_INITIALIZER(IPL_SOFTNET); TAILQ_HEAD(llinfo_nd6_head, llinfo_nd6) nd6_list = TAILQ_HEAD_INITIALIZER(nd6_list); /* [mN] list of llinfo_nd6 structures */ struct pool nd6_pool; /* [I] pool for llinfo_nd6 structures */ -int nd6_inuse; /* [m] limit neigbor discovery routes */ +int nd6_inuse; /* [m] limit neighbor discovery routes */ unsigned int ln_hold_total; /* [a] packets currently in the nd6 queue */ void nd6_timer(void *); diff --git a/sys/nfs/nfs_socket.c b/sys/nfs/nfs_socket.c index 2ac95914c..89fcd061b 100644 --- a/sys/nfs/nfs_socket.c +++ b/sys/nfs/nfs_socket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_socket.c,v 1.151 2024/07/12 17:20:18 mvs Exp $ */ +/* $OpenBSD: nfs_socket.c,v 1.152 2024/09/04 07:54:53 mglocker Exp $ */ /* $NetBSD: nfs_socket.c,v 1.27 1996/04/15 20:20:00 thorpej Exp $ */ /* @@ -996,10 +996,10 @@ tryagain: /* * Since we only support RPCAUTH_UNIX atm we step over the - * reply verifer type, and in the (error) case that there really + * reply verifier type, and in the (error) case that there really * is any data in it, we advance over it. */ - tl++; /* Step over verifer type */ + tl++; /* Step over verifier type */ i = fxdr_unsigned(int32_t, *tl); if (i > 0) { /* Should not happen */ diff --git a/sys/nfs/nfs_subs.c b/sys/nfs/nfs_subs.c index fbae6f2ee..f562d96db 100644 --- a/sys/nfs/nfs_subs.c +++ b/sys/nfs/nfs_subs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_subs.c,v 1.149 2024/05/01 13:15:59 jsg Exp $ */ +/* $OpenBSD: nfs_subs.c,v 1.150 2024/09/04 07:54:53 mglocker Exp $ */ /* $NetBSD: nfs_subs.c,v 1.27.4.3 1996/07/08 20:34:24 jtc Exp $ */ /* @@ -565,7 +565,7 @@ nfsm_rpchead(struct nfsreq *req, struct ucred *cr, int auth_type) /* * We need to start out by finding how big the authorization cred - * and verifer are for the auth_type, to be able to correctly + * and verifier are for the auth_type, to be able to correctly * align the mbuf header/chain. */ switch (auth_type) { @@ -573,7 +573,7 @@ nfsm_rpchead(struct nfsreq *req, struct ucred *cr, int auth_type) /* * In the RPCAUTH_UNIX case, the size is the static * part as shown in RFC1831 + the number of groups, - * RPCAUTH_UNIX has a zero verifer. + * RPCAUTH_UNIX has a zero verifier. */ if (cr->cr_ngroups > req->r_nmp->nm_numgrps) ngroups = req->r_nmp->nm_numgrps; diff --git a/sys/ntfs/ntfs_vfsops.c b/sys/ntfs/ntfs_vfsops.c index 29f1f7e2a..d64eea74a 100644 --- a/sys/ntfs/ntfs_vfsops.c +++ b/sys/ntfs/ntfs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntfs_vfsops.c,v 1.65 2022/01/11 03:13:59 jsg Exp $ */ +/* $OpenBSD: ntfs_vfsops.c,v 1.66 2024/09/04 07:54:53 mglocker Exp $ */ /* $NetBSD: ntfs_vfsops.c,v 1.7 2003/04/24 07:50:19 christos Exp $ */ /*- @@ -340,7 +340,7 @@ ntfs_mountfs(struct vnode *devvp, struct mount *mp, struct ntfs_args *argsp, /* * We read in some system nodes to do not allow - * reclaim them and to have everytime access to them. + * reclaim them and to have every time access to them. */ { int pi[3] = { NTFS_MFTINO, NTFS_ROOTINO, NTFS_BITMAPINO }; diff --git a/sys/scsi/safte.c b/sys/scsi/safte.c index 32831c4f1..256395972 100644 --- a/sys/scsi/safte.c +++ b/sys/scsi/safte.c @@ -1,4 +1,4 @@ -/* $OpenBSD: safte.c,v 1.67 2021/10/24 16:57:30 mpi Exp $ */ +/* $OpenBSD: safte.c,v 1.68 2024/09/04 07:54:53 mglocker Exp $ */ /* * Copyright (c) 2005 David Gwynne @@ -352,7 +352,7 @@ safte_read_config(struct safte_softc *sc) /* * Stash the temp info so we can get out of range status. Limit the - * number so the out of temp checks can't go into memory it doesnt own. + * number so the out of temp checks can't go into memory it doesn't own. */ sc->sc_ntemps = (config->ntemps > 15) ? 15 : config->ntemps; sc->sc_temps = s; diff --git a/sys/scsi/scsi_base.c b/sys/scsi/scsi_base.c index 110b49628..0b4bced9b 100644 --- a/sys/scsi/scsi_base.c +++ b/sys/scsi/scsi_base.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scsi_base.c,v 1.283 2023/08/02 19:58:52 kettenis Exp $ */ +/* $OpenBSD: scsi_base.c,v 1.284 2024/09/04 07:54:53 mglocker Exp $ */ /* $NetBSD: scsi_base.c,v 1.43 1997/04/02 02:29:36 mycroft Exp $ */ /* @@ -437,7 +437,7 @@ scsi_iopool_run(struct scsi_iopool *iopl) } /* - * move an io from a runq to a proc thats waiting for an io. + * move an io from a runq to a proc that's waiting for an io. */ void @@ -1512,7 +1512,7 @@ scsi_xs_sync(struct scsi_xfer *xs) #endif /* DIAGNOSTIC */ /* - * If we cant sleep while waiting for completion, get the adapter to + * If we can't sleep while waiting for completion, get the adapter to * complete it for us. */ if (ISSET(xs->flags, SCSI_NOSLEEP)) diff --git a/sys/scsi/scsiconf.c b/sys/scsi/scsiconf.c index ed0e1115b..495020a23 100644 --- a/sys/scsi/scsiconf.c +++ b/sys/scsi/scsiconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scsiconf.c,v 1.253 2022/04/06 17:39:13 krw Exp $ */ +/* $OpenBSD: scsiconf.c,v 1.254 2024/09/04 07:54:53 mglocker Exp $ */ /* $NetBSD: scsiconf.c,v 1.57 1996/05/02 01:09:01 neil Exp $ */ /* @@ -524,7 +524,7 @@ scsi_probe_link(struct scsibus_softc *sb, int target, int lun, int dumbscan) } /* - * If we havent been given an io pool by now then fall back to + * If we haven't been given an io pool by now then fall back to * using link->openings. */ if (link->pool == NULL) { diff --git a/sys/scsi/sd.c b/sys/scsi/sd.c index fe1aa9fc7..9b02314c6 100644 --- a/sys/scsi/sd.c +++ b/sys/scsi/sd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sd.c,v 1.336 2024/05/04 16:40:38 kn Exp $ */ +/* $OpenBSD: sd.c,v 1.337 2024/09/04 07:54:53 mglocker Exp $ */ /* $NetBSD: sd.c,v 1.111 1997/04/02 02:29:41 mycroft Exp $ */ /*- @@ -1648,7 +1648,7 @@ sd_get_parms(struct sd_softc *sc, int flags) return -1; if (ISSET(sc->flags, SDF_THIN) && sd_thin_params(sc, flags) != 0) { - /* we dont know the unmap limits, so we cant use thin shizz */ + /* we don't know the unmap limits, so we can't use this shizz */ CLR(sc->flags, SDF_THIN); } diff --git a/sys/scsi/ses.h b/sys/scsi/ses.h index 6b05e9c3a..34a0adf4f 100644 --- a/sys/scsi/ses.h +++ b/sys/scsi/ses.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ses.h,v 1.10 2006/05/11 00:45:59 krw Exp $ */ +/* $OpenBSD: ses.h,v 1.11 2024/09/04 07:54:53 mglocker Exp $ */ /* * Copyright (c) 2005 Marco Peereboom * All rights reserved. @@ -92,7 +92,7 @@ struct ses_enc_hdr { /* enclosure descriptor strings */ struct ses_enc_desc { - u_int8_t logical_id[8]; /* this isnt a string */ + u_int8_t logical_id[8]; /* this isn't a string */ u_int8_t vendor_id[8]; u_int8_t prod_id[16]; u_int8_t prod_rev[4]; diff --git a/sys/scsi/st.c b/sys/scsi/st.c index 03312e212..674954b77 100644 --- a/sys/scsi/st.c +++ b/sys/scsi/st.c @@ -1,4 +1,4 @@ -/* $OpenBSD: st.c,v 1.190 2023/04/27 18:21:44 robert Exp $ */ +/* $OpenBSD: st.c,v 1.191 2024/09/04 07:54:53 mglocker Exp $ */ /* $NetBSD: st.c,v 1.71 1997/02/21 23:03:49 thorpej Exp $ */ /* @@ -1223,7 +1223,7 @@ stioctl(dev_t dev, u_long cmd, caddr_t arg, int flag, struct proc *p) try_new_value: /* - * Check that the mode being asked for is aggreeable to the + * Check that the mode being asked for is agreeable to the * drive. If not, put it back the way it was. */ if ((error = st_mode_select(st, 0)) != 0) {/* put it back as it was */ diff --git a/sys/stand/efi/include/efiapi.h b/sys/stand/efi/include/efiapi.h index 40a2ab06c..dcbe01d78 100644 --- a/sys/stand/efi/include/efiapi.h +++ b/sys/stand/efi/include/efiapi.h @@ -211,7 +211,7 @@ VOID // -// EFI platform varibles +// EFI platform variables // #define EFI_GLOBAL_VARIABLE \ @@ -672,7 +672,7 @@ typedef struct _EFI_TABLE_HEARDER { // -// EFI Runtime Serivces Table +// EFI Runtime Services Table // #define EFI_RUNTIME_SERVICES_SIGNATURE 0x56524553544e5552 diff --git a/sys/stand/efi/include/eficonsctl.h b/sys/stand/efi/include/eficonsctl.h index 0ad3d7598..f61a8847e 100644 --- a/sys/stand/efi/include/eficonsctl.h +++ b/sys/stand/efi/include/eficonsctl.h @@ -65,7 +65,7 @@ EFI_STATUS Arguments: This - Protocol instance pointer. - Mode - Are we in text of grahics mode. + Mode - Are we in text of graphics mode. GopUgaExists - TRUE if Console Spliter has found a GOP or UGA device StdInLocked - TRUE if StdIn device is keyboard locked diff --git a/sys/stand/efi/include/efidef.h b/sys/stand/efi/include/efidef.h index 772818b7b..aae4fd7d1 100644 --- a/sys/stand/efi/include/efidef.h +++ b/sys/stand/efi/include/efidef.h @@ -135,7 +135,7 @@ typedef enum { MaxAllocateType } EFI_ALLOCATE_TYPE; -//Preseve the attr on any range supplied. +//Preserve the attr on any range supplied. //ConventialMemory must have WB,SR,SW when supplied. //When allocating from ConventialMemory always make it WB,SR,SW //When returning to ConventialMemory always make it WB,SR,SW diff --git a/sys/stand/efi/include/efifs.h b/sys/stand/efi/include/efifs.h index 765a41a49..920232e7c 100644 --- a/sys/stand/efi/include/efifs.h +++ b/sys/stand/efi/include/efifs.h @@ -29,7 +29,7 @@ Revision History // -// EFI Partition header (normaly starts in LBA 1) +// EFI Partition header (normally starts in LBA 1) // #define EFI_PARTITION_SIGNATURE 0x5053595320494249 @@ -85,7 +85,7 @@ typedef struct _EFI_FILE_HEADER { // -// Logical Block Address List - the fundemental block +// Logical Block Address List - the fundamental block // description structure // diff --git a/sys/stand/efi/include/efiprot.h b/sys/stand/efi/include/efiprot.h index 6ed8a2869..6889e96b0 100644 --- a/sys/stand/efi/include/efiprot.h +++ b/sys/stand/efi/include/efiprot.h @@ -309,7 +309,7 @@ typedef struct { // Whenever code needs to know the size of the EFI_FILE_INFO data structure, it needs to // be the size of the data structure without the FileName field. The following macro // computes this size correctly no matter how big the FileName array is declared. -// This is required to make the EFI_FILE_INFO data structure ANSI compilant. +// This is required to make the EFI_FILE_INFO data structure ANSI compliant. // #define SIZE_OF_EFI_FILE_INFO EFI_FIELD_OFFSET(EFI_FILE_INFO,FileName) @@ -331,7 +331,7 @@ typedef struct { // Whenever code needs to know the size of the EFI_FILE_SYSTEM_INFO data structure, it needs // to be the size of the data structure without the VolumeLable field. The following macro // computes this size correctly no matter how big the VolumeLable array is declared. -// This is required to make the EFI_FILE_SYSTEM_INFO data structure ANSI compilant. +// This is required to make the EFI_FILE_SYSTEM_INFO data structure ANSI compliant. // #define SIZE_OF_EFI_FILE_SYSTEM_INFO EFI_FIELD_OFFSET(EFI_FILE_SYSTEM_INFO,VolumeLabel) diff --git a/sys/ufs/ext2fs/ext2fs_vfsops.c b/sys/ufs/ext2fs/ext2fs_vfsops.c index ce929251c..c07ca86e0 100644 --- a/sys/ufs/ext2fs/ext2fs_vfsops.c +++ b/sys/ufs/ext2fs/ext2fs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ext2fs_vfsops.c,v 1.120 2024/06/07 09:26:37 jsg Exp $ */ +/* $OpenBSD: ext2fs_vfsops.c,v 1.121 2024/09/04 07:54:53 mglocker Exp $ */ /* $NetBSD: ext2fs_vfsops.c,v 1.1 1997/06/11 09:34:07 bouyer Exp $ */ /* @@ -1066,7 +1066,7 @@ ext2fs_cgupdate(struct ufsmount *mp, int waitfor) return (allerror); } -/* This is called before the superblock is copied. Watch out for endianity! */ +/* This is called before the superblock is copied. Watch out for endianness! */ static int e2fs_sbcheck(struct ext2fs *fs, int ronly) { diff --git a/sys/ufs/ufs/ufs_ihash.c b/sys/ufs/ufs/ufs_ihash.c index 758d9a8ed..b0d6ca3a5 100644 --- a/sys/ufs/ufs/ufs_ihash.c +++ b/sys/ufs/ufs/ufs_ihash.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ufs_ihash.c,v 1.27 2024/07/07 01:39:06 jsg Exp $ */ +/* $OpenBSD: ufs_ihash.c,v 1.28 2024/09/04 17:00:08 beck Exp $ */ /* $NetBSD: ufs_ihash.c,v 1.3 1996/02/09 22:36:04 christos Exp $ */ /* @@ -36,10 +36,12 @@ #include #include #include +#include #include #include #include +#include #include @@ -94,6 +96,33 @@ loop: /* XXXLOCKING unlock hash list? */ if (vget(vp, LK_EXCLUSIVE)) goto loop; + /* + * Check if the inode is valid. + * The condition has been adapted from ufs_inactive(). + * + * This is needed in case our vget above grabbed a vnode + * while ufs_inactive was reclaiming it. + * + * XXX this is a workaround and kind of a gross hack. + * realistically this should get fixed something like + * the previously committed vdoom() or this should be + * dealt with so this can't happen. + */ + if (VTOI(vp) != ip || + (DIP(ip, nlink) <= 0 && + (vp->v_mount->mnt_flag & MNT_RDONLY) == 0)) { + /* + * This should recycle the inode immediately, + * unless there are other threads that + * try to access it. + * Pause to give the threads a chance to finish + * with the inode. + */ + vput(vp); + yield(); + goto loop; + } + return (vp); } } diff --git a/sys/uvm/uvm_addr.c b/sys/uvm/uvm_addr.c index d022bdf3a..d2e8c8d7c 100644 --- a/sys/uvm/uvm_addr.c +++ b/sys/uvm/uvm_addr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_addr.c,v 1.36 2024/07/04 04:52:10 jsg Exp $ */ +/* $OpenBSD: uvm_addr.c,v 1.37 2024/09/04 07:54:53 mglocker Exp $ */ /* * Copyright (c) 2011 Ariane van der Steldt @@ -1076,7 +1076,7 @@ uaddr_pivot_newpivot(struct vm_map *map, struct uaddr_pivot_state *uaddr, * * Characteristics of the allocator: * - best case, an allocation is O(log N) - * (it would be O(1), if it werent for the need to check if the memory is + * (it would be O(1), if it weren't for the need to check if the memory is * free; although that can be avoided...) * - worst case, an allocation is O(log N) * (the uaddr_pivot_newpivot() function has that complexity) diff --git a/sys/uvm/uvm_swap.c b/sys/uvm/uvm_swap.c index 2b74240e7..90d8f23e6 100644 --- a/sys/uvm/uvm_swap.c +++ b/sys/uvm/uvm_swap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_swap.c,v 1.170 2024/04/16 10:06:37 claudio Exp $ */ +/* $OpenBSD: uvm_swap.c,v 1.171 2024/09/04 07:54:53 mglocker Exp $ */ /* $NetBSD: uvm_swap.c,v 1.40 2000/11/17 11:39:39 mrg Exp $ */ /* @@ -1520,7 +1520,7 @@ ReTry: /* XXXMRG */ * smaller than the size of a cluster. * * As long as some swap slots are being used by pages currently in memory, - * it is possible to reuse them. Even if the swap space has been completly + * it is possible to reuse them. Even if the swap space has been completely * filled we do not consider it full. */ int diff --git a/usr.bin/ssh/mlkem768.sh b/usr.bin/ssh/mlkem768.sh index bdac0a95b..2fdc28312 100755 --- a/usr.bin/ssh/mlkem768.sh +++ b/usr.bin/ssh/mlkem768.sh @@ -1,5 +1,5 @@ #!/bin/sh -# $OpenBSD: mlkem768.sh,v 1.1 2024/09/02 12:13:56 djm Exp $ +# $OpenBSD: mlkem768.sh,v 1.2 2024/09/04 05:11:33 djm Exp $ # Placed in the Public Domain. # @@ -31,7 +31,7 @@ set +x cd $START ( -echo -n '/* $OpenBSD: mlkem768.sh,v 1.1 2024/09/02 12:13:56 djm Exp $ */' +printf '/* $Open'; printf 'BSD$ */\n' # Sigh echo echo "/* Extracted from libcrux revision $LIBCRUX_REVISION */" echo diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 4a95c5515..71ad9a391 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.473 2024/08/15 00:51:51 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.474 2024/09/04 05:33:34 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -250,7 +250,7 @@ ask_filename(struct passwd *pw, const char *prompt) if (key_type_name == NULL) name = _PATH_SSH_CLIENT_ID_ED25519; else { - switch (sshkey_type_from_name(key_type_name)) { + switch (sshkey_type_from_shortname(key_type_name)) { #ifdef WITH_DSA case KEY_DSA_CERT: case KEY_DSA: @@ -1117,7 +1117,7 @@ do_gen_all_hostkeys(struct passwd *pw) } printf("%s ", key_types[i].key_type_display); fflush(stdout); - type = sshkey_type_from_name(key_types[i].key_type); + type = sshkey_type_from_shortname(key_types[i].key_type); if ((fd = mkstemp(prv_tmp)) == -1) { error("Could not save your private key in %s: %s", prv_tmp, strerror(errno)); @@ -1823,7 +1823,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, free(tmp); if (key_type_name != NULL) { - if (sshkey_type_from_name(key_type_name) != ca->type) { + if (sshkey_type_from_shortname(key_type_name) != ca->type) { fatal("CA key type %s doesn't match specified %s", sshkey_ssh_name(ca), key_type_name); } @@ -3810,7 +3810,7 @@ main(int argc, char **argv) if (key_type_name == NULL) key_type_name = DEFAULT_KEY_TYPE_NAME; - type = sshkey_type_from_name(key_type_name); + type = sshkey_type_from_shortname(key_type_name); type_bits_valid(type, key_type_name, &bits); if (!quiet) diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index e941c2149..a20439126 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.159 2024/09/02 12:13:56 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.160 2024/09/04 05:33:34 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -726,7 +726,7 @@ main(int argc, char **argv) get_keytypes = 0; tname = strtok(optarg, ","); while (tname) { - int type = sshkey_type_from_name(tname); + int type = sshkey_type_from_shortname(tname); switch (type) { #ifdef WITH_DSA diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c index d04cc522c..1ebcd1c88 100644 --- a/usr.bin/ssh/sshkey.c +++ b/usr.bin/ssh/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.145 2024/08/20 11:10:04 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.146 2024/09/04 05:33:34 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -228,22 +228,36 @@ sshkey_ssh_name_plain(const struct sshkey *k) k->ecdsa_nid); } -int -sshkey_type_from_name(const char *name) +static int +type_from_name(const char *name, int allow_short) { int i; const struct sshkey_impl *impl; for (i = 0; keyimpls[i] != NULL; i++) { impl = keyimpls[i]; + if (impl->name != NULL && strcmp(name, impl->name) == 0) + return impl->type; /* Only allow shortname matches for plain key types */ - if ((impl->name != NULL && strcmp(name, impl->name) == 0) || - (!impl->cert && strcasecmp(impl->shortname, name) == 0)) + if (allow_short && !impl->cert && impl->shortname != NULL && + strcasecmp(impl->shortname, name) == 0) return impl->type; } return KEY_UNSPEC; } +int +sshkey_type_from_name(const char *name) +{ + return type_from_name(name, 0); +} + +int +sshkey_type_from_shortname(const char *name) +{ + return type_from_name(name, 1); +} + static int key_type_is_ecdsa_variant(int type) { diff --git a/usr.bin/ssh/sshkey.h b/usr.bin/ssh/sshkey.h index 21298c6f2..eddd23bbd 100644 --- a/usr.bin/ssh/sshkey.h +++ b/usr.bin/ssh/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.64 2024/08/15 00:51:51 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.65 2024/09/04 05:33:34 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -218,6 +218,7 @@ int sshkey_shield_private(struct sshkey *); int sshkey_unshield_private(struct sshkey *); int sshkey_type_from_name(const char *); +int sshkey_type_from_shortname(const char *); int sshkey_is_cert(const struct sshkey *); int sshkey_is_sk(const struct sshkey *); int sshkey_type_is_cert(int); diff --git a/usr.sbin/bgpd/bgpd.c b/usr.sbin/bgpd/bgpd.c index 8b6e1bc70..bb0e19d01 100644 --- a/usr.sbin/bgpd/bgpd.c +++ b/usr.sbin/bgpd/bgpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpd.c,v 1.265 2024/08/12 09:04:23 claudio Exp $ */ +/* $OpenBSD: bgpd.c,v 1.267 2024/09/04 15:06:36 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -575,13 +575,11 @@ reconfigure(char *conffile, struct bgpd_config *conf) merge_config(conf, new_conf); - if (prepare_listeners(conf) == -1) { + if (prepare_listeners(conf) == -1) return (1); - } - if (control_setup(conf) == -1) { + if (control_setup(conf) == -1) return (1); - } return send_config(conf); } @@ -647,6 +645,9 @@ send_config(struct bgpd_config *conf) /* send peer list to the SE */ RB_FOREACH(p, peer_head, &conf->peers) { + if (p->reconf_action == RECONF_DELETE) + continue; + if (imsg_compose(ibuf_se, IMSG_RECONF_PEER, p->conf.id, 0, -1, &p->conf, sizeof(p->conf)) == -1) return (-1); @@ -1025,6 +1026,9 @@ dispatch_imsg(struct imsgbuf *imsgbuf, int idx, struct bgpd_config *conf) /* redistribute list needs to be reloaded too */ kr_reload(); + + /* also remove old peers */ + free_deleted_peers(conf); } reconfpending--; break; @@ -1177,6 +1181,12 @@ bgpd_oknexthop(struct kroute_full *kf) return (1); } +int +bgpd_has_bgpnh(void) +{ + return ((cflags & BGPD_FLAG_NEXTHOP_BGP) != 0); +} + int control_setup(struct bgpd_config *conf) { diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h index 78e245b5d..c558d636b 100644 --- a/usr.sbin/bgpd/bgpd.h +++ b/usr.sbin/bgpd/bgpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpd.h,v 1.495 2024/08/14 19:09:51 claudio Exp $ */ +/* $OpenBSD: bgpd.h,v 1.496 2024/09/04 15:06:36 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -1416,6 +1416,7 @@ void send_imsg_session(int, pid_t, void *, uint16_t); int send_network(int, struct network_config *, struct filter_set_head *); int bgpd_oknexthop(struct kroute_full *); +int bgpd_has_bgpnh(void); void set_pollfd(struct pollfd *, struct imsgbuf *); int handle_pollfd(struct pollfd *, struct imsgbuf *); diff --git a/usr.sbin/bgpd/config.c b/usr.sbin/bgpd/config.c index bf93a521b..94efad738 100644 --- a/usr.sbin/bgpd/config.c +++ b/usr.sbin/bgpd/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.110 2024/08/14 19:09:51 claudio Exp $ */ +/* $OpenBSD: config.c,v 1.111 2024/09/04 13:30:10 claudio Exp $ */ /* * Copyright (c) 2003, 2004, 2005 Henning Brauer @@ -434,8 +434,7 @@ merge_config(struct bgpd_config *xconf, struct bgpd_config *conf) * merge peers: * - need to know which peers are new, replaced and removed * - walk over old peers and check if there is a corresponding new - * peer if so mark it RECONF_KEEP. Remove all old peers. - * - swap lists (old peer list is actually empty). + * peer if so mark it RECONF_KEEP. Mark all old peers RECONF_DELETE. */ RB_FOREACH_SAFE(p, peer_head, &xconf->peers, nextp) { np = getpeerbyid(conf, p->conf.id); @@ -443,13 +442,12 @@ merge_config(struct bgpd_config *xconf, struct bgpd_config *conf) np->reconf_action = RECONF_KEEP; /* copy the auth state since parent uses it */ np->auth = p->auth; - } else { - /* peer no longer exists, clear pfkey state */ - pfkey_remove(p); - } - RB_REMOVE(peer_head, &xconf->peers, p); - free(p); + RB_REMOVE(peer_head, &xconf->peers, p); + free(p); + } else { + p->reconf_action = RECONF_DELETE; + } } RB_FOREACH_SAFE(np, peer_head, &conf->peers, nextp) { RB_REMOVE(peer_head, &conf->peers, np); @@ -461,6 +459,21 @@ merge_config(struct bgpd_config *xconf, struct bgpd_config *conf) free_config(conf); } +void +free_deleted_peers(struct bgpd_config *conf) +{ + struct peer *p, *nextp; + + RB_FOREACH_SAFE(p, peer_head, &conf->peers, nextp) { + if (p->reconf_action == RECONF_DELETE) { + /* peer no longer exists, clear pfkey state */ + pfkey_remove(p); + RB_REMOVE(peer_head, &conf->peers, p); + free(p); + } + } +} + uint32_t get_bgpid(void) { diff --git a/usr.sbin/bgpd/kroute.c b/usr.sbin/bgpd/kroute.c index 6da5986fa..a806ae8a0 100644 --- a/usr.sbin/bgpd/kroute.c +++ b/usr.sbin/bgpd/kroute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kroute.c,v 1.309 2024/01/09 13:41:32 claudio Exp $ */ +/* $OpenBSD: kroute.c,v 1.310 2024/09/04 15:06:36 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -511,6 +511,9 @@ kr4_change(struct ktable *kt, struct kroute_full *kf) else kr->flags &= ~F_REJECT; + if (kr->flags & F_NEXTHOP) + knexthop_update(kt, kf); + if (send_rtmsg(RTM_CHANGE, kt, kf)) kr->flags |= F_BGPD_INSERTED; } @@ -549,6 +552,9 @@ kr6_change(struct ktable *kt, struct kroute_full *kf) else kr6->flags &= ~F_REJECT; + if (kr6->flags & F_NEXTHOP) + knexthop_update(kt, kf); + if (send_rtmsg(RTM_CHANGE, kt, kf)) kr6->flags |= F_BGPD_INSERTED; } @@ -1719,13 +1725,14 @@ kroute_insert(struct ktable *kt, struct kroute_full *kf) break; } - /* XXX this is wrong for nexthop validated via BGP */ - if (!(kf->flags & F_BGPD)) { + if (bgpd_has_bgpnh() || !(kf->flags & F_BGPD)) { RB_FOREACH(n, knexthop_tree, KT2KNT(kt)) if (prefix_compare(&kf->prefix, &n->nexthop, kf->prefixlen) == 0) knexthop_validate(kt, n); + } + if (!(kf->flags & F_BGPD)) { /* redistribute multipath routes only once */ if (!multipath) kr_redistribute(IMSG_NETWORK_ADD, kt, kf); diff --git a/usr.sbin/bgpd/session.h b/usr.sbin/bgpd/session.h index cd008c0ae..12e871eef 100644 --- a/usr.sbin/bgpd/session.h +++ b/usr.sbin/bgpd/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.172 2024/08/20 11:59:39 claudio Exp $ */ +/* $OpenBSD: session.h,v 1.173 2024/09/04 13:30:10 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -247,6 +247,7 @@ int carp_demote_set(char *, int); /* config.c */ void merge_config(struct bgpd_config *, struct bgpd_config *); +void free_deleted_peers(struct bgpd_config *); int prepare_listeners(struct bgpd_config *); /* control.c */ diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index 88b304556..1399cc864 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.265 2024/09/03 15:04:48 job Exp $ */ +/* $OpenBSD: main.c,v 1.266 2024/09/04 15:46:43 job Exp $ */ /* * Copyright (c) 2021 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -1009,7 +1009,7 @@ main(int argc, char *argv[]) "proc exec unveil", NULL) == -1) err(1, "pledge"); - while ((c = getopt(argc, argv, "Ab:Bcd:e:fH:jmnoP:rRs:S:t:T:vVx")) != -1) + while ((c = getopt(argc, argv, "Ab:Bcd:e:fH:jmnoP:Rs:S:t:T:vVx")) != -1) switch (c) { case 'A': excludeaspa = 1; @@ -1058,9 +1058,6 @@ main(int argc, char *argv[]) case 'R': rrdpon = 0; break; - case 'r': /* Remove after OpenBSD 7.3 */ - rrdpon = 1; - break; case 's': timeout = strtonum(optarg, 0, 24*60*60, &errs); if (errs) @@ -1527,7 +1524,7 @@ main(int argc, char *argv[]) usage: fprintf(stderr, - "usage: rpki-client [-ABcjmnoRrVvx] [-b sourceaddr] [-d cachedir]" + "usage: rpki-client [-ABcjmnoRVvx] [-b sourceaddr] [-d cachedir]" " [-e rsync_prog]\n" " [-H fqdn] [-P epoch] [-S skiplist] [-s timeout]" " [-T table]\n" diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8 index 8ccfdbc15..0061341d3 100644 --- a/usr.sbin/rpki-client/rpki-client.8 +++ b/usr.sbin/rpki-client/rpki-client.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rpki-client.8,v 1.108 2024/08/20 12:53:47 job Exp $ +.\" $OpenBSD: rpki-client.8,v 1.109 2024/09/04 15:46:43 job Exp $ .\" .\" Copyright (c) 2019 Kristaps Dzonsons .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 20 2024 $ +.Dd $Mdocdate: September 4 2024 $ .Dt RPKI-CLIENT 8 .Os .Sh NAME @@ -22,7 +22,7 @@ .Nd RPKI validator to support BGP routing security .Sh SYNOPSIS .Nm -.Op Fl ABcjmnoRrVvx +.Op Fl ABcjmnoRVvx .Op Fl b Ar sourceaddr .Op Fl d Ar cachedir .Op Fl e Ar rsync_prog @@ -171,13 +171,7 @@ Specify the time for the evaluation in seconds from the unix epoch. This overrides the default of using the current system time. .It Fl R -Synchronize via RSYNC only. -.It Fl r -Synchronize via RRDP. -If RRDP fails, RSYNC will be used. -This is the default. -Mutually exclusive with -.Fl n . +Disable RRDP, synchronize only via RSYNC. .It Fl S Ar skiplist Do not connect to hosts listed in the .Ar skiplist diff --git a/usr.sbin/smtpd/forward.5 b/usr.sbin/smtpd/forward.5 index 8197b3e37..f0bb84936 100644 --- a/usr.sbin/smtpd/forward.5 +++ b/usr.sbin/smtpd/forward.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: forward.5,v 1.10 2021/02/13 07:26:18 jmc Exp $ +.\" $OpenBSD: forward.5,v 1.12 2024/09/05 06:33:04 jmc Exp $ .\" .\" Copyright (c) 2012 Gilles Chehade .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: February 13 2021 $ +.Dd $Mdocdate: September 5 2024 $ .Dt FORWARD 5 .Os .Sh NAME @@ -33,12 +33,7 @@ A file contains a list of expansion values, as described in .Xr aliases 5 . Each expansion value should be on a line by itself. -However, the -.Nm .forward -mechanism differs from the aliases mechanism in that it disallows -file inclusion -.Pq :include: -and it performs expansion under the user ID of the +Expansion is performed under the user ID of the .Nm .forward file owner. .Pp @@ -81,3 +76,7 @@ user@example.com # anything after # is ignored .Sh SEE ALSO .Xr aliases 5 , .Xr smtpd 8 +.Sh CAVEATS +The pipe +.Sq | +and :include: mechanisms are not allowed for the root user. diff --git a/usr.sbin/sysmerge/sysmerge.8 b/usr.sbin/sysmerge/sysmerge.8 index 4d1abadaa..4892ec8cb 100644 --- a/usr.sbin/sysmerge/sysmerge.8 +++ b/usr.sbin/sysmerge/sysmerge.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysmerge.8,v 1.79 2016/09/06 12:32:13 ajacoutot Exp $ +.\" $OpenBSD: sysmerge.8,v 1.80 2024/09/05 06:39:53 jmc Exp $ .\" .\" Copyright (c) 2008 Antoine Jacoutot .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 6 2016 $ +.Dd $Mdocdate: September 5 2024 $ .Dt SYSMERGE 8 .Os .Sh NAME @@ -154,7 +154,8 @@ corresponding to the currently installed release. .El .Sh SEE ALSO .Xr more 1 , -.Xr sdiff 1 +.Xr sdiff 1 , +.Xr sysupgrade 8 .Pp .Lk https://www.openbsd.org/faq/current.html .Lk https://www.openbsd.org/faq/upgradeXX.html diff --git a/usr.sbin/sysupgrade/sysupgrade.8 b/usr.sbin/sysupgrade/sysupgrade.8 index 2dad07706..7fb1f18b4 100644 --- a/usr.sbin/sysupgrade/sysupgrade.8 +++ b/usr.sbin/sysupgrade/sysupgrade.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysupgrade.8,v 1.13 2022/06/08 09:03:11 mglocker Exp $ +.\" $OpenBSD: sysupgrade.8,v 1.14 2024/09/05 06:39:54 jmc Exp $ .\" .\" Copyright (c) 2019 Florian Obser .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 8 2022 $ +.Dd $Mdocdate: September 5 2024 $ .Dt SYSUPGRADE 8 .Os .Sh NAME @@ -94,7 +94,8 @@ Directory the upgrade is downloaded to. .Xr installurl 5 , .Xr upgrade.site 5 , .Xr autoinstall 8 , -.Xr release 8 +.Xr release 8 , +.Xr sysmerge 8 .Sh HISTORY .Nm first appeared in diff --git a/usr.sbin/unbound/Makefile.in b/usr.sbin/unbound/Makefile.in index a8cf50d4c..cb343a6b9 100644 --- a/usr.sbin/unbound/Makefile.in +++ b/usr.sbin/unbound/Makefile.in @@ -439,7 +439,8 @@ unbound-control-setup: smallapp/unbound-control-setup.sh dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h dnstap/dnstap_config.h \ dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h $(srcdir)/dnstap/dnstap.h \ $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h + $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/locks.h dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto @-if test ! -d dnstap; then $(INSTALL) -d dnstap; fi @@ -1298,7 +1299,7 @@ remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \ $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/wire2str.h $(srcdir)/util/edns.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ diff --git a/usr.sbin/unbound/acx_python.m4 b/usr.sbin/unbound/acx_python.m4 index c945d6c89..4ed298cf9 100644 --- a/usr.sbin/unbound/acx_python.m4 +++ b/usr.sbin/unbound/acx_python.m4 @@ -9,7 +9,7 @@ AC_DEFUN([AC_PYTHON_DEVEL],[ AC_PATH_PROG([PYTHON],[python[$PYTHON_VERSION]]) if test -z "$PYTHON"; then - AC_MSG_ERROR([Cannot find python$PYTHON_VERSION in your system path]) + AC_MSG_ERROR([Cannot find 'python$PYTHON_VERSION' in your system path. You can use the environment variable 'PYTHON_VERSION=version_number' for an explicit version.]) PYTHON_VERSION="" fi diff --git a/usr.sbin/unbound/cachedb/cachedb.c b/usr.sbin/unbound/cachedb/cachedb.c index c956768e9..6f45930a1 100644 --- a/usr.sbin/unbound/cachedb/cachedb.c +++ b/usr.sbin/unbound/cachedb/cachedb.c @@ -322,30 +322,30 @@ error_response(struct module_qstate* qstate, int id, int rcode) /** * Hash the query name, type, class and dbacess-secret into lookup buffer. - * @param qstate: query state with query info - * and env->cfg with secret. + * @param qinfo: query info + * @param env: with env->cfg with secret. * @param buf: returned buffer with hash to lookup * @param len: length of the buffer. */ static void -calc_hash(struct module_qstate* qstate, char* buf, size_t len) +calc_hash(struct query_info* qinfo, struct module_env* env, char* buf, + size_t len) { uint8_t clear[1024]; size_t clen = 0; uint8_t hash[CACHEDB_HASHSIZE/8]; const char* hex = "0123456789ABCDEF"; - const char* secret = qstate->env->cfg->cachedb_secret; + const char* secret = env->cfg->cachedb_secret; size_t i; /* copy the hash info into the clear buffer */ - if(clen + qstate->qinfo.qname_len < sizeof(clear)) { - memmove(clear+clen, qstate->qinfo.qname, - qstate->qinfo.qname_len); - clen += qstate->qinfo.qname_len; + if(clen + qinfo->qname_len < sizeof(clear)) { + memmove(clear+clen, qinfo->qname, qinfo->qname_len); + clen += qinfo->qname_len; } if(clen + 4 < sizeof(clear)) { - uint16_t t = htons(qstate->qinfo.qtype); - uint16_t c = htons(qstate->qinfo.qclass); + uint16_t t = htons(qinfo->qtype); + uint16_t c = htons(qinfo->qclass); memmove(clear+clen, &t, 2); memmove(clear+clen+2, &c, 2); clen += 4; @@ -645,7 +645,7 @@ cachedb_extcache_lookup(struct module_qstate* qstate, struct cachedb_env* ie, int* msg_expired) { char key[(CACHEDB_HASHSIZE/8)*2+1]; - calc_hash(qstate, key, sizeof(key)); + calc_hash(&qstate->qinfo, qstate->env, key, sizeof(key)); /* call backend to fetch data for key into scratch buffer */ if( !(*ie->backend->lookup)(qstate->env, ie, key, @@ -672,7 +672,7 @@ static void cachedb_extcache_store(struct module_qstate* qstate, struct cachedb_env* ie) { char key[(CACHEDB_HASHSIZE/8)*2+1]; - calc_hash(qstate, key, sizeof(key)); + calc_hash(&qstate->qinfo, qstate->env, key, sizeof(key)); /* prepare data in scratch buffer */ if(!prep_data(qstate, qstate->env->scratch_buffer)) @@ -745,6 +745,10 @@ cachedb_intcache_store(struct module_qstate* qstate, int msg_expired) * going to be now-3 seconds. Making it expired * in the cache. */ set_msg_ttl(qstate->return_msg, (time_t)-3); + /* The expired entry does not get checked by the validator + * and we need a validation value for it. */ + if(qstate->env->cfg->cachedb_check_when_serve_expired) + qstate->return_msg->rep->security = sec_status_insecure; } (void)dns_cache_store(qstate->env, &qstate->qinfo, qstate->return_msg->rep, 0, qstate->prefetch_leeway, 0, @@ -979,7 +983,7 @@ cachedb_get_mem(struct module_env* env, int id) */ static struct module_func_block cachedb_block = { "cachedb", - &cachedb_init, &cachedb_deinit, &cachedb_operate, + NULL, NULL, &cachedb_init, &cachedb_deinit, &cachedb_operate, &cachedb_inform_super, &cachedb_clear, &cachedb_get_mem }; @@ -1004,20 +1008,25 @@ cachedb_is_enabled(struct module_stack* mods, struct module_env* env) void cachedb_msg_remove(struct module_qstate* qstate) { - char key[(CACHEDB_HASHSIZE/8)*2+1]; - int id = modstack_find(qstate->env->modstack, "cachedb"); - struct cachedb_env* ie = (struct cachedb_env*)qstate->env->modinfo[id]; + cachedb_msg_remove_qinfo(qstate->env, &qstate->qinfo); +} - log_query_info(VERB_ALGO, "cachedb msg remove", &qstate->qinfo); - calc_hash(qstate, key, sizeof(key)); - sldns_buffer_clear(qstate->env->scratch_buffer); - sldns_buffer_write_u32(qstate->env->scratch_buffer, 0); - sldns_buffer_flip(qstate->env->scratch_buffer); +void cachedb_msg_remove_qinfo(struct module_env* env, struct query_info* qinfo) +{ + char key[(CACHEDB_HASHSIZE/8)*2+1]; + int id = modstack_find(env->modstack, "cachedb"); + struct cachedb_env* ie = (struct cachedb_env*)env->modinfo[id]; + + log_query_info(VERB_ALGO, "cachedb msg remove", qinfo); + calc_hash(qinfo, env, key, sizeof(key)); + sldns_buffer_clear(env->scratch_buffer); + sldns_buffer_write_u32(env->scratch_buffer, 0); + sldns_buffer_flip(env->scratch_buffer); /* call backend */ - (*ie->backend->store)(qstate->env, ie, key, - sldns_buffer_begin(qstate->env->scratch_buffer), - sldns_buffer_limit(qstate->env->scratch_buffer), + (*ie->backend->store)(env, ie, key, + sldns_buffer_begin(env->scratch_buffer), + sldns_buffer_limit(env->scratch_buffer), 0); } #endif /* USE_CACHEDB */ diff --git a/usr.sbin/unbound/cachedb/cachedb.h b/usr.sbin/unbound/cachedb/cachedb.h index ffd03c34a..bb49a7549 100644 --- a/usr.sbin/unbound/cachedb/cachedb.h +++ b/usr.sbin/unbound/cachedb/cachedb.h @@ -126,3 +126,11 @@ int cachedb_is_enabled(struct module_stack* mods, struct module_env* env); * @param qstate: query state. */ void cachedb_msg_remove(struct module_qstate* qstate); + +/** + * Remove message from the cachedb cache, by query info. + * @param env: module environment to look up cachedb state. + * @param qinfo: the message to remove. + */ +void cachedb_msg_remove_qinfo(struct module_env* env, + struct query_info* qinfo); diff --git a/usr.sbin/unbound/config.guess b/usr.sbin/unbound/config.guess index f6d217a49..50c27402b 100644 --- a/usr.sbin/unbound/config.guess +++ b/usr.sbin/unbound/config.guess @@ -4,7 +4,7 @@ # shellcheck disable=SC2006,SC2268 # see below for rationale -timestamp='2024-01-01' +timestamp='2024-07-27' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -123,7 +123,7 @@ set_cc_for_build() { dummy=$tmp/dummy case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in ,,) echo "int x;" > "$dummy.c" - for driver in cc gcc c89 c99 ; do + for driver in cc gcc c17 c99 c89 ; do if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then CC_FOR_BUILD=$driver break @@ -634,6 +634,7 @@ EOF sed 's/^ //' << EOF > "$dummy.c" #include + int main() { if (!__power_pc()) @@ -718,7 +719,8 @@ EOF #include #include - int main () + int + main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); @@ -1621,6 +1623,7 @@ cat > "$dummy.c" < header file. */ #undef HAVE_ARPA_INET_H +/* Whether the C compiler accepts the "fallthrough" attribute */ +#undef HAVE_ATTR_FALLTHROUGH + /* Whether the C compiler accepts the "format" attribute */ #undef HAVE_ATTR_FORMAT @@ -406,6 +412,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NET_IF_H +/* Define to 1 if you have the header file. */ +#undef HAVE_NET_PFVAR_H + /* Define this to use nghttp2 client. */ #undef HAVE_NGHTTP2 @@ -566,6 +575,9 @@ function. */ #undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB +/* Define to 1 if you have the `SSL_CTX_set_tmp_ecdh' function. */ +#undef HAVE_SSL_CTX_SET_TMP_ECDH + /* Define to 1 if you have the `SSL_get0_alpn_selected' function. */ #undef HAVE_SSL_GET0_ALPN_SELECTED @@ -1484,6 +1496,7 @@ struct sockaddr_storage; # define calloc(n,s) unbound_stat_calloc_log(n, s, __FILE__, __LINE__, __func__) # define free(p) unbound_stat_free_log(p, __FILE__, __LINE__, __func__) # define realloc(p,s) unbound_stat_realloc_log(p, s, __FILE__, __LINE__, __func__) +# define strdup(s) unbound_stat_strdup_log(s, __FILE__, __LINE__, __func__) void *unbound_stat_malloc(size_t size); void *unbound_stat_calloc(size_t nmemb, size_t size); void unbound_stat_free(void *ptr); @@ -1496,6 +1509,8 @@ void unbound_stat_free_log(void *ptr, const char* file, int line, const char* func); void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, int line, const char* func); +char *unbound_stat_strdup_log(const char *s, const char* file, int line, + const char* func); #elif defined(UNBOUND_ALLOC_LITE) # include "util/alloc.h" #endif /* UNBOUND_ALLOC_LITE and UNBOUND_ALLOC_STATS */ diff --git a/usr.sbin/unbound/config.sub b/usr.sbin/unbound/config.sub index 2c6a07ab3..4aaae46f6 100644 --- a/usr.sbin/unbound/config.sub +++ b/usr.sbin/unbound/config.sub @@ -2,9 +2,9 @@ # Configuration validation subroutine script. # Copyright 1992-2024 Free Software Foundation, Inc. -# shellcheck disable=SC2006,SC2268 # see below for rationale +# shellcheck disable=SC2006,SC2268,SC2162 # see below for rationale -timestamp='2024-01-01' +timestamp='2024-05-27' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -120,7 +120,6 @@ case $# in esac # Split fields of configuration type -# shellcheck disable=SC2162 saved_IFS=$IFS IFS="-" read field1 field2 field3 field4 <&2 exit 1 ;; - kfreebsd*-gnu*- | kopensolaris*-gnu*-) + kfreebsd*-gnu*- | knetbsd*-gnu*- | netbsd*-gnu*- | kopensolaris*-gnu*-) ;; vxworks-simlinux- | vxworks-simwindows- | vxworks-spe-) ;; @@ -1864,6 +2245,8 @@ case $kernel-$os-$obj in ;; os2-emx-) ;; + rtmk-nova-) + ;; *-eabi*- | *-gnueabi*-) ;; none--*) @@ -1890,7 +2273,7 @@ case $vendor in *-riscix*) vendor=acorn ;; - *-sunos*) + *-sunos* | *-solaris*) vendor=sun ;; *-cnk* | *-aix*) diff --git a/usr.sbin/unbound/configure b/usr.sbin/unbound/configure index f432e5fdc..63d4a40f3 100644 --- a/usr.sbin/unbound/configure +++ b/usr.sbin/unbound/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for unbound 1.20.0. +# Generated by GNU Autoconf 2.71 for unbound 1.21.0. # # Report bugs to . # @@ -622,8 +622,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.20.0' -PACKAGE_STRING='unbound 1.20.0' +PACKAGE_VERSION='1.21.0' +PACKAGE_STRING='unbound 1.21.0' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -1508,7 +1508,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.20.0 to adapt to many kinds of systems. +\`configure' configures unbound 1.21.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1574,7 +1574,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.20.0:";; + short | recursive ) echo "Configuration of unbound 1.21.0:";; esac cat <<\_ACEOF @@ -1596,7 +1596,8 @@ Optional Features: --disable-libtool-lock avoid locking (might break parallel builds) --disable-rpath disable hardcoded rpath (default=enabled) --disable-largefile omit support for large files - --enable-systemd compile with systemd support + --enable-systemd compile with systemd support (requires libsystemd, + pkg-config) --enable-alloc-checks enable to memory allocation statistics, for debug purposes --enable-alloc-lite enable for lightweight alloc assertions, for debug @@ -1821,7 +1822,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.20.0 +unbound configure 1.21.0 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2478,7 +2479,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.20.0, which was +It was created by unbound $as_me 1.21.0, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3240,13 +3241,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu UNBOUND_VERSION_MAJOR=1 -UNBOUND_VERSION_MINOR=20 +UNBOUND_VERSION_MINOR=21 UNBOUND_VERSION_MICRO=0 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=27 +LIBUNBOUND_REVISION=28 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -3341,6 +3342,7 @@ LIBUNBOUND_AGE=1 # 1.19.2 had 9:25:1 # 1.19.3 had 9:26:1 # 1.20.0 had 9:27:1 +# 1.21.0 had 9:28:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -6974,6 +6976,10 @@ printf "%s\n" "#define HAVE_ATTR_WEAK 1" >>confdefs.h printf "%s\n" "#define ATTR_WEAK __attribute__((weak))" >>confdefs.h +else + +printf "%s\n" "#define ATTR_WEAK /**/" >>confdefs.h + fi @@ -7021,6 +7027,79 @@ printf "%s\n" "#define HAVE_ATTR_NORETURN 1" >>confdefs.h printf "%s\n" "#define ATTR_NORETURN __attribute__((__noreturn__))" >>confdefs.h +else + +printf "%s\n" "#define ATTR_NORETURN /**/" >>confdefs.h + +fi + + + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler (${CC-cc}) accepts the \"fallthrough\" attribute" >&5 +printf %s "checking whether the C compiler (${CC-cc}) accepts the \"fallthrough\" attribute... " >&6; } +BAKCFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Werror" +if test ${ac_cv_c_fallthrough_attribute+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_c_fallthrough_attribute=no +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +void f(int x) { + int y = 0; + switch(x) { + case 1: + y = 1; + __attribute__((fallthrough)); + /* fallthrough */ + case 2: + y++; + break; + case 3: + y = 3; + break; + } + printf("%d", y); +} + +int +main (void) +{ + + f(1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_c_fallthrough_attribute="yes" +else $as_nop + ac_cv_c_fallthrough_attribute="no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi + +CFLAGS="$BAKCFLAGS" + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_fallthrough_attribute" >&5 +printf "%s\n" "$ac_cv_c_fallthrough_attribute" >&6; } +if test $ac_cv_c_fallthrough_attribute = yes; then + +printf "%s\n" "#define HAVE_ATTR_FALLTHROUGH 1" >>confdefs.h + + +printf "%s\n" "#define ATTR_FALLTHROUGH __attribute__((fallthrough));" >>confdefs.h + +else + +printf "%s\n" "#define ATTR_FALLTHROUGH /**/" >>confdefs.h + fi @@ -17623,7 +17702,8 @@ have_systemd=no if test "x$enable_systemd" != xno then : - + if test -n "$PKG_CONFIG"; then + have_systemd=no pkg_failed=no { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5 @@ -17683,11 +17763,31 @@ fi # Put the nasty error message in config.log where it belongs echo "$SYSTEMD_PKG_ERRORS" >&5 - have_systemd=no + as_fn_error $? "Package requirements (libsystemd) were not met: + +$SYSTEMD_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables SYSTEMD_CFLAGS +and SYSTEMD_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - have_systemd=no + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables SYSTEMD_CFLAGS +and SYSTEMD_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } else SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS @@ -17698,6 +17798,7 @@ fi if test "x$have_systemd" != "xyes" then : + have_systemd_daemon=no pkg_failed=no { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD_DAEMON" >&5 @@ -17757,11 +17858,31 @@ fi # Put the nasty error message in config.log where it belongs echo "$SYSTEMD_DAEMON_PKG_ERRORS" >&5 - have_systemd_daemon=no + as_fn_error $? "Package requirements (libsystemd-daemon) were not met: + +$SYSTEMD_DAEMON_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables SYSTEMD_DAEMON_CFLAGS +and SYSTEMD_DAEMON_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - have_systemd_daemon=no + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables SYSTEMD_DAEMON_CFLAGS +and SYSTEMD_DAEMON_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } else SYSTEMD_DAEMON_CFLAGS=$pkg_cv_SYSTEMD_DAEMON_CFLAGS SYSTEMD_DAEMON_LIBS=$pkg_cv_SYSTEMD_DAEMON_LIBS @@ -17788,7 +17909,9 @@ printf "%s\n" "#define HAVE_SYSTEMD 1" >>confdefs.h *) : ;; esac - + else + as_fn_error $? "systemd enabled but need pkg-config to configure for it" "$LINENO" 5 + fi fi if test "x$have_systemd" = xyes; then @@ -19184,7 +19307,7 @@ fi if test -z "$PYTHON"; then - as_fn_error $? "Cannot find python$PYTHON_VERSION in your system path" "$LINENO" 5 + as_fn_error $? "Cannot find 'python$PYTHON_VERSION' in your system path. You can use the environment variable 'PYTHON_VERSION=version_number' for an explicit version." "$LINENO" 5 PYTHON_VERSION="" fi @@ -20655,6 +20778,12 @@ then : printf "%s\n" "#define HAVE_BIO_SET_CALLBACK_EX 1" >>confdefs.h fi +ac_fn_c_check_func "$LINENO" "SSL_CTX_set_tmp_ecdh" "ac_cv_func_SSL_CTX_set_tmp_ecdh" +if test "x$ac_cv_func_SSL_CTX_set_tmp_ecdh" = xyes +then : + printf "%s\n" "#define HAVE_SSL_CTX_SET_TMP_ECDH 1" >>confdefs.h + +fi # these check_funcs need -lssl @@ -21189,6 +21318,24 @@ case "$enable_ecdsa" in ;; *) if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then + ac_fn_c_check_func "$LINENO" "EVP_PKEY_fromdata" "ac_cv_func_EVP_PKEY_fromdata" +if test "x$ac_cv_func_EVP_PKEY_fromdata" = xyes +then : + + # with EVP_PKEY_fromdata, check if EC is not disabled + ac_fn_check_decl "$LINENO" "OPENSSL_NO_EC" "ac_cv_have_decl_OPENSSL_NO_EC" "$ac_includes_default +#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_OPENSSL_NO_EC" = xyes +then : + as_fn_error $? "OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 + +fi + +else $as_nop + + # without EVP_PKEY_fromdata, older openssl, check for support ac_fn_c_check_func "$LINENO" "ECDSA_sign" "ac_cv_func_ECDSA_sign" if test "x$ac_cv_func_ECDSA_sign" = xyes then : @@ -21203,6 +21350,9 @@ then : else $as_nop as_fn_error $? "OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 +fi + + fi ac_fn_check_decl "$LINENO" "NID_X9_62_prime256v1" "ac_cv_have_decl_NID_X9_62_prime256v1" "$ac_includes_default @@ -23732,7 +23882,7 @@ then : else $as_nop - + if test -n "$PKG_CONFIG"; then pkg_failed=no { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for PROTOBUFC" >&5 @@ -23835,7 +23985,17 @@ printf "%s\n" "yes" >&6; } LIBS="$LIBS $PROTOBUFC_LIBS" fi - + else + # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 + if test -f /usr/include/google/protobuf-c/protobuf-c.h; then + CFLAGS="$CFLAGS -I/usr/include/google" + else + if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then + CFLAGS="$CFLAGS -I/usr/local/include/google" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + fi + fi + fi fi @@ -24234,6 +24394,20 @@ printf "%s\n" "#define USE_IPSET 1" >>confdefs.h IPSET_OBJ="ipset.lo" + # BSD's pf + for ac_header in net/pfvar.h +do : + ac_fn_c_check_header_compile "$LINENO" "net/pfvar.h" "ac_cv_header_net_pfvar_h" " + #include + #include + +" +if test "x$ac_cv_header_net_pfvar_h" = xyes +then : + printf "%s\n" "#define HAVE_NET_PFVAR_H 1" >>confdefs.h + +else $as_nop + # mnl # Check whether --with-libmnl was given. @@ -24272,6 +24446,10 @@ printf "%s\n" "found in $dir" >&6; } if test x_$found_libmnl != x_yes; then as_fn_error $? "Could not find libmnl, libmnl.h" "$LINENO" 5 fi + +fi + +done ;; no|*) # nothing @@ -24466,7 +24644,7 @@ printf "%s\n" "#define MAXSYSLOGMSGLEN 10240" >>confdefs.h -version=1.20.0 +version=1.21.0 date=`date +'%b %e, %Y'` @@ -24978,7 +25156,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.20.0, which was +This file was extended by unbound $as_me 1.21.0, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -25046,7 +25224,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -unbound config.status 1.20.0 +unbound config.status 1.21.0 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" @@ -26609,4 +26787,3 @@ if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi - diff --git a/usr.sbin/unbound/configure.ac b/usr.sbin/unbound/configure.ac index 3a489a0d2..100510617 100644 --- a/usr.sbin/unbound/configure.ac +++ b/usr.sbin/unbound/configure.ac @@ -10,7 +10,7 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[20]) +m4_define([VERSION_MINOR],[21]) m4_define([VERSION_MICRO],[0]) AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) @@ -18,7 +18,7 @@ AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=27 +LIBUNBOUND_REVISION=28 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -113,6 +113,7 @@ LIBUNBOUND_AGE=1 # 1.19.2 had 9:25:1 # 1.19.3 had 9:26:1 # 1.20.0 had 9:27:1 +# 1.21.0 had 9:28:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -338,6 +339,8 @@ AC_MSG_RESULT($ac_cv_c_weak_attribute) if test $ac_cv_c_weak_attribute = yes; then AC_DEFINE(HAVE_ATTR_WEAK, 1, [Whether the C compiler accepts the "weak" attribute]) AC_DEFINE(ATTR_WEAK, [__attribute__((weak))], [apply the weak attribute to a symbol]) +else + AC_DEFINE(ATTR_WEAK,[], [apply the weak attribute to a symbol]) fi ])dnl End of CHECK_WEAK_ATTRIBUTE @@ -359,11 +362,54 @@ AC_MSG_RESULT($ac_cv_c_noreturn_attribute) if test $ac_cv_c_noreturn_attribute = yes; then AC_DEFINE(HAVE_ATTR_NORETURN, 1, [Whether the C compiler accepts the "noreturn" attribute]) AC_DEFINE(ATTR_NORETURN, [__attribute__((__noreturn__))], [apply the noreturn attribute to a function that exits the program]) +else + AC_DEFINE(ATTR_NORETURN,[], [apply the noreturn attribute to a function that exits the program]) fi ])dnl End of CHECK_NORETURN_ATTRIBUTE CHECK_NORETURN_ATTRIBUTE +AC_DEFUN([CHECK_FALLTHROUGH_ATTRIBUTE], +[AC_REQUIRE([AC_PROG_CC]) +AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "fallthrough" attribute) +BAKCFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Werror" +AC_CACHE_VAL(ac_cv_c_fallthrough_attribute, +[ac_cv_c_fallthrough_attribute=no +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include +void f(int x) { + int y = 0; + switch(x) { + case 1: + y = 1; + __attribute__((fallthrough)); + /* fallthrough */ + case 2: + y++; + break; + case 3: + y = 3; + break; + } + printf("%d", y); +} +]], [[ + f(1); +]])],[ac_cv_c_fallthrough_attribute="yes"],[ac_cv_c_fallthrough_attribute="no"]) +]) +CFLAGS="$BAKCFLAGS" + +AC_MSG_RESULT($ac_cv_c_fallthrough_attribute) +if test $ac_cv_c_fallthrough_attribute = yes; then + AC_DEFINE(HAVE_ATTR_FALLTHROUGH, 1, [Whether the C compiler accepts the "fallthrough" attribute]) + AC_DEFINE(ATTR_FALLTHROUGH, [__attribute__((fallthrough));], [apply the fallthrough attribute.]) +else + AC_DEFINE(ATTR_FALLTHROUGH,[], [apply the fallthrough attribute.]) +fi +])dnl End of CHECK_FALLTHROUGH_ATTRIBUTE + +CHECK_FALLTHROUGH_ATTRIBUTE + if test "$srcdir" != "."; then CPPFLAGS="$CPPFLAGS -I$srcdir" fi @@ -943,7 +989,7 @@ else AC_MSG_RESULT([no]) fi AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex]) +AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex SSL_CTX_set_tmp_ecdh]) # these check_funcs need -lssl BAKLIBS="$LIBS" @@ -1180,8 +1226,17 @@ case "$enable_ecdsa" in ;; *) if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then + AC_CHECK_FUNC(EVP_PKEY_fromdata, [ + # with EVP_PKEY_fromdata, check if EC is not disabled + AC_CHECK_DECL([OPENSSL_NO_EC], [AC_MSG_ERROR([OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa]) + ], [], [AC_INCLUDES_DEFAULT +#include + ]) + ], [ + # without EVP_PKEY_fromdata, older openssl, check for support AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa])]) AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa])]) + ]) AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa])], [AC_INCLUDES_DEFAULT #include ]) @@ -1921,6 +1976,8 @@ case "$enable_ipset" in IPSET_OBJ="ipset.lo" AC_SUBST(IPSET_OBJ) + # BSD's pf + AC_CHECK_HEADERS([net/pfvar.h], [], [ # mnl AC_ARG_WITH(libmnl, AS_HELP_STRING([--with-libmnl=path],[specify explicit path for libmnl.]), [ ],[ withval="yes" ]) @@ -1951,6 +2008,10 @@ case "$enable_ipset" in if test x_$found_libmnl != x_yes; then AC_MSG_ERROR([Could not find libmnl, libmnl.h]) fi + ], [ + #include + #include + ]) ;; no|*) # nothing @@ -2268,6 +2329,7 @@ struct sockaddr_storage; # define calloc(n,s) unbound_stat_calloc_log(n, s, __FILE__, __LINE__, __func__) # define free(p) unbound_stat_free_log(p, __FILE__, __LINE__, __func__) # define realloc(p,s) unbound_stat_realloc_log(p, s, __FILE__, __LINE__, __func__) +# define strdup(s) unbound_stat_strdup_log(s, __FILE__, __LINE__, __func__) void *unbound_stat_malloc(size_t size); void *unbound_stat_calloc(size_t nmemb, size_t size); void unbound_stat_free(void *ptr); @@ -2280,6 +2342,8 @@ void unbound_stat_free_log(void *ptr, const char* file, int line, const char* func); void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, int line, const char* func); +char *unbound_stat_strdup_log(const char *s, const char* file, int line, + const char* func); #elif defined(UNBOUND_ALLOC_LITE) # include "util/alloc.h" #endif /* UNBOUND_ALLOC_LITE and UNBOUND_ALLOC_STATS */ diff --git a/usr.sbin/unbound/daemon/daemon.c b/usr.sbin/unbound/daemon/daemon.c index ff21164b3..46a3f1f94 100644 --- a/usr.sbin/unbound/daemon/daemon.c +++ b/usr.sbin/unbound/daemon/daemon.c @@ -444,6 +444,19 @@ daemon_open_shared_ports(struct daemon* daemon) return 1; } +int +daemon_privileged(struct daemon* daemon) +{ + daemon->env->cfg = daemon->cfg; + daemon->env->alloc = &daemon->superalloc; + daemon->env->worker = NULL; + if(!modstack_call_startup(&daemon->mods, daemon->cfg->module_conf, + daemon->env)) { + fatal_exit("failed to startup modules"); + } + return 1; +} + /** * Setup modules. setup module stack. * @param daemon: the daemon @@ -453,11 +466,15 @@ static void daemon_setup_modules(struct daemon* daemon) daemon->env->cfg = daemon->cfg; daemon->env->alloc = &daemon->superalloc; daemon->env->worker = NULL; - daemon->env->need_to_validate = 0; /* set by module init below */ - if(!modstack_setup(&daemon->mods, daemon->cfg->module_conf, - daemon->env)) { - fatal_exit("failed to setup modules"); + if(daemon->mods_inited) { + modstack_call_deinit(&daemon->mods, daemon->env); } + daemon->env->need_to_validate = 0; /* set by module init below */ + if(!modstack_call_init(&daemon->mods, daemon->cfg->module_conf, + daemon->env)) { + fatal_exit("failed to init modules"); + } + daemon->mods_inited = 1; log_edns_known_options(VERB_ALGO, daemon->env); } @@ -503,7 +520,10 @@ daemon_clear_allocs(struct daemon* daemon) { int i; - for(i=0; inum; i++) { + /* daemon->num may be different during reloads (after configuration + * read). Use old_num which has the correct value used to setup the + * worker_allocs */ + for(i=0; iold_num; i++) { alloc_clear(daemon->worker_allocs[i]); free(daemon->worker_allocs[i]); } @@ -715,6 +735,14 @@ daemon_fork(struct daemon* daemon) "dnscrypt support"); #endif } + if(daemon->cfg->cookie_secret_file && + daemon->cfg->cookie_secret_file[0]) { + if(!(daemon->cookie_secrets = cookie_secrets_create())) + fatal_exit("Could not create cookie_secrets: out of memory"); + if(!cookie_secrets_apply_cfg(daemon->cookie_secrets, + daemon->cfg->cookie_secret_file)) + fatal_exit("Could not setup cookie_secrets"); + } /* create global local_zones */ if(!(daemon->local_zones = local_zones_create())) fatal_exit("Could not create local zones: out of memory"); @@ -858,7 +886,7 @@ daemon_cleanup(struct daemon* daemon) daemon->views = NULL; if(daemon->env->auth_zones) auth_zones_cleanup(daemon->env->auth_zones); - /* key cache is cleared by module desetup during next daemon_fork() */ + /* key cache is cleared by module deinit during next daemon_fork() */ daemon_remote_clear(daemon->rc); for(i=0; inum; i++) worker_delete(daemon->workers[i]); @@ -888,7 +916,9 @@ daemon_delete(struct daemon* daemon) size_t i; if(!daemon) return; - modstack_desetup(&daemon->mods, daemon->env); + modstack_call_deinit(&daemon->mods, daemon->env); + modstack_call_destartup(&daemon->mods, daemon->env); + modstack_free(&daemon->mods); daemon_remote_delete(daemon->rc); for(i = 0; i < daemon->num_ports; i++) listening_ports_free(daemon->ports[i]); @@ -907,6 +937,7 @@ daemon_delete(struct daemon* daemon) acl_list_delete(daemon->acl); acl_list_delete(daemon->acl_interface); tcl_list_delete(daemon->tcl); + cookie_secrets_delete(daemon->cookie_secrets); listen_desetup_locks(); free(daemon->chroot); free(daemon->pidfile); diff --git a/usr.sbin/unbound/daemon/daemon.h b/usr.sbin/unbound/daemon/daemon.h index 8a182d97d..7addeacc3 100644 --- a/usr.sbin/unbound/daemon/daemon.h +++ b/usr.sbin/unbound/daemon/daemon.h @@ -58,6 +58,7 @@ struct ub_randstate; struct daemon_remote; struct respip_set; struct shm_main_info; +struct cookie_secrets; #include "dnstap/dnstap_config.h" #ifdef USE_DNSTAP @@ -115,6 +116,8 @@ struct daemon { struct module_env* env; /** stack of module callbacks */ struct module_stack mods; + /** The module stack has been inited */ + int mods_inited; /** access control, which client IPs are allowed to connect */ struct acl_list* acl; /** access control, which interfaces are allowed to connect */ @@ -146,6 +149,8 @@ struct daemon { #endif /** reuse existing cache on reload if other conditions allow it. */ int reuse_cache; + /** the EDNS cookie secrets from the cookie-secret-file */ + struct cookie_secrets* cookie_secrets; }; /** @@ -162,6 +167,15 @@ struct daemon* daemon_init(void); */ int daemon_open_shared_ports(struct daemon* daemon); +/** + * Do daemon setup that needs privileges + * like opening privileged ports or opening device files. + * The cfg member pointer must have been set for the daemon. + * @param daemon: the daemon. + * @return: false on error. + */ +int daemon_privileged(struct daemon* daemon); + /** * Fork workers and start service. * When the routine exits, it is no longer forked. diff --git a/usr.sbin/unbound/daemon/remote.c b/usr.sbin/unbound/daemon/remote.c index 764ae8ffd..855b1f963 100644 --- a/usr.sbin/unbound/daemon/remote.c +++ b/usr.sbin/unbound/daemon/remote.c @@ -88,6 +88,10 @@ #include "sldns/wire2str.h" #include "sldns/sbuffer.h" #include "util/timeval_func.h" +#include "util/edns.h" +#ifdef USE_CACHEDB +#include "cachedb/cachedb.h" +#endif #ifdef HAVE_SYS_TYPES_H # include @@ -107,6 +111,10 @@ /** what to put on statistics lines between var and value, ": " or "=" */ #define SQ "=" +/** Acceptable lengths of str lines */ +#define MAX_CMD_STRLINE 1024 +#define MAX_STDIN_STRLINE 2048 + static int remote_setup_ctx(struct daemon_remote* rc, struct config_file* cfg) { @@ -633,6 +641,25 @@ static void send_ok(RES* ssl) (void)ssl_printf(ssl, "ok\n"); } +/** tell other processes to execute the command */ +static void +distribute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd) +{ + int i; + if(!cmd || !ssl) + return; + /* skip i=0 which is me */ + for(i=1; iworker->daemon->num; i++) { + worker_send_cmd(rc->worker->daemon->workers[i], + worker_cmd_remote); + if(!tube_write_msg(rc->worker->daemon->workers[i]->cmd, + (uint8_t*)cmd, strlen(cmd)+1, 0)) { + (void)ssl_printf(ssl, "error could not distribute cmd\n"); + return; + } + } +} + /** do the stop command */ static void do_stop(RES* ssl, struct worker* worker) @@ -1220,19 +1247,28 @@ do_zone_add(RES* ssl, struct local_zones* zones, char* arg) /** Do the local_zones command */ static void -do_zones_add(RES* ssl, struct local_zones* zones) +do_zones_add(struct daemon_remote* rc, RES* ssl, struct worker* worker) { - char buf[2048]; + char buf[MAX_CMD_STRLINE + MAX_STDIN_STRLINE] = "local_zone "; int num = 0; - while(ssl_read_line(ssl, buf, sizeof(buf))) { - if(buf[0] == 0 || (buf[0] == 0x04 && buf[1] == 0)) + size_t cmd_len = strlen(buf); + while(ssl_read_line(ssl, buf+cmd_len, MAX_STDIN_STRLINE)) { + if(buf[0+cmd_len] == 0 || + (buf[0+cmd_len] == 0x04 && buf[1+cmd_len] == 0)) break; /* zero byte line or end of transmission */ - if(!perform_zone_add(ssl, zones, buf)) { - if(!ssl_printf(ssl, "error for input line: %s\n", buf)) +#ifdef THREADS_DISABLED + /* distribute single item command */ + if(rc) distribute_cmd(rc, ssl, buf); +#else + (void)rc; /* unused */ +#endif + if(!perform_zone_add(ssl, worker->daemon->local_zones, + buf+cmd_len)) { + if(!ssl_printf(ssl, "error for input line: %s\n", + buf+cmd_len)) return; } - else - num++; + else num++; } (void)ssl_printf(ssl, "added %d zones\n", num); } @@ -1269,19 +1305,28 @@ do_zone_remove(RES* ssl, struct local_zones* zones, char* arg) /** Do the local_zones_remove command */ static void -do_zones_remove(RES* ssl, struct local_zones* zones) +do_zones_remove(struct daemon_remote* rc, RES* ssl, struct worker* worker) { - char buf[2048]; + char buf[MAX_CMD_STRLINE + MAX_STDIN_STRLINE] = "local_zone_remove "; int num = 0; - while(ssl_read_line(ssl, buf, sizeof(buf))) { - if(buf[0] == 0 || (buf[0] == 0x04 && buf[1] == 0)) + size_t cmd_len = strlen(buf); + while(ssl_read_line(ssl, buf+cmd_len, MAX_STDIN_STRLINE)) { + if(buf[0+cmd_len] == 0 || + (buf[0+cmd_len] == 0x04 && buf[1+cmd_len] == 0)) break; /* zero byte line or end of transmission */ - if(!perform_zone_remove(ssl, zones, buf)) { - if(!ssl_printf(ssl, "error for input line: %s\n", buf)) +#ifdef THREADS_DISABLED + /* distribute single item command */ + if(rc) distribute_cmd(rc, ssl, buf); +#else + (void)rc; /* unused */ +#endif + if(!perform_zone_remove(ssl, worker->daemon->local_zones, + buf+cmd_len)) { + if(!ssl_printf(ssl, "error for input line: %s\n", + buf+cmd_len)) return; } - else - num++; + else num++; } (void)ssl_printf(ssl, "removed %d zones\n", num); } @@ -1333,15 +1378,24 @@ do_data_add(RES* ssl, struct local_zones* zones, char* arg) /** Do the local_datas command */ static void -do_datas_add(RES* ssl, struct local_zones* zones) +do_datas_add(struct daemon_remote* rc, RES* ssl, struct worker* worker) { - char buf[2048]; + char buf[MAX_CMD_STRLINE + MAX_STDIN_STRLINE] = "local_data "; int num = 0, line = 0; - while(ssl_read_line(ssl, buf, sizeof(buf))) { - if(buf[0] == 0 || (buf[0] == 0x04 && buf[1] == 0)) + size_t cmd_len = strlen(buf); + while(ssl_read_line(ssl, buf+cmd_len, MAX_STDIN_STRLINE)) { + if(buf[0+cmd_len] == 0 || + (buf[0+cmd_len] == 0x04 && buf[1+cmd_len] == 0)) break; /* zero byte line or end of transmission */ +#ifdef THREADS_DISABLED + /* distribute single item command */ + if(rc) distribute_cmd(rc, ssl, buf); +#else + (void)rc; /* unused */ +#endif line++; - if(perform_data_add(ssl, zones, buf, line)) + if(perform_data_add(ssl, worker->daemon->local_zones, + buf+cmd_len, line)) num++; } (void)ssl_printf(ssl, "added %d datas\n", num); @@ -1373,19 +1427,28 @@ do_data_remove(RES* ssl, struct local_zones* zones, char* arg) /** Do the local_datas_remove command */ static void -do_datas_remove(RES* ssl, struct local_zones* zones) +do_datas_remove(struct daemon_remote* rc, RES* ssl, struct worker* worker) { - char buf[2048]; + char buf[MAX_CMD_STRLINE + MAX_STDIN_STRLINE] = "local_data_remove "; int num = 0; - while(ssl_read_line(ssl, buf, sizeof(buf))) { - if(buf[0] == 0 || (buf[0] == 0x04 && buf[1] == 0)) + size_t cmd_len = strlen(buf); + while(ssl_read_line(ssl, buf+cmd_len, MAX_STDIN_STRLINE)) { + if(buf[0+cmd_len] == 0 || + (buf[0+cmd_len] == 0x04 && buf[1+cmd_len] == 0)) break; /* zero byte line or end of transmission */ - if(!perform_data_remove(ssl, zones, buf)) { - if(!ssl_printf(ssl, "error for input line: %s\n", buf)) +#ifdef THREADS_DISABLED + /* distribute single item command */ + if(rc) distribute_cmd(rc, ssl, buf); +#else + (void)rc; /* unused */ +#endif + if(!perform_data_remove(ssl, worker->daemon->local_zones, + buf+cmd_len)) { + if(!ssl_printf(ssl, "error for input line: %s\n", + buf+cmd_len)) return; } - else - num++; + else num++; } (void)ssl_printf(ssl, "removed %d datas\n", num); } @@ -1473,9 +1536,13 @@ do_view_data_add(RES* ssl, struct worker* worker, char* arg) /** Add new RR data from stdin to view */ static void -do_view_datas_add(RES* ssl, struct worker* worker, char* arg) +do_view_datas_add(struct daemon_remote* rc, RES* ssl, struct worker* worker, + char* arg) { struct view* v; + char buf[MAX_CMD_STRLINE + MAX_STDIN_STRLINE] = "view_local_data "; + size_t cmd_len; + int num = 0, line = 0; v = views_find_view(worker->daemon->views, arg, 1 /* get write lock*/); if(!v) { @@ -1489,8 +1556,25 @@ do_view_datas_add(RES* ssl, struct worker* worker, char* arg) return; } } - do_datas_add(ssl, v->local_zones); + /* put the view name in the command buf */ + (void)snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%s ", arg); + cmd_len = strlen(buf); + while(ssl_read_line(ssl, buf+cmd_len, MAX_STDIN_STRLINE)) { + if(buf[0+cmd_len] == 0 || + (buf[0+cmd_len] == 0x04 && buf[1+cmd_len] == 0)) + break; /* zero byte line or end of transmission */ +#ifdef THREADS_DISABLED + /* distribute single item command */ + if(rc) distribute_cmd(rc, ssl, buf); +#else + (void)rc; /* unused */ +#endif + line++; + if(perform_data_add(ssl, v->local_zones, buf+cmd_len, line)) + num++; + } lock_rw_unlock(&v->lock); + (void)ssl_printf(ssl, "added %d datas\n", num); } /** Remove RR data from view */ @@ -1518,9 +1602,13 @@ do_view_data_remove(RES* ssl, struct worker* worker, char* arg) /** Remove RR data from stdin from view */ static void -do_view_datas_remove(RES* ssl, struct worker* worker, char* arg) +do_view_datas_remove(struct daemon_remote* rc, RES* ssl, struct worker* worker, + char* arg) { struct view* v; + char buf[MAX_CMD_STRLINE + MAX_STDIN_STRLINE] = "view_local_data_remove "; + int num = 0; + size_t cmd_len; v = views_find_view(worker->daemon->views, arg, 1 /* get write lock*/); if(!v) { @@ -1532,9 +1620,28 @@ do_view_datas_remove(RES* ssl, struct worker* worker, char* arg) ssl_printf(ssl, "removed 0 datas\n"); return; } - - do_datas_remove(ssl, v->local_zones); + /* put the view name in the command buf */ + (void)snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%s ", arg); + cmd_len = strlen(buf); + while(ssl_read_line(ssl, buf+cmd_len, MAX_STDIN_STRLINE)) { + if(buf[0+cmd_len] == 0 || + (buf[0+cmd_len] == 0x04 && buf[1+cmd_len] == 0)) + break; /* zero byte line or end of transmission */ +#ifdef THREADS_DISABLED + /* distribute single item command */ + if(rc) distribute_cmd(rc, ssl, buf); +#else + (void)rc; /* unused */ +#endif + if(!perform_data_remove(ssl, v->local_zones, buf+cmd_len)) { + if(!ssl_printf(ssl, "error for input line: %s\n", + buf+cmd_len)) + return; + } + else num++; + } lock_rw_unlock(&v->lock); + (void)ssl_printf(ssl, "removed %d datas\n", num); } /** cache lookup of nameservers */ @@ -1553,7 +1660,7 @@ do_lookup(RES* ssl, struct worker* worker, char* arg) /** flush something from rrset and msg caches */ static void do_cache_remove(struct worker* worker, uint8_t* nm, size_t nmlen, - uint16_t t, uint16_t c) + uint16_t t, uint16_t c, int remcachedb) { hashvalue_type h; struct query_info k; @@ -1573,6 +1680,29 @@ do_cache_remove(struct worker* worker, uint8_t* nm, size_t nmlen, h = query_info_hash(&k, BIT_CD); slabhash_remove(worker->env.msg_cache, h, &k); } +#ifdef USE_CACHEDB + if(remcachedb && worker->env.cachedb_enabled) + cachedb_msg_remove_qinfo(&worker->env, &k); +#else + (void)remcachedb; +#endif +} + +/** parse '+c' option, modifies string to return remainder. */ +static int +parse_remcachedb(RES* ssl, char** arg, int* pc) +{ + *arg = skipwhite(*arg); + if((*arg)[0] == '+' && (*arg)[1] == 'c') { + char* arg2; + *pc = 1; + if(!find_arg2(ssl, *arg, &arg2)) + return 0; + *arg = arg2; + return 1; + } + /* The option was not found, no problem */ + return 1; } /** flush a type */ @@ -1584,15 +1714,20 @@ do_flush_type(RES* ssl, struct worker* worker, char* arg) size_t nmlen; char* arg2; uint16_t t; + int pc = 0; /* '+c' option */ + if(!parse_remcachedb(ssl, &arg, &pc)) + return; if(!find_arg2(ssl, arg, &arg2)) return; if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) return; t = sldns_get_rr_type_by_name(arg2); if(t == 0 && strcmp(arg2, "TYPE0") != 0) { + (void)ssl_printf(ssl, "error parsing RRset type: '%s'\n", arg2); + free(nm); return; } - do_cache_remove(worker, nm, nmlen, t, LDNS_RR_CLASS_IN); + do_cache_remove(worker, nm, nmlen, t, LDNS_RR_CLASS_IN, pc); free(nm); send_ok(ssl); @@ -1630,6 +1765,8 @@ struct del_info { socklen_t addrlen; /** socket address for host deletion */ struct sockaddr_storage addr; + /** if cachedb information should be flushed too */ + int remcachedb; }; /** callback to delete hosts in infra cache */ @@ -1681,6 +1818,7 @@ do_flush_infra(RES* ssl, struct worker* worker, char* arg) inf.num_msgs = 0; inf.num_keys = 0; inf.addrlen = len; + inf.remcachedb = 0; memmove(&inf.addr, &addr, len); slabhash_traverse(worker->env.infra_cache->hosts, 1, &infra_del_host, &inf); @@ -1727,6 +1865,10 @@ zone_del_msg(struct lruhash_entry* e, void* arg) d->serve_expired_ttl = inf->expired; inf->num_msgs++; } +#ifdef USE_CACHEDB + if(inf->remcachedb && inf->worker->env.cachedb_enabled) + cachedb_msg_remove_qinfo(&inf->worker->env, &k->key); +#endif } } @@ -1754,6 +1896,9 @@ do_flush_zone(RES* ssl, struct worker* worker, char* arg) int nmlabs; size_t nmlen; struct del_info inf; + int pc = 0; /* '+c' option */ + if(!parse_remcachedb(ssl, &arg, &pc)) + return; if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) return; /* delete all RRs and key entries from zone */ @@ -1767,6 +1912,7 @@ do_flush_zone(RES* ssl, struct worker* worker, char* arg) inf.num_rrsets = 0; inf.num_msgs = 0; inf.num_keys = 0; + inf.remcachedb = pc; slabhash_traverse(&worker->env.rrset_cache->table, 1, &zone_del_rrset, &inf); @@ -1808,6 +1954,11 @@ bogus_del_msg(struct lruhash_entry* e, void* arg) if(d->security == sec_status_bogus) { d->ttl = inf->expired; inf->num_msgs++; +#ifdef USE_CACHEDB + if(inf->remcachedb && inf->worker->env.cachedb_enabled) + cachedb_msg_remove_qinfo(&inf->worker->env, + &((struct msgreply_entry*)e->key)->key); +#endif } } @@ -1826,9 +1977,12 @@ bogus_del_kcache(struct lruhash_entry* e, void* arg) /** remove all bogus rrsets, msgs and keys from cache */ static void -do_flush_bogus(RES* ssl, struct worker* worker) +do_flush_bogus(RES* ssl, struct worker* worker, char* arg) { struct del_info inf; + int pc = 0; /* '+c' option */ + if(!parse_remcachedb(ssl, &arg, &pc)) + return; /* what we do is to set them all expired */ inf.worker = worker; inf.expired = *worker->env.now; @@ -1836,6 +1990,7 @@ do_flush_bogus(RES* ssl, struct worker* worker) inf.num_rrsets = 0; inf.num_msgs = 0; inf.num_keys = 0; + inf.remcachedb = pc; slabhash_traverse(&worker->env.rrset_cache->table, 1, &bogus_del_rrset, &inf); @@ -1881,6 +2036,11 @@ negative_del_msg(struct lruhash_entry* e, void* arg) if(FLAGS_GET_RCODE(d->flags) != 0 || d->an_numrrsets == 0) { d->ttl = inf->expired; inf->num_msgs++; +#ifdef USE_CACHEDB + if(inf->remcachedb && inf->worker->env.cachedb_enabled) + cachedb_msg_remove_qinfo(&inf->worker->env, + &((struct msgreply_entry*)e->key)->key); +#endif } } @@ -1901,9 +2061,12 @@ negative_del_kcache(struct lruhash_entry* e, void* arg) /** remove all negative(NODATA,NXDOMAIN), and servfail messages from cache */ static void -do_flush_negative(RES* ssl, struct worker* worker) +do_flush_negative(RES* ssl, struct worker* worker, char* arg) { struct del_info inf; + int pc = 0; /* '+c' option */ + if(!parse_remcachedb(ssl, &arg, &pc)) + return; /* what we do is to set them all expired */ inf.worker = worker; inf.expired = *worker->env.now; @@ -1911,6 +2074,7 @@ do_flush_negative(RES* ssl, struct worker* worker) inf.num_rrsets = 0; inf.num_msgs = 0; inf.num_keys = 0; + inf.remcachedb = pc; slabhash_traverse(&worker->env.rrset_cache->table, 1, &negative_del_rrset, &inf); @@ -1934,20 +2098,23 @@ do_flush_name(RES* ssl, struct worker* w, char* arg) uint8_t* nm; int nmlabs; size_t nmlen; + int pc = 0; /* '+c' option */ + if(!parse_remcachedb(ssl, &arg, &pc)) + return; if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) return; - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_A, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_AAAA, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_CNAME, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_DNAME, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_MX, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SRV, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SVCB, LDNS_RR_CLASS_IN); - do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_HTTPS, LDNS_RR_CLASS_IN); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_A, LDNS_RR_CLASS_IN, pc); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_AAAA, LDNS_RR_CLASS_IN, pc); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN, pc); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN, pc); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_CNAME, LDNS_RR_CLASS_IN, pc); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_DNAME, LDNS_RR_CLASS_IN, pc); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_MX, LDNS_RR_CLASS_IN, pc); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN, pc); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SRV, LDNS_RR_CLASS_IN, pc); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN, pc); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SVCB, LDNS_RR_CLASS_IN, pc); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_HTTPS, LDNS_RR_CLASS_IN, pc); free(nm); send_ok(ssl); @@ -2070,7 +2237,7 @@ parse_delegpt(RES* ssl, char* args, uint8_t* nm) return dp; } -/** do the status command */ +/** do the forward command */ static void do_forward(RES* ssl, struct worker* worker, char* args) { @@ -3029,23 +3196,208 @@ do_rpz_disable(RES* ssl, struct worker* worker, char* arg) do_rpz_enable_disable(ssl, worker, arg, 0); } -/** tell other processes to execute the command */ +/** Write the cookie secrets to file, returns `0` on failure. + * Caller has to hold the lock. */ +static int +cookie_secret_file_dump(RES* ssl, struct worker* worker) { + char const* secret_file = worker->env.cfg->cookie_secret_file; + struct cookie_secrets* cookie_secrets = worker->daemon->cookie_secrets; + char secret_hex[UNBOUND_COOKIE_SECRET_SIZE * 2 + 1]; + FILE* f; + size_t i; + if(secret_file == NULL || secret_file[0]==0) { + (void)ssl_printf(ssl, "error: no cookie secret file configured\n"); + return 0; + } + log_assert( secret_file != NULL ); + + /* open write only and truncate */ + if((f = fopen(secret_file, "w")) == NULL ) { + (void)ssl_printf(ssl, "unable to open cookie secret file %s: %s", + secret_file, strerror(errno)); + return 0; + } + if(cookie_secrets == NULL) { + /* nothing to write */ + fclose(f); + return 1; + } + + for(i = 0; i < cookie_secrets->cookie_count; i++) { + struct cookie_secret const* cs = &cookie_secrets-> + cookie_secrets[i]; + ssize_t const len = hex_ntop(cs->cookie_secret, + UNBOUND_COOKIE_SECRET_SIZE, secret_hex, + sizeof(secret_hex)); + (void)len; /* silence unused variable warning with -DNDEBUG */ + log_assert( len == UNBOUND_COOKIE_SECRET_SIZE * 2 ); + secret_hex[UNBOUND_COOKIE_SECRET_SIZE * 2] = '\0'; + fprintf(f, "%s\n", secret_hex); + } + explicit_bzero(secret_hex, sizeof(secret_hex)); + fclose(f); + return 1; +} + +/** Activate cookie secret */ static void -distribute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd) -{ - int i; - if(!cmd || !ssl) +do_activate_cookie_secret(RES* ssl, struct worker* worker) { + char const* secret_file = worker->env.cfg->cookie_secret_file; + struct cookie_secrets* cookie_secrets = worker->daemon->cookie_secrets; + + if(secret_file == NULL || secret_file[0] == 0) { + (void)ssl_printf(ssl, "error: no cookie secret file configured\n"); return; - /* skip i=0 which is me */ - for(i=1; iworker->daemon->num; i++) { - worker_send_cmd(rc->worker->daemon->workers[i], - worker_cmd_remote); - if(!tube_write_msg(rc->worker->daemon->workers[i]->cmd, - (uint8_t*)cmd, strlen(cmd)+1, 0)) { - ssl_printf(ssl, "error could not distribute cmd\n"); + } + if(cookie_secrets == NULL) { + (void)ssl_printf(ssl, "error: there are no cookie_secrets."); + return; + } + lock_basic_lock(&cookie_secrets->lock); + + if(cookie_secrets->cookie_count <= 1 ) { + lock_basic_unlock(&cookie_secrets->lock); + (void)ssl_printf(ssl, "error: no staging cookie secret to activate\n"); + return; + } + /* Only the worker 0 writes to file, the others update state. */ + if(worker->thread_num == 0 && !cookie_secret_file_dump(ssl, worker)) { + lock_basic_unlock(&cookie_secrets->lock); + (void)ssl_printf(ssl, "error: writing to cookie secret file: \"%s\"\n", + secret_file); + return; + } + activate_cookie_secret(cookie_secrets); + if(worker->thread_num == 0) + (void)cookie_secret_file_dump(ssl, worker); + lock_basic_unlock(&cookie_secrets->lock); + send_ok(ssl); +} + +/** Drop cookie secret */ +static void +do_drop_cookie_secret(RES* ssl, struct worker* worker) { + char const* secret_file = worker->env.cfg->cookie_secret_file; + struct cookie_secrets* cookie_secrets = worker->daemon->cookie_secrets; + + if(secret_file == NULL || secret_file[0] == 0) { + (void)ssl_printf(ssl, "error: no cookie secret file configured\n"); + return; + } + if(cookie_secrets == NULL) { + (void)ssl_printf(ssl, "error: there are no cookie_secrets."); + return; + } + lock_basic_lock(&cookie_secrets->lock); + + if(cookie_secrets->cookie_count <= 1 ) { + lock_basic_unlock(&cookie_secrets->lock); + (void)ssl_printf(ssl, "error: can not drop the currently active cookie secret\n"); + return; + } + /* Only the worker 0 writes to file, the others update state. */ + if(worker->thread_num == 0 && !cookie_secret_file_dump(ssl, worker)) { + lock_basic_unlock(&cookie_secrets->lock); + (void)ssl_printf(ssl, "error: writing to cookie secret file: \"%s\"\n", + secret_file); + return; + } + drop_cookie_secret(cookie_secrets); + if(worker->thread_num == 0) + (void)cookie_secret_file_dump(ssl, worker); + lock_basic_unlock(&cookie_secrets->lock); + send_ok(ssl); +} + +/** Add cookie secret */ +static void +do_add_cookie_secret(RES* ssl, struct worker* worker, char* arg) { + uint8_t secret[UNBOUND_COOKIE_SECRET_SIZE]; + char const* secret_file = worker->env.cfg->cookie_secret_file; + struct cookie_secrets* cookie_secrets = worker->daemon->cookie_secrets; + + if(secret_file == NULL || secret_file[0] == 0) { + (void)ssl_printf(ssl, "error: no cookie secret file configured\n"); + return; + } + if(cookie_secrets == NULL) { + worker->daemon->cookie_secrets = cookie_secrets_create(); + if(!worker->daemon->cookie_secrets) { + (void)ssl_printf(ssl, "error: out of memory"); return; } + cookie_secrets = worker->daemon->cookie_secrets; } + lock_basic_lock(&cookie_secrets->lock); + + if(*arg == '\0') { + lock_basic_unlock(&cookie_secrets->lock); + (void)ssl_printf(ssl, "error: missing argument (cookie_secret)\n"); + return; + } + if(strlen(arg) != 32) { + lock_basic_unlock(&cookie_secrets->lock); + explicit_bzero(arg, strlen(arg)); + (void)ssl_printf(ssl, "invalid cookie secret: invalid argument length\n"); + (void)ssl_printf(ssl, "please provide a 128bit hex encoded secret\n"); + return; + } + if(hex_pton(arg, secret, UNBOUND_COOKIE_SECRET_SIZE) != + UNBOUND_COOKIE_SECRET_SIZE ) { + lock_basic_unlock(&cookie_secrets->lock); + explicit_bzero(secret, UNBOUND_COOKIE_SECRET_SIZE); + explicit_bzero(arg, strlen(arg)); + (void)ssl_printf(ssl, "invalid cookie secret: parse error\n"); + (void)ssl_printf(ssl, "please provide a 128bit hex encoded secret\n"); + return; + } + /* Only the worker 0 writes to file, the others update state. */ + if(worker->thread_num == 0 && !cookie_secret_file_dump(ssl, worker)) { + lock_basic_unlock(&cookie_secrets->lock); + explicit_bzero(secret, UNBOUND_COOKIE_SECRET_SIZE); + explicit_bzero(arg, strlen(arg)); + (void)ssl_printf(ssl, "error: writing to cookie secret file: \"%s\"\n", + secret_file); + return; + } + add_cookie_secret(cookie_secrets, secret, UNBOUND_COOKIE_SECRET_SIZE); + explicit_bzero(secret, UNBOUND_COOKIE_SECRET_SIZE); + if(worker->thread_num == 0) + (void)cookie_secret_file_dump(ssl, worker); + lock_basic_unlock(&cookie_secrets->lock); + explicit_bzero(arg, strlen(arg)); + send_ok(ssl); +} + +/** Print cookie secrets */ +static void +do_print_cookie_secrets(RES* ssl, struct worker* worker) { + struct cookie_secrets* cookie_secrets = worker->daemon->cookie_secrets; + char secret_hex[UNBOUND_COOKIE_SECRET_SIZE * 2 + 1]; + int i; + + if(!cookie_secrets) + return; /* Output is empty. */ + lock_basic_lock(&cookie_secrets->lock); + for(i = 0; (size_t)i < cookie_secrets->cookie_count; i++) { + struct cookie_secret const* cs = &cookie_secrets-> + cookie_secrets[i]; + ssize_t const len = hex_ntop(cs->cookie_secret, + UNBOUND_COOKIE_SECRET_SIZE, secret_hex, + sizeof(secret_hex)); + (void)len; /* silence unused variable warning with -DNDEBUG */ + log_assert( len == UNBOUND_COOKIE_SECRET_SIZE * 2 ); + secret_hex[UNBOUND_COOKIE_SECRET_SIZE * 2] = '\0'; + if (i == 0) + (void)ssl_printf(ssl, "active : %s\n", secret_hex); + else if (cookie_secrets->cookie_count == 2) + (void)ssl_printf(ssl, "staging: %s\n", secret_hex); + else + (void)ssl_printf(ssl, "staging[%d]: %s\n", i, + secret_hex); + } + lock_basic_unlock(&cookie_secrets->lock); + explicit_bzero(secret_hex, sizeof(secret_hex)); } /** check for name with end-of-string, space or tab after it */ @@ -3081,9 +3433,23 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, do_status(ssl, worker); return; } else if(cmdcmp(p, "dump_cache", 10)) { +#ifdef THREADS_DISABLED + if(worker->daemon->num > 1) { + (void)ssl_printf(ssl, "dump_cache/load_cache is not " + "supported in multi-process operation\n"); + return; + } +#endif (void)dump_cache(ssl, worker); return; } else if(cmdcmp(p, "load_cache", 10)) { +#ifdef THREADS_DISABLED + if(worker->daemon->num > 1) { + /* The warning can't be printed when stdin is sending + * data; just return */ + return; + } +#endif if(load_cache(ssl, worker)) send_ok(ssl); return; } else if(cmdcmp(p, "list_forwards", 13)) { @@ -3145,6 +3511,30 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, } else if(cmdcmp(p, "lookup", 6)) { do_lookup(ssl, worker, skipwhite(p+6)); return; + /* The following are commands that read stdin. + * Each line needs to be distributed if THREADS_DISABLED. + */ + } else if(cmdcmp(p, "local_zones_remove", 18)) { + do_zones_remove(rc, ssl, worker); + return; + } else if(cmdcmp(p, "local_zones", 11)) { + do_zones_add(rc, ssl, worker); + return; + } else if(cmdcmp(p, "local_datas_remove", 18)) { + do_datas_remove(rc, ssl, worker); + return; + } else if(cmdcmp(p, "local_datas", 11)) { + do_datas_add(rc, ssl, worker); + return; + } else if(cmdcmp(p, "view_local_datas_remove", 23)){ + do_view_datas_remove(rc, ssl, worker, skipwhite(p+23)); + return; + } else if(cmdcmp(p, "view_local_datas", 16)) { + do_view_datas_add(rc, ssl, worker, skipwhite(p+16)); + return; + } else if(cmdcmp(p, "print_cookie_secrets", 20)) { + do_print_cookie_secrets(ssl, worker); + return; } #ifdef THREADS_DISABLED @@ -3159,20 +3549,12 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, do_verbosity(ssl, skipwhite(p+9)); } else if(cmdcmp(p, "local_zone_remove", 17)) { do_zone_remove(ssl, worker->daemon->local_zones, skipwhite(p+17)); - } else if(cmdcmp(p, "local_zones_remove", 18)) { - do_zones_remove(ssl, worker->daemon->local_zones); } else if(cmdcmp(p, "local_zone", 10)) { do_zone_add(ssl, worker->daemon->local_zones, skipwhite(p+10)); - } else if(cmdcmp(p, "local_zones", 11)) { - do_zones_add(ssl, worker->daemon->local_zones); } else if(cmdcmp(p, "local_data_remove", 17)) { do_data_remove(ssl, worker->daemon->local_zones, skipwhite(p+17)); - } else if(cmdcmp(p, "local_datas_remove", 18)) { - do_datas_remove(ssl, worker->daemon->local_zones); } else if(cmdcmp(p, "local_data", 10)) { do_data_add(ssl, worker->daemon->local_zones, skipwhite(p+10)); - } else if(cmdcmp(p, "local_datas", 11)) { - do_datas_add(ssl, worker->daemon->local_zones); } else if(cmdcmp(p, "forward_add", 11)) { do_forward_add(ssl, worker, skipwhite(p+11)); } else if(cmdcmp(p, "forward_remove", 14)) { @@ -3189,12 +3571,8 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, do_view_zone_add(ssl, worker, skipwhite(p+15)); } else if(cmdcmp(p, "view_local_data_remove", 22)) { do_view_data_remove(ssl, worker, skipwhite(p+22)); - } else if(cmdcmp(p, "view_local_datas_remove", 23)){ - do_view_datas_remove(ssl, worker, skipwhite(p+23)); } else if(cmdcmp(p, "view_local_data", 15)) { do_view_data_add(ssl, worker, skipwhite(p+15)); - } else if(cmdcmp(p, "view_local_datas", 16)) { - do_view_datas_add(ssl, worker, skipwhite(p+16)); } else if(cmdcmp(p, "flush_zone", 10)) { do_flush_zone(ssl, worker, skipwhite(p+10)); } else if(cmdcmp(p, "flush_type", 10)) { @@ -3214,13 +3592,19 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, } else if(cmdcmp(p, "get_option", 10)) { do_get_option(ssl, worker, skipwhite(p+10)); } else if(cmdcmp(p, "flush_bogus", 11)) { - do_flush_bogus(ssl, worker); + do_flush_bogus(ssl, worker, skipwhite(p+11)); } else if(cmdcmp(p, "flush_negative", 14)) { - do_flush_negative(ssl, worker); + do_flush_negative(ssl, worker, skipwhite(p+14)); } else if(cmdcmp(p, "rpz_enable", 10)) { do_rpz_enable(ssl, worker, skipwhite(p+10)); } else if(cmdcmp(p, "rpz_disable", 11)) { do_rpz_disable(ssl, worker, skipwhite(p+11)); + } else if(cmdcmp(p, "add_cookie_secret", 17)) { + do_add_cookie_secret(ssl, worker, skipwhite(p+17)); + } else if(cmdcmp(p, "drop_cookie_secret", 18)) { + do_drop_cookie_secret(ssl, worker); + } else if(cmdcmp(p, "activate_cookie_secret", 22)) { + do_activate_cookie_secret(ssl, worker); } else { (void)ssl_printf(ssl, "error unknown command '%s'\n", p); } @@ -3248,7 +3632,7 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res) int r; char pre[10]; char magic[7]; - char buf[1024]; + char buf[MAX_CMD_STRLINE]; #ifdef USE_WINSOCK /* makes it possible to set the socket blocking again. */ /* basically removes it from winsock_event ... */ diff --git a/usr.sbin/unbound/daemon/stats.c b/usr.sbin/unbound/daemon/stats.c index 4855bf1c1..827110698 100644 --- a/usr.sbin/unbound/daemon/stats.c +++ b/usr.sbin/unbound/daemon/stats.c @@ -391,6 +391,13 @@ void server_stats_obtain(struct worker* worker, struct worker* who, else worker_send_cmd(who, worker_cmd_stats_noreset); verbose(VERB_ALGO, "wait for stats reply"); if(tube_wait_timeout(worker->cmd, STATS_THREAD_WAIT) == 0) { +#if defined(HAVE_PTHREAD) && defined(SIZEOF_PTHREAD_T) && defined(SIZEOF_UNSIGNED_LONG) +# if SIZEOF_PTHREAD_T == SIZEOF_UNSIGNED_LONG + unsigned long pthid = 0; + if(verbosity >= VERB_OPS) + memcpy(&pthid, &who->thr_id, sizeof(unsigned long)); +# endif +#endif verbose(VERB_OPS, "no response from thread %d" #ifdef HAVE_GETTID " LWP %u" @@ -407,7 +414,7 @@ void server_stats_obtain(struct worker* worker, struct worker* who, #endif #if defined(HAVE_PTHREAD) && defined(SIZEOF_PTHREAD_T) && defined(SIZEOF_UNSIGNED_LONG) # if SIZEOF_PTHREAD_T == SIZEOF_UNSIGNED_LONG - , (unsigned long)*((unsigned long*)&who->thr_id) + , pthid # endif #endif ); diff --git a/usr.sbin/unbound/daemon/unbound.c b/usr.sbin/unbound/daemon/unbound.c index a7d238829..bba7c6c34 100644 --- a/usr.sbin/unbound/daemon/unbound.c +++ b/usr.sbin/unbound/daemon/unbound.c @@ -473,7 +473,11 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, #endif #ifdef HAVE_GETPWNAM struct passwd *pwd = NULL; +#endif + if(!daemon_privileged(daemon)) + fatal_exit("could not do privileged setup"); +#ifdef HAVE_GETPWNAM if(cfg->username && cfg->username[0]) { if((pwd = getpwnam(cfg->username)) == NULL) fatal_exit("user '%s' does not exist.", cfg->username); @@ -550,7 +554,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, * because that creates privilege escape problems, with the * pidfile writable by unprivileged users, but used by * privileged users. */ - if(cfg->username && cfg->username[0]) + if(!(cfg->username && cfg->username[0])) checkoldpid(daemon->pidfile, pidinchroot); } #endif diff --git a/usr.sbin/unbound/daemon/worker.c b/usr.sbin/unbound/daemon/worker.c index b35fe65a3..5e6b2a656 100644 --- a/usr.sbin/unbound/daemon/worker.c +++ b/usr.sbin/unbound/daemon/worker.c @@ -160,9 +160,11 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), + sizeof(worker->rndstate) + regional_get_mem(worker->scratchpad) + sizeof(*worker->env.scratch_buffer) - + sldns_buffer_capacity(worker->env.scratch_buffer) - + forwards_get_mem(worker->env.fwds) - + hints_get_mem(worker->env.hints); + + sldns_buffer_capacity(worker->env.scratch_buffer); + if(worker->daemon->env->fwds) + log_info("forwards=%u", (unsigned)forwards_get_mem(worker->env.fwds)); + if(worker->daemon->env->hints) + log_info("hints=%u", (unsigned)hints_get_mem(worker->env.hints)); if(worker->thread_num == 0) me += acl_list_get_mem(worker->daemon->acl); if(cur_serv) { @@ -1571,7 +1573,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error, if((ret=parse_edns_from_query_pkt( c->buffer, &edns, worker->env.cfg, c, repinfo, (worker->env.now ? *worker->env.now : time(NULL)), - worker->scratchpad)) != 0) { + worker->scratchpad, + worker->daemon->cookie_secrets)) != 0) { struct edns_data reply_edns; verbose(VERB_ALGO, "worker parse edns: formerror."); log_addr(VERB_CLIENT, "from", &repinfo->client_addr, diff --git a/usr.sbin/unbound/dns64/dns64.c b/usr.sbin/unbound/dns64/dns64.c index dcd7017bb..c637130a3 100644 --- a/usr.sbin/unbound/dns64/dns64.c +++ b/usr.sbin/unbound/dns64/dns64.c @@ -701,6 +701,7 @@ dns64_operate(struct module_qstate* qstate, enum module_ev event, int id, iq->state = DNS64_NEW_QUERY; iq->started_no_cache_store = qstate->no_cache_store; qstate->no_cache_store = 1; + ATTR_FALLTHROUGH /* fallthrough */ case module_event_pass: qstate->ext_state[id] = handle_event_pass(qstate, id); @@ -1044,8 +1045,8 @@ dns64_get_mem(struct module_env* env, int id) */ static struct module_func_block dns64_block = { "dns64", - &dns64_init, &dns64_deinit, &dns64_operate, &dns64_inform_super, - &dns64_clear, &dns64_get_mem + NULL, NULL, &dns64_init, &dns64_deinit, &dns64_operate, + &dns64_inform_super, &dns64_clear, &dns64_get_mem }; /** diff --git a/usr.sbin/unbound/dnstap/dnstap.c b/usr.sbin/unbound/dnstap/dnstap.c index 5cdda0c2d..cff308f93 100644 --- a/usr.sbin/unbound/dnstap/dnstap.c +++ b/usr.sbin/unbound/dnstap/dnstap.c @@ -86,6 +86,31 @@ dt_pack(const Dnstap__Dnstap *d, void **buf, size_t *sz) return 1; } +/** See if the message is sent due to dnstap sample rate */ +static int +dt_sample_rate_limited(struct dt_env* env) +{ + lock_basic_lock(&env->sample_lock); + /* Sampling is every [n] packets. Where n==1, every packet is sent */ + if(env->sample_rate > 1) { + int submit = 0; + /* if sampling is engaged... */ + if (env->sample_rate_count > env->sample_rate) { + /* once the count passes the limit */ + /* submit the message */ + submit = 1; + /* and reset the count */ + env->sample_rate_count = 0; + } + /* increment count regardless */ + env->sample_rate_count++; + lock_basic_unlock(&env->sample_lock); + return !submit; + } + lock_basic_unlock(&env->sample_lock); + return 0; +} + static void dt_send(const struct dt_env *env, void *buf, size_t len_buf) { @@ -146,6 +171,7 @@ dt_create(struct config_file* cfg) env = (struct dt_env *) calloc(1, sizeof(struct dt_env)); if (!env) return NULL; + lock_basic_init(&env->sample_lock); env->dtio = dt_io_thread_create(); if(!env->dtio) { @@ -241,6 +267,12 @@ dt_apply_cfg(struct dt_env *env, struct config_file *cfg) { verbose(VERB_OPS, "dnstap Message/FORWARDER_RESPONSE enabled"); } + lock_basic_lock(&env->sample_lock); + if((env->sample_rate = (unsigned int)cfg->dnstap_sample_rate)) + { + verbose(VERB_OPS, "dnstap SAMPLE_RATE enabled and set to \"%d\"", (int)env->sample_rate); + } + lock_basic_unlock(&env->sample_lock); } int @@ -273,6 +305,7 @@ dt_delete(struct dt_env *env) if (!env) return; dt_io_thread_delete(env->dtio); + lock_basic_destroy(&env->sample_lock); free(env->identity); free(env->version); free(env); @@ -409,6 +442,9 @@ dt_msg_send_client_query(struct dt_env *env, struct dt_msg dm; struct timeval qtime; + if(dt_sample_rate_limited(env)) + return; + if(tstamp) memcpy(&qtime, tstamp, sizeof(qtime)); else gettimeofday(&qtime, NULL); @@ -447,6 +483,9 @@ dt_msg_send_client_response(struct dt_env *env, struct dt_msg dm; struct timeval rtime; + if(dt_sample_rate_limited(env)) + return; + gettimeofday(&rtime, NULL); /* type */ @@ -484,6 +523,9 @@ dt_msg_send_outside_query(struct dt_env *env, struct timeval qtime; uint16_t qflags; + if(dt_sample_rate_limited(env)) + return; + gettimeofday(&qtime, NULL); qflags = sldns_buffer_read_u16_at(qmsg, 2); @@ -537,6 +579,9 @@ dt_msg_send_outside_response(struct dt_env *env, struct dt_msg dm; uint16_t qflags; + if(dt_sample_rate_limited(env)) + return; + (void)qbuf_len; log_assert(qbuf_len >= sizeof(qflags)); memcpy(&qflags, qbuf, sizeof(qflags)); qflags = ntohs(qflags); diff --git a/usr.sbin/unbound/dnstap/dnstap.h b/usr.sbin/unbound/dnstap/dnstap.h index 77914c20c..21c033697 100644 --- a/usr.sbin/unbound/dnstap/dnstap.h +++ b/usr.sbin/unbound/dnstap/dnstap.h @@ -39,6 +39,7 @@ #ifdef USE_DNSTAP +#include "util/locks.h" struct config_file; struct sldns_buffer; struct dt_msg_queue; @@ -75,6 +76,13 @@ struct dt_env { unsigned log_forwarder_query_messages : 1; /** whether to log Message/FORWARDER_RESPONSE */ unsigned log_forwarder_response_messages : 1; + + /** lock on sample count */ + lock_basic_type sample_lock; + /** rate limit value from config, samples 1/N messages */ + unsigned int sample_rate; + /** rate limit counter */ + unsigned int sample_rate_count; }; /** diff --git a/usr.sbin/unbound/dnstap/dnstap.m4 b/usr.sbin/unbound/dnstap/dnstap.m4 index 80b7bc92c..a400a2ffb 100644 --- a/usr.sbin/unbound/dnstap/dnstap.m4 +++ b/usr.sbin/unbound/dnstap/dnstap.m4 @@ -34,8 +34,7 @@ AC_DEFUN([dt_DNSTAP], LDFLAGS="$LDFLAGS -L$withval/lib" ], [ - ifdef([PKG_CHECK_MODULES], - [ + if test -n "$PKG_CONFIG"; then PKG_CHECK_MODULES([PROTOBUFC], [libprotobuf-c], [ CFLAGS="$CFLAGS $PROTOBUFC_CFLAGS" @@ -56,8 +55,7 @@ AC_DEFUN([dt_DNSTAP], fi ] ) - ], - [ + else # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 if test -f /usr/include/google/protobuf-c/protobuf-c.h; then CFLAGS="$CFLAGS -I/usr/include/google" @@ -67,8 +65,7 @@ AC_DEFUN([dt_DNSTAP], LDFLAGS="$LDFLAGS -L/usr/local/lib" fi fi - ] - ) + fi ] ) AC_SEARCH_LIBS([protobuf_c_message_pack], [protobuf-c], [], diff --git a/usr.sbin/unbound/dnstap/dtstream.c b/usr.sbin/unbound/dnstap/dtstream.c index 6ab10ecb2..09cca3424 100644 --- a/usr.sbin/unbound/dnstap/dtstream.c +++ b/usr.sbin/unbound/dnstap/dtstream.c @@ -176,10 +176,7 @@ void mq_wakeup_cb(void* arg) { struct dt_msg_queue* mq = (struct dt_msg_queue*)arg; - /* even if the dtio is already active, because perhaps much - * traffic suddenly, we leave the timer running to save on - * managing it, the once a second timer is less work then - * starting and stopping the timer frequently */ + lock_basic_lock(&mq->dtio->wakeup_timer_lock); mq->dtio->wakeup_timer_enabled = 0; lock_basic_unlock(&mq->dtio->wakeup_timer_lock); @@ -210,6 +207,8 @@ dt_msg_queue_start_timer(struct dt_msg_queue* mq, int wakeupnow) lock_basic_lock(&mq->dtio->wakeup_timer_lock); if(mq->dtio->wakeup_timer_enabled) { if(wakeupnow) { + tv.tv_sec = 0; + tv.tv_usec = 0; comm_timer_set(mq->wakeup_timer, &tv); } lock_basic_unlock(&mq->dtio->wakeup_timer_lock); @@ -221,8 +220,14 @@ dt_msg_queue_start_timer(struct dt_msg_queue* mq, int wakeupnow) if(!wakeupnow) { tv.tv_sec = 1; tv.tv_usec = 0; - } + /* If it is already set, keep it running. */ + if(!comm_timer_is_set(mq->wakeup_timer)) comm_timer_set(mq->wakeup_timer, &tv); + } else { + tv.tv_sec = 0; + tv.tv_usec = 0; + comm_timer_set(mq->wakeup_timer, &tv); + } lock_basic_unlock(&mq->dtio->wakeup_timer_lock); } @@ -260,8 +265,9 @@ dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len) /* acquire lock */ lock_basic_lock(&mq->lock); - /* if list was empty, start timer for (eventual) wakeup */ - if(mq->first == NULL) + /* if list was empty, start timer for (eventual) wakeup, + * or if dtio is not writing now an eventual wakeup is needed. */ + if(mq->first == NULL || !mq->dtio->event_added_is_write) wakeupstarttimer = 1; /* if list contains more than wakeupnum elements, wakeup now, * or if list is (going to be) almost full */ @@ -1259,6 +1265,13 @@ static void dtio_sleep(struct dt_io_thread* dtio) /* unregister the event polling for write, because there is * nothing to be written */ (void)dtio_add_output_event_read(dtio); + + /* Set wakeuptimer enabled off; so that the next worker thread that + * wants to log starts a timer if needed, since the writer thread + * has gone to sleep. */ + lock_basic_lock(&dtio->wakeup_timer_lock); + dtio->wakeup_timer_enabled = 0; + lock_basic_unlock(&dtio->wakeup_timer_lock); } #ifdef HAVE_SSL @@ -1322,7 +1335,11 @@ static int dtio_ssl_check_peer(struct dt_io_thread* dtio) if((SSL_get_verify_mode(dtio->ssl)&SSL_VERIFY_PEER)) { /* verification */ if(SSL_get_verify_result(dtio->ssl) == X509_V_OK) { +#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE + X509* x = SSL_get1_peer_certificate(dtio->ssl); +#else X509* x = SSL_get_peer_certificate(dtio->ssl); +#endif if(!x) { verbose(VERB_ALGO, "dnstap io, %s, SSL " "connection failed no certificate", @@ -1347,7 +1364,11 @@ static int dtio_ssl_check_peer(struct dt_io_thread* dtio) #endif X509_free(x); } else { +#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE + X509* x = SSL_get1_peer_certificate(dtio->ssl); +#else X509* x = SSL_get_peer_certificate(dtio->ssl); +#endif if(x) { log_cert(VERB_ALGO, "dnstap io, peer " "certificate", x); @@ -1489,8 +1510,10 @@ void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg) #endif if((bits&UB_EV_READ || dtio->ssl_brief_write)) { +#ifdef HAVE_SSL if(dtio->ssl_brief_write) (void)dtio_disable_brief_write(dtio); +#endif if(dtio->ready_frame_sent && !dtio->accept_frame_received) { if(dtio_read_accept_frame(dtio) <= 0) return; @@ -1513,7 +1536,21 @@ void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg) /* no messages on the first iteration, * the queues are all empty */ dtio_sleep(dtio); + /* After putting to sleep, see if + * a message is in a message queue, + * if so, resume service. Stops a + * race condition where a thread could + * have one message but the dtio + * also just went to sleep. With the + * message queued between the + * dtio_find_msg and dtio_sleep + * calls. */ + if(dtio_find_msg(dtio)) { + if(!dtio_add_output_event_write(dtio)) + return; + } } + if(!dtio->cur_msg) return; /* nothing to do */ } } diff --git a/usr.sbin/unbound/dnstap/unbound-dnstap-socket.c b/usr.sbin/unbound/dnstap/unbound-dnstap-socket.c index 4e426791f..6efdc7a26 100644 --- a/usr.sbin/unbound/dnstap/unbound-dnstap-socket.c +++ b/usr.sbin/unbound/dnstap/unbound-dnstap-socket.c @@ -85,6 +85,7 @@ static void usage(char* argv[]) printf("-z cert file to verify client connections\n"); printf("-l long format for DNS printout\n"); printf("-v more verbose log output\n"); + printf("-c internal unit test and exit\n"); printf("-h this help text\n"); exit(1); } @@ -102,6 +103,14 @@ struct main_tap_data { struct tap_socket_list* acceptlist; }; +/* list of data */ +struct tap_data_list { + /** next in list */ + struct tap_data_list* next; + /** the data */ + struct tap_data* d; +}; + /** tap callback variables */ struct tap_data { /** the fd */ @@ -128,6 +137,10 @@ struct tap_data { uint8_t* frame; /** length of this frame */ size_t len; + /** back pointer to the tap_data_list entry; + * used to NULL the forward pointer to this data + * when this data is freed. */ + struct tap_data_list* data_list; }; /** list of sockets */ @@ -156,8 +169,89 @@ struct tap_socket { char* ip; /** for a TLS socket, the tls context */ SSL_CTX* sslctx; + /** dumb way to deal with memory leaks: + * tap_data was only freed on errors and not during exit leading to + * false positives when testing for memory leaks. */ + struct tap_data_list* data_list; }; +/** try to delete tail entries from the list if all of them have no data */ +static void tap_data_list_try_to_free_tail(struct tap_data_list* list) +{ + struct tap_data_list* current = list; + log_assert(!list->d); + if(!list->next) /* we are the last, we can't remove ourselves */ + return; + list = list->next; + while(list) { + if(list->d) /* a tail entry still has data; return */ + return; + list = list->next; + } + /* keep the next */ + list = current->next; + /* the tail will be removed; but not ourselves */ + current->next = NULL; + while(list) { + current = list; + list = list->next; + free(current); + } +} + +/** delete the tap structure */ +static void tap_data_free(struct tap_data* data, int free_tail) +{ + if(!data) + return; + if(data->ev) { + ub_event_del(data->ev); + ub_event_free(data->ev); + } +#ifdef HAVE_SSL + SSL_free(data->ssl); +#endif + sock_close(data->fd); + free(data->id); + free(data->frame); + if(data->data_list) { + data->data_list->d = NULL; + if(free_tail) + tap_data_list_try_to_free_tail(data->data_list); + } + free(data); +} + +/** insert tap_data in the tap_data_list */ +static int tap_data_list_insert(struct tap_data_list** liststart, + struct tap_data* d) +{ + struct tap_data_list* entry = (struct tap_data_list*) + malloc(sizeof(*entry)); + if(!entry) + return 0; + entry->next = *liststart; + entry->d = d; + d->data_list = entry; + *liststart = entry; + return 1; +} + +/** delete the tap_data_list and free any remaining tap_data */ +static void tap_data_list_delete(struct tap_data_list* list) +{ + struct tap_data_list* e = list, *next; + while(e) { + next = e->next; + if(e->d) { + tap_data_free(e->d, 0); + e->d = NULL; + } + free(e); + e = next; + } +} + /** del the tap event */ static void tap_socket_delev(struct tap_socket* s) { @@ -173,7 +267,7 @@ static void tap_socket_close(struct tap_socket* s) { if(!s) return; if(s->fd == -1) return; - close(s->fd); + sock_close(s->fd); s->fd = -1; } @@ -184,6 +278,7 @@ static void tap_socket_delete(struct tap_socket* s) #ifdef HAVE_SSL SSL_CTX_free(s->sslctx); #endif + tap_data_list_delete(s->data_list); ub_event_free(s->ev); free(s->socketpath); free(s->ip); @@ -728,27 +823,12 @@ static ssize_t tap_receive(struct tap_data* data, void* buf, size_t len) return receive_bytes(data, data->fd, buf, len); } -/** delete the tap structure */ -static void tap_data_free(struct tap_data* data) -{ - ub_event_del(data->ev); - ub_event_free(data->ev); -#ifdef HAVE_SSL - SSL_free(data->ssl); -#endif - close(data->fd); - free(data->id); - free(data->frame); - free(data); -} - /** reply with ACCEPT control frame to bidirectional client, * returns 0 on error */ static int reply_with_accept(struct tap_data* data) { #ifdef USE_DNSTAP /* len includes the escape and framelength */ - int r; size_t len = 0; void* acceptframe = fstrm_create_control_frame_accept( DNSTAP_CONTENT_TYPE, &len); @@ -759,6 +839,8 @@ static int reply_with_accept(struct tap_data* data) fd_set_block(data->fd); if(data->ssl) { +#ifdef HAVE_SSL + int r; if((r=SSL_write(data->ssl, acceptframe, len)) <= 0) { int r2; if((r2=SSL_get_error(data->ssl, r)) == SSL_ERROR_ZERO_RETURN) @@ -769,6 +851,7 @@ static int reply_with_accept(struct tap_data* data) free(acceptframe); return 0; } +#endif } else { if(send(data->fd, acceptframe, len, 0) == -1) { log_err("send failed: %s", sock_strerror(errno)); @@ -804,6 +887,7 @@ static int reply_with_finish(struct tap_data* data) fd_set_block(data->fd); if(data->ssl) { +#ifdef HAVE_SSL int r; if((r=SSL_write(data->ssl, finishframe, len)) <= 0) { int r2; @@ -815,6 +899,7 @@ static int reply_with_finish(struct tap_data* data) free(finishframe); return 0; } +#endif } else { if(send(data->fd, finishframe, len, 0) == -1) { log_err("send failed: %s", sock_strerror(errno)); @@ -842,7 +927,11 @@ static int tap_check_peer(struct tap_data* data) if((SSL_get_verify_mode(data->ssl)&SSL_VERIFY_PEER)) { /* verification */ if(SSL_get_verify_result(data->ssl) == X509_V_OK) { +#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE + X509* x = SSL_get1_peer_certificate(data->ssl); +#else X509* x = SSL_get_peer_certificate(data->ssl); +#endif if(!x) { if(verbosity) log_info("SSL connection %s" " failed no certificate", data->id); @@ -864,7 +953,11 @@ static int tap_check_peer(struct tap_data* data) #endif X509_free(x); } else { +#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE + X509* x = SSL_get1_peer_certificate(data->ssl); +#else X509* x = SSL_get_peer_certificate(data->ssl); +#endif if(x) { if(verbosity) log_cert(VERB_ALGO, "peer certificate", x); @@ -906,7 +999,7 @@ static int tap_handshake(struct tap_data* data) return 0; } else if(r == 0) { /* closed */ - tap_data_free(data); + tap_data_free(data, 1); return 0; } else if(want == SSL_ERROR_SYSCALL) { /* SYSCALL and errno==0 means closed uncleanly */ @@ -924,7 +1017,7 @@ static int tap_handshake(struct tap_data* data) if(!silent) log_err("SSL_handshake syscall: %s", strerror(errno)); - tap_data_free(data); + tap_data_free(data, 1); return 0; } else { unsigned long err = ERR_get_error(); @@ -934,7 +1027,7 @@ static int tap_handshake(struct tap_data* data) verbose(VERB_OPS, "ssl handshake failed " "from %s", data->id); } - tap_data_free(data); + tap_data_free(data, 1); return 0; } } @@ -942,7 +1035,7 @@ static int tap_handshake(struct tap_data* data) data->ssl_handshake_done = 1; if(!tap_check_peer(data)) { /* closed */ - tap_data_free(data); + tap_data_free(data, 1); return 0; } return 1; @@ -968,7 +1061,7 @@ void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(bits), void* arg) if(verbosity>=4) log_info("s recv %d", (int)ret); if(ret == 0) { /* closed or error */ - tap_data_free(data); + tap_data_free(data, 1); return; } else if(ret == -1) { /* continue later */ @@ -990,7 +1083,7 @@ void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(bits), void* arg) data->frame = calloc(1, data->len); if(!data->frame) { log_err("out of memory"); - tap_data_free(data); + tap_data_free(data, 1); return; } } @@ -1003,7 +1096,7 @@ void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(bits), void* arg) if(verbosity>=4) log_info("f recv %d", (int)r); if(r == 0) { /* closed or error */ - tap_data_free(data); + tap_data_free(data, 1); return; } else if(r == -1) { /* continue later */ @@ -1028,13 +1121,13 @@ void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(bits), void* arg) data->is_bidirectional = 1; if(verbosity) log_info("bidirectional stream"); if(!reply_with_accept(data)) { - tap_data_free(data); + tap_data_free(data, 1); return; } } else if(data->len >= 4 && sldns_read_uint32(data->frame) == FSTRM_CONTROL_FRAME_STOP && data->is_bidirectional) { if(!reply_with_finish(data)) { - tap_data_free(data); + tap_data_free(data, 1); return; } } @@ -1046,7 +1139,6 @@ void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(bits), void* arg) data->len = 0; data->len_done = 0; data->data_done = 0; - } /** callback for main listening file descriptor */ @@ -1129,6 +1221,8 @@ void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg) &dtio_tap_callback, data); if(!data->ev) fatal_exit("could not ub_event_new"); if(ub_event_add(data->ev, NULL) != 0) fatal_exit("could not ub_event_add"); + if(!tap_data_list_insert(&tap_sock->data_list, data)) + fatal_exit("could not tap_data_list_insert"); } /** setup local accept sockets */ @@ -1243,6 +1337,114 @@ setup_and_run(struct config_strlist_head* local_list, free(maindata); } +/* internal unit tests */ +static int internal_unittest() +{ + /* unit test tap_data_list_try_to_free_tail() */ +#define unit_tap_datas_max 5 + struct tap_data* datas[unit_tap_datas_max]; + struct tap_data_list* list; + struct tap_socket* socket = calloc(1, sizeof(*socket)); + size_t i = 0; + log_assert(socket); + log_assert(unit_tap_datas_max>2); /* needed for the test */ + for(i=0; idata_list, datas[i])); + } + /* sanity base check */ + list = socket->data_list; + for(i=0; list; i++) list = list->next; + log_assert(i==unit_tap_datas_max); + + /* Free the last data, tail cannot be erased */ + list = socket->data_list; + while(list->next) list = list->next; + free(list->d); + list->d = NULL; + tap_data_list_try_to_free_tail(list); + list = socket->data_list; + for(i=0; list; i++) list = list->next; + log_assert(i==unit_tap_datas_max); + + /* Free the third to last data, tail cannot be erased */ + list = socket->data_list; + for(i=0; inext; + free(list->d); + list->d = NULL; + tap_data_list_try_to_free_tail(list); + list = socket->data_list; + for(i=0; list; i++) list = list->next; + log_assert(i==unit_tap_datas_max); + + /* Free the second to last data, try to remove tail from the third + * again, tail (last 2) should be removed */ + list = socket->data_list; + for(i=0; inext; + free(list->d); + list->d = NULL; + list = socket->data_list; + while(list->d) list = list->next; + tap_data_list_try_to_free_tail(list); + list = socket->data_list; + for(i=0; list; i++) list = list->next; + log_assert(i==unit_tap_datas_max-2); + + /* Free all the remaining data, try to remove tail from the start, + * only the start should remain */ + list = socket->data_list; + while(list) { + free(list->d); + list->d = NULL; + list = list->next; + } + tap_data_list_try_to_free_tail(socket->data_list); + list = socket->data_list; + for(i=0; list; i++) list = list->next; + log_assert(i==1); + + /* clean up */ + tap_data_list_delete(socket->data_list); + free(socket); + + /* Start again. Add two elements */ + socket = calloc(1, sizeof(*socket)); + log_assert(socket); + for(i=0; i<2; i++) { + datas[i] = calloc(1, sizeof(struct tap_data)); + log_assert(datas[i]); + log_assert(tap_data_list_insert(&socket->data_list, datas[i])); + } + /* sanity base check */ + list = socket->data_list; + for(i=0; list; i++) list = list->next; + log_assert(i==2); + + /* Free the last data, tail cannot be erased */ + list = socket->data_list; + while(list->next) list = list->next; + free(list->d); + list->d = NULL; + tap_data_list_try_to_free_tail(list); + list = socket->data_list; + for(i=0; list; i++) list = list->next; + log_assert(i==2); + + /* clean up */ + tap_data_list_delete(socket->data_list); + free(socket); + + if(log_get_lock()) { + lock_basic_destroy((lock_basic_type*)log_get_lock()); + } + checklock_stop(); +#ifdef USE_WINSOCK + WSACleanup(); +#endif + return 0; +} + /** getopt global, in case header files fail to declare it. */ extern int optind; /** getopt global, in case header files fail to declare it. */ @@ -1293,7 +1495,7 @@ int main(int argc, char** argv) #endif /* command line options */ - while( (c=getopt(argc, argv, "hls:t:u:vx:y:z:")) != -1) { + while( (c=getopt(argc, argv, "hcls:t:u:vx:y:z:")) != -1) { switch(c) { case 'u': if(!cfg_strlist_append(&local_list, @@ -1329,6 +1531,12 @@ int main(int argc, char** argv) case 'v': verbosity++; break; + case 'c': +#ifndef UNBOUND_DEBUG + fatal_exit("-c option needs compilation with " + "--enable-debug"); +#endif + return internal_unittest(); case 'h': case '?': default: @@ -1365,6 +1573,9 @@ int main(int argc, char** argv) config_delstrlist(tcp_list.first); config_delstrlist(tls_list.first); + if(log_get_lock()) { + lock_basic_destroy((lock_basic_type*)log_get_lock()); + } checklock_stop(); #ifdef USE_WINSOCK WSACleanup(); diff --git a/usr.sbin/unbound/doc/Changelog b/usr.sbin/unbound/doc/Changelog index 065619b4c..7d661cac4 100644 --- a/usr.sbin/unbound/doc/Changelog +++ b/usr.sbin/unbound/doc/Changelog @@ -1,8 +1,273 @@ +9 August 2024: Wouter + - Fix spelling for the cache-min-negative-ttl entry in the + example.conf. + +8 August 2024: Wouter + - Fix CAMP issues with global quota. Thanks to Huayi Duan, Marco + Bearzi, Jodok Vieli, and Cagin Tanir from NetSec group, ETH Zurich. + - Fix CacheFlush issues with limit on NS RRs. Thanks to Yehuda Afek, + Anat Bremler-Barr, Shoham Danino and Yuval Shavitt (Tel-Aviv + University and Reichman University). + - Set version number to 1.21.0 for release. + - Fix that for windows the module startup is called and sets up + the module-config. + +2 August 2024: Wouter + - Fix that alloc stats has strdup checks, it stops debuggers from + complaining about mismatch at free time. + - Fix testbound for alloc stats strdup in util/alloc.c. + - Merge #1090: Cookie secret file. Adds + `cookie-secret-file: "unbound_cookiesecrets.txt"` option to store + cookie secrets for EDNS COOKIE secret rollover. The remote control + add_cookie_secret, activate_cookie_secret and drop_cookie_secret + commands can be used for rollover, the command print_cookie_secrets + shows the values in use. + - Fix that alloc stats for forwards and hints are printed, and when + alloc stats is enabled, the unit test for unbound control waits for + reloads to complete. + +1 August 2024: Wouter + - Fix dnstap test program, cleans up to have clean memory on exit, + for tap_data_free, does not delete NULL items. Also it does not try + to free the tail, specifically in the free of the list since that + picked up the next item in the list for its loop causing invalid + free. Added internal unit test to unbound-dnstap-socket for that. + - Fix that the worker mem report with alloc stats does not attempt + to print memory use of forwards and hints if they have been + deleted already. + +31 July 2024: Wouter + - Fix for #1114: Fix that cache fill for forward-host names is + performed, so that with nonzero target-fetch-policy it fetches + forwarder addresses and uses them from cache. Also updated that + delegation point cache fill routines use CDflag for AAAA message + lookups, so that its negative lookup stops a recursion since the + cache uses the bit for disambiguation for dns64 but the recursion + uses CDflag for the AAAA target lookups, so the check correctly + stops a useless recursion by its cache lookup. + +30 July 2024: Wouter + - Fix to document parameters of auth_zone_verify_zonemd_with_key. + +25 July 2024: Wouter + - Add root key 38696 from 2024 for DNSSEC validation. It is added + to the default root keys in unbound-anchor. The content can be + inspected with `unbound-anchor -l`. + +23 July 2024: Yorgos + - Fix #1106: ratelimit-below-domain logs the wrong FROM address. + - Cleanup ede.tdir test. + - For #935 and #1104, clarify RPZ order and semantics. + +23 July 2024: Wouter + - Merge #1110: Make fallthrough explicit for libworker.c. + - For #1110: Test for fallthrough attribute in configure and add + fallthrough attribute annotations. + - Fix compile when the compiler does not support the noreturn + attribute. + - Fix to have empty definition when not supported for weak attribute. + - Fix uninitialized variable warning in create_tcp_accept_sock. + - Fix link of dnstap without openssl. + - Fix link of unbound-dnstap-socket without openssl. + +19 July 2024: Wouter + - Add dnstap-sample-rate that logs only 1/N messages, for high volume + server environments. Thanks Dan Luther. + - Fix dnstap wakeup, a running wakeup timer is left to expire and not + increased, a timer is started when the dtio thread is sleeping, + the timer set disabled when the dtio thread goes to sleep, and + after sleep the thread checks to see if there are messages to log + immediately. + +16 July 2024: Wouter + - For #1103: Fix to drop mesh state reference for the http2 stream + associated with the reply, not the currently active stream. And + it does not remove it twice on a mesh_send_reply call. The reply + h2_stream is NULL when not in use, for more initialisation. + +15 July 2024: Wouter + - For #1103: fix to also drop mesh state reference when the discard + limit is reached, when there is an error making a new recursion + state and when the connection is dropped with is_drop. + +12 July 2024: Yorgos + - Add RPZ tag tests in acl_interface.tdir. + - For #1102: clearer text for using interface-* options for the + loopback interface. + +12 July 2024: Wouter + - Fix #1103: unbound 1.20.0 segmentation fault with nghttp2. + - For #1103: fix to also drop mesh state reference when a h2 reply is + dropped. + +10 July 2024: Wouter + - For #773: In contrib/unbound.service.in set unbound to start after + network-online.target. Also for contrib/unbound_portable.service.in. + +9 July 2024: Yorgos + - Update list of known EDE codes. + +8 July 2024: Wouter + - Fix that validation reason failure that uses string print uses + separate buffer that is passed, from the scratch validation buffer. + - Fixup algo_needs_reason string buffer length. + - Fix shadowed error string variable in validator dnskey handling. + +5 July 2024: Yorgos + - Don't check for message TTL changes if the RRsets remain the same. + +5 July 2024: Wouter + - Fix for neater printout for error for missing DS response. + - Fix neater printout. + - Fix #1099: Unbound core dump on SIGSEGV. + - Fix for #1099: Fix to check for deleted RRset when the contents + is updated and fetched after it is stored, and also check for a + changed RRset. + +4 July 2024: Wouter + - Fix to print details about the failure to lookup a DNSKEY record + when validation fails due to the missing DNSKEY. Also for key prime + and DS lookups. + +3 July 2024: Yorgos + - Fix for repeated use of a DNAME record: first overallocate and then + move the exact size of the init value to avoid false positive heap + overflow reads from address sanitizers. + +3 July 2024: Wouter + - Fix #144: Port ipset to BSD pf tables. + - Add unit test skip files and bison and flex output to gitignore. + - Fix to use modstack_init in zonemd unit test. + - Fix to remove unneeded linebreak in fptr_wlist.c. + - Fix compile warnings in fptr_wlist.c. + +2 July 2024: Wouter + - Fix to remove unused include from the readzone test program. + - Fix unused variable warning in do_cache_remove. + - Fix compile warning in worker pthread id printout. + +17 June 2024: Wouter + - Fix ip-ratelimit-cookie setting, it was not applied. + +26 June 2024: Yorgos + - Explicitly set the RD bit for the mesh query flags when prefetching. + These queries have no waiting client but they need to be treated as + recursive. + +21 June 2024: Yorgos + - Fix pkg-config availability check in dnstap/dnstap.m4 and + systemd.m4. + +19 June 2024: Yorgos + - Fix #1092: Ubuntu 22.04 Jammy fails to compile unbound 1.20.0; by + adding helpful text for the Python interpreter version and allowing + the default pkg-config unavailability error message to be shown. + +17 June 2024: Wouter + - Fix #1091: Build fails with OpenSSL >= 3.0 built with + OPENSSL_NO_DEPRECATED. + +7 June 2024: Wouter + - Add unit test for validation of repeated use of a DNAME record. + +6 June 2024: Wouter + - Fix memory leak in setup of dsa sig. + - Fix typos for 'the the' in text. + - Fix validation for repeated use of a DNAME record. + +4 June 2024: Yorgos + - Merge #1080: AddressSanitizer detection in tdir tests and memory leak + fixes. + - Fix memory leak when reload_keep_cache is used and num-threads + changes. + - Fix memory leak on exit for unbound-dnstap-socket; creates false + negatives during testing. + +3 June 2024: Wouter + - Fix to squelch connection reset by peer errors from log. And fix + that the tcp read errors are labeled as initial for the first calls. + +30 May 2024: Wouter + - Fix #1079: tags from tagged rpz zones are no longer honored after + upgrade from 1.19.3 to 1.20.0. + - Fix for #1079: fix RPZ taglist in iterator callback that no client + info is like no taglist intersection. + +29 May 2024: Wouter + - Merge #1078: Only check old pid if no username. + +27 May 2024: Wouter + - Fix to enable that SERVFAIL is cached, for a short period, for more + cases. In the cases where limits are exceeded. + - Fix spelling of tcp-idle-timeout docs, from Michael Tokarev. + +27 May 2024: Yorgos + - Fix unused variable warning on compilation with no thread support. + - unbound-control-setup: check openssl availability before doing + anything, patch from Michael Tokarev. + - Update patch to remove 'command' shell builtin and update error + text. + +24 May 2024: Wouter + - Fix #1064: Unbound 1.20 Cachedb broken? + +24 May 2024: Yorgos + - Fix #1059: Intermittent DNS blocking failure with local-zone and + always_nxdomain. Addition of local_zones dynamically via + unbound-control was not finding the zone's parent correctly. + +21 May 2024: Wouter + - Merge #1073: fix null pointer dereference issue in function + ub_ctx_set_fwd. + - Fix to print a parse error when config is read with no name for + a forward-zone, stub-zone or view. + - Fix for parse end of forward-zone, stub-zone and view. + - Fix for #1064: Fix that cachedb expired messages are considered + insecure, and thus can be served to clients when dnssec is enabled. + +17 May 2024: Yorgos + - Merge #1069: Fix unbound-control stdin commands for multi-process + Unbounds. + - Fix unbound-control commands that read stdin in multi-process + operation (local_zones_remove, local_zones, local_datas_remove, + local_datas, view_local_datas_remove, view_local_datas). They will + be properly distributed to all processes. dump_cache and load_cache + are no longer supported in multi-process operation. + - Remove testdata/remote-threaded.tdir. testdata/09-unbound-control.tdir + now checks both single and multi process/thread operation. + +16 May 2024: Yorgos + - Merge #1070: Fix rtt assignement for low values of + infra-cache-max-rtt. + +16 May 2024: Wouter + - Fix #1071: [FR] Clear both in-memory and cachedb module cache with + `unbound-control flush*` commands. + +15 May 2024: Yorgos + - Add missing common functions to tdir tests. + +10 May 2024: Wouter + - Fix when the mesh jostle is exceeded that nameserver targets are + marked as resolved, so that the lookup is not stuck on the + requestlist. + +8 May 2024: Wouter + - Fix to squelch udp connect errors in the log at low verbosity about + invalid argument for IPv6 link local addresses. + +7 May 2024: Wouter + - Merge #1062: Fix potential overflow bug while parsing port in + function cfg_mark_ports. + - Fix for #1062: declaration before statement, avoid print of null, + and redundant check for array size. + 1 May 2024: Wouter - Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li from the Network and Information Security Lab of Tsinghua University for reporting it. - - Set version number to 1.20.0 for release. + - Set version number to 1.20.0 for release. This became the release + on 8 may 2024, the repository continues with version 1.20.1. 29 April 2024: Yorgos - Cleanup unnecessary strdup calls for EDE strings. diff --git a/usr.sbin/unbound/doc/README b/usr.sbin/unbound/doc/README index 717dcc8e8..1c7c6e8c0 100644 --- a/usr.sbin/unbound/doc/README +++ b/usr.sbin/unbound/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.20.0 +README for Unbound 1.21.0 Copyright 2007 NLnet Labs http://unbound.net diff --git a/usr.sbin/unbound/doc/example.conf.in b/usr.sbin/unbound/doc/example.conf.in index 0564fd5a0..7fdfee0f3 100644 --- a/usr.sbin/unbound/doc/example.conf.in +++ b/usr.sbin/unbound/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.20.0. +# See unbound.conf(5) man page, version 1.21.0. # # this is a comment. @@ -228,7 +228,7 @@ server: # the time to live (TTL) value lower bound, in seconds. Default 0. # For negative responses in the cache. If disabled, default, - # cache-min-tll applies if configured. + # cache-min-ttl applies if configured. # cache-min-negative-ttl: 0 # the time to live (TTL) value for cached roundtrip times, lameness and @@ -1044,6 +1044,11 @@ server: # example value "000102030405060708090a0b0c0d0e0f". # cookie-secret: <128 bit random hex string> + # File with cookie secrets, the 'cookie-secret:' option is ignored + # and the file can be managed to have staging and active secrets + # with remote control commands. Disabled with "". Default is "". + # cookie-secret-file: "/usr/local/etc/unbound_cookiesecrets.txt" + # Enable to attach Extended DNS Error codes (RFC8914) to responses. # ede: no @@ -1329,6 +1334,8 @@ remote-control: # dnstap-identity: "" # # if "" it uses the package version. # dnstap-version: "" +# # log only 1/N messages, if 0 it is disabled. default 0. +# dnstap-sample-rate: 0 # dnstap-log-resolver-query-messages: no # dnstap-log-resolver-response-messages: no # dnstap-log-client-query-messages: no @@ -1337,7 +1344,8 @@ remote-control: # dnstap-log-forwarder-response-messages: no # Response Policy Zones -# RPZ policies. Applied in order of configuration. QNAME, Response IP +# RPZ policies. Applied in order of configuration. Any match from an earlier +# RPZ zone will terminate the RPZ lookup. QNAME, Response IP # Address, nsdname, nsip and clientip triggers are supported. Supported # actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp-only # and drop. Policies can be loaded from a file, or using zone diff --git a/usr.sbin/unbound/doc/libunbound.3.in b/usr.sbin/unbound/doc/libunbound.3.in index 5dcfae662..9fe353f64 100644 --- a/usr.sbin/unbound/doc/libunbound.3.in +++ b/usr.sbin/unbound/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "May 8, 2024" "NLnet Labs" "unbound 1.20.0" +.TH "libunbound" "3" "Aug 15, 2024" "NLnet Labs" "unbound 1.21.0" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -44,7 +44,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.20.0 functions. +\- Unbound DNS validating resolver 1.21.0 functions. .SH "SYNOPSIS" .B #include .LP diff --git a/usr.sbin/unbound/doc/unbound-anchor.8.in b/usr.sbin/unbound/doc/unbound-anchor.8.in index edab220a9..efc526d6d 100644 --- a/usr.sbin/unbound/doc/unbound-anchor.8.in +++ b/usr.sbin/unbound/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "May 8, 2024" "NLnet Labs" "unbound 1.20.0" +.TH "unbound-anchor" "8" "Aug 15, 2024" "NLnet Labs" "unbound 1.21.0" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/usr.sbin/unbound/doc/unbound-checkconf.8.in b/usr.sbin/unbound/doc/unbound-checkconf.8.in index 75a26e411..402b1ee22 100644 --- a/usr.sbin/unbound/doc/unbound-checkconf.8.in +++ b/usr.sbin/unbound/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "May 8, 2024" "NLnet Labs" "unbound 1.20.0" +.TH "unbound-checkconf" "8" "Aug 15, 2024" "NLnet Labs" "unbound 1.21.0" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/usr.sbin/unbound/doc/unbound-control.8.in b/usr.sbin/unbound/doc/unbound-control.8.in index 251dde764..c33217feb 100644 --- a/usr.sbin/unbound/doc/unbound-control.8.in +++ b/usr.sbin/unbound/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "May 8, 2024" "NLnet Labs" "unbound 1.20.0" +.TH "unbound-control" "8" "Aug 15, 2024" "NLnet Labs" "unbound 1.21.0" .\" .\" unbound-control.8 -- unbound remote control manual .\" @@ -121,31 +121,38 @@ Remove local data RRs read from stdin of unbound\-control. Input is one name per line. For bulk removals. .TP .B dump_cache -The contents of the cache is printed in a text format to stdout. You can -redirect it to a file to store the cache in a file. +The content of the cache is printed in a text format to stdout. +You can redirect it to a file to store the cache in a file. +Not supported in remote Unbounds in multi-process operation. .TP .B load_cache -The contents of the cache is loaded from stdin. Uses the same format as -dump_cache uses. Loading the cache with old, or wrong data can result -in old or wrong data returned to clients. Loading data into the cache -in this way is supported in order to aid with debugging. +The content of the cache is loaded from stdin. +Uses the same format as dump_cache uses. +Loading the cache with old, or wrong data can result in old or wrong data +returned to clients. +Loading data into the cache in this way is supported in order to aid with +debugging. +Not supported in remote Unbounds in multi-process operation. .TP .B lookup \fIname Print to stdout the name servers that would be used to look up the name specified. .TP -.B flush \fIname +.B flush \fR[\fI+c\fR] \fIname Remove the name from the cache. Removes the types A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR, SVCB and HTTPS. Because that is fast to do. Other record types can be removed using .B flush_type or .B flush_zone\fR. +.IP +The '+c' option removes the items also from the cachedb cache. If +cachedb is in use. .TP -.B flush_type \fIname\fR \fItype +.B flush_type \fR[\fI+c\fR] \fIname\fR \fItype Remove the name, type information from the cache. .TP -.B flush_zone \fIname +.B flush_zone \fR[\fI+c\fR] \fIname Remove all information at or below the name from the cache. The rrsets and key entries are removed so that new lookups will be performed. This needs to walk and inspect the entire cache, and is a slow operation. @@ -153,10 +160,10 @@ The entries are set to expired in the implementation of this command (so, with serve\-expired enabled, it'll serve that information but schedule a prefetch for new information). .TP -.B flush_bogus +.B flush_bogus \fR[\fI+c\fR] Remove all bogus data from the cache. .TP -.B flush_negative +.B flush_negative \fR[\fI+c\fR] Remove all negative data from the cache. This is nxdomain answers, nodata answers and servfail answers. Also removes bad key entries (which could be due to failed lookups) from the dnssec key cache, and @@ -343,6 +350,41 @@ Remove a list of \fIlocal_data\fR for given view from stdin. Like local_datas_re .TP .B view_local_datas \fIview\fR Add a list of \fIlocal_data\fR for given view from stdin. Like local_datas. +.TP +.B add_cookie_secret +Add or replace a cookie secret persistently. needs to be an 128 bit +hex string. +.IP +Cookie secrets can be either \fIactive\fR or \fIstaging\fR. \fIActive\fR cookie +secrets are used to create DNS Cookies, but verification of a DNS Cookie +succeeds with any of the \fIactive\fR or \fIstaging\fR cookie secrets. The +state of the current cookie secrets can be printed with the +\fBprint_cookie_secrets\fR command. +.IP +When there are no cookie secrets configured yet, the is added as +\fIactive\fR. If there is already an \fIactive\fR cookie secret, the +is added as \fIstaging\fR or replacing an existing \fIstaging\fR secret. +.IP +To "roll" a cookie secret used in an anycast set. The new secret has to be +added as staging secret to \fBall\fR nodes in the anycast set. When \fBall\fR +nodes can verify DNS Cookies with the new secret, the new secret can be +activated with the \fBactivate_cookie_secret\fR command. After \fBall\fR nodes +have the new secret \fIactive\fR for at least one hour, the previous secret can +be dropped with the \fBdrop_cookie_secret\fR command. +.IP +Persistence is accomplished by writing to a file which if configured with the +\fBcookie\-secret\-file\fR option in the server section of the config file. +This is disabled by default, "". +.TP +.B drop_cookie_secret +Drop the \fIstaging\fR cookie secret. +.TP +.B activate_cookie_secret +Make the current \fIstaging\fR cookie secret \fIactive\fR, and the current +\fIactive\fR cookie secret \fIstaging\fR. +.TP +.B print_cookie_secrets +Show the current configured cookie secrets with their status. .SH "EXIT CODE" The unbound\-control program exits with status code 1 on error, 0 on success. .SH "SET UP" diff --git a/usr.sbin/unbound/doc/unbound-host.1.in b/usr.sbin/unbound/doc/unbound-host.1.in index 6192480cd..6826d7f3a 100644 --- a/usr.sbin/unbound/doc/unbound-host.1.in +++ b/usr.sbin/unbound/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "May 8, 2024" "NLnet Labs" "unbound 1.20.0" +.TH "unbound\-host" "1" "Aug 15, 2024" "NLnet Labs" "unbound 1.21.0" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/usr.sbin/unbound/doc/unbound.8.in b/usr.sbin/unbound/doc/unbound.8.in index 749f5c99c..335de4023 100644 --- a/usr.sbin/unbound/doc/unbound.8.in +++ b/usr.sbin/unbound/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "May 8, 2024" "NLnet Labs" "unbound 1.20.0" +.TH "unbound" "8" "Aug 15, 2024" "NLnet Labs" "unbound 1.21.0" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.20.0. +\- Unbound DNS validating resolver 1.21.0. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff --git a/usr.sbin/unbound/doc/unbound.conf.5.in b/usr.sbin/unbound/doc/unbound.conf.5.in index c8c8e7591..15faa77fa 100644 --- a/usr.sbin/unbound/doc/unbound.conf.5.in +++ b/usr.sbin/unbound/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "May 8, 2024" "NLnet Labs" "unbound 1.20.0" +.TH "unbound.conf" "5" "Aug 15, 2024" "NLnet Labs" "unbound 1.21.0" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -475,7 +475,7 @@ configured value if the number of free buffers falls below 35% of the total number configured, and finally to 0 if the number of free buffers falls below 20% of the total number configured. A minimum timeout of 200 milliseconds is observed regardless of the option value used. -It will be overriden by \fBedns\-tcp\-keepalive\-timeout\fR if +It will be overridden by \fBedns\-tcp\-keepalive\-timeout\fR if \fBedns\-tcp\-keepalive\fR is enabled. .TP .B tcp-reuse-timeout: \fI\fR @@ -752,7 +752,8 @@ transports, regardless of the presence of an DNS Cookie and regardless of the UDP queries without a DNS Cookie receive REFUSED responses with the TC flag set, that may trigger fall back to TCP for those clients. .IP -By default only localhost is \fIallow\fRed, the rest is \fIrefuse\fRd. +By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback +interface) is implicitly \fIallow\fRed, the rest is \fIrefuse\fRd. The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS protocol is not designed to handle dropped packets due to policy, and dropping may result in (possibly excessive) retried queries. @@ -788,8 +789,12 @@ Similar to \fBaccess\-control:\fR but for interfaces. .IP The action is the same as the ones defined under \fBaccess\-control:\fR. Interfaces are \fIrefuse\fRd by default. -By default only localhost (the IP netblock, not the loopback interface) is -\fIallow\fRed through the default \fBaccess\-control:\fR behavior. +By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback +interface) is implicitly \fIallow\fRed through the default +\fBaccess\-control:\fR behavior. +This also means that any attempt to use the \fBinterface-*:\fR options for the +loopback interface will not work as they will be overridden by the implicit +default "\fBaccess\-control:\fR 127.0.0.0/8 allow" option. .IP Note that the interface needs to be already specified with \fBinterface:\fR and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR @@ -1933,6 +1938,20 @@ Useful to explicitly set for servers in an anycast deployment that need to share the secret in order to verify each other's Server Cookies. An example hex string would be "000102030405060708090a0b0c0d0e0f". Default is a 128 bits random secret generated at startup time. +This option is ignored if a \fBcookie\-secret\-file\fR is +present. In that case the secrets from that file are used in DNS Cookie +calculations. +.TP 5 +.B cookie\-secret\-file: \fI +File from which the secrets are read used in DNS Cookie calculations. When this +file exists, the secrets in this file are used and the secret specified by the +\fBcookie-secret\fR option is ignored. +Enable it by setting a filename, like "/usr/local/etc/unbound_cookiesecrets.txt". +The content of this file must be manipulated with the \fBadd_cookie_secret\fR, +\fBdrop_cookie_secret\fR and \fBactivate_cookie_secret\fR commands to the +\fIunbound\-control\fR(8) tool. Please see that manpage on how to perform a +safe cookie secret rollover. +Default is "" (disabled). .TP 5 .B edns\-client\-string: \fI Include an EDNS0 option containing configured ascii string in queries with @@ -2802,6 +2821,13 @@ Default is "". The version to send with messages, if "" the package version is used. Default is "". .TP +.B dnstap-sample-rate: \fI +The sample rate for log of messages, it logs only 1/N messages. With 0 it +is disabled. Default is 0. This is useful in a high volume environment, +where log functionality would otherwise not be reliable. For example 10 +would spend only 1/10th time on logging, and 100 would only spend a +hundredth of the time on logging. +.TP .B dnstap-log-resolver-query-messages: \fI Enable to log resolver query messages. Default is no. These are messages from Unbound to upstream servers. @@ -2826,9 +2852,11 @@ Enable to log forwarder response messages. Default is no. .SS Response Policy Zone Options .LP Response Policy Zones are configured with \fBrpz:\fR, and each one must have a -\fBname:\fR. There can be multiple ones, by listing multiple rpz clauses, each -with a different name. RPZ clauses are applied in order of configuration. The -\fBrespip\fR module needs to be added to the \fBmodule-config\fR, e.g.: +\fBname:\fR. There can be multiple ones, by listing multiple RPZ clauses, each +with a different name. RPZ clauses are applied in order of configuration and +any match from an earlier RPZ zone will terminate the RPZ lookup. Note that a +PASSTHRU action is still considered a match. +The \fBrespip\fR module needs to be added to the \fBmodule-config\fR, e.g.: \fBmodule-config: "respip validator iterator"\fR. .P QNAME, Response IP Address, nsdname, nsip and clientip triggers are supported. @@ -2836,12 +2864,13 @@ Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp\-only and drop. RPZ QNAME triggers are applied after \fBlocal\-zones\fR and before \fBauth\-zones\fR. .P -The rpz zone is formatted with a SOA start record as usual. The items in -the zone are entries, that specify what to act on (the trigger) and what to -do (the action). The trigger to act on is recorded in the name, the action -to do is recorded as the resource record. The names all end in the zone -name, so you could type the trigger names without a trailing dot in the -zonefile. +The RPZ zone is a regular DNS zone formatted with a SOA start record as usual. +The items in the zone are entries, that specify what to act on (the trigger) +and what to do (the action). +The trigger to act on is recorded in the name, the action to do is recorded as +the resource record. +The names all end in the zone name, so you could type the trigger names without +a trailing dot in the zonefile. .P An example RPZ record, that answers example.com with NXDOMAIN .nf @@ -2941,7 +2970,7 @@ externally blocked. Default is no. If enabled the zone is authoritatively answered for and queries for the RPZ zone information are answered to downstream clients. This is useful for monitoring scripts, that can then access the SOA information to check if -the rpz information is up to date. Default is no. +the RPZ information is up to date. Default is no. .TP .B tags: \fI Limit the policies from this RPZ clause to clients with a matching tag. Tags diff --git a/usr.sbin/unbound/dynlibmod/dynlibmod.c b/usr.sbin/unbound/dynlibmod/dynlibmod.c index 1e040a30e..c94115492 100644 --- a/usr.sbin/unbound/dynlibmod/dynlibmod.c +++ b/usr.sbin/unbound/dynlibmod/dynlibmod.c @@ -297,8 +297,8 @@ inplace_cb_delete_wrapped(struct module_env* env, enum inplace_cb_list_type type */ static struct module_func_block dynlibmod_block = { "dynlib", - &dynlibmod_init, &dynlibmod_deinit, &dynlibmod_operate, &dynlibmod_inform_super, - &dynlibmod_clear, &dynlibmod_get_mem + NULL, NULL, &dynlibmod_init, &dynlibmod_deinit, &dynlibmod_operate, + &dynlibmod_inform_super, &dynlibmod_clear, &dynlibmod_get_mem }; struct module_func_block* dynlibmod_get_funcblock(void) diff --git a/usr.sbin/unbound/edns-subnet/subnetmod.c b/usr.sbin/unbound/edns-subnet/subnetmod.c index cdd0bde4f..17301d6e6 100644 --- a/usr.sbin/unbound/edns-subnet/subnetmod.c +++ b/usr.sbin/unbound/edns-subnet/subnetmod.c @@ -995,7 +995,8 @@ subnetmod_get_mem(struct module_env *env, int id) * The module function block */ static struct module_func_block subnetmod_block = { - "subnetcache", &subnetmod_init, &subnetmod_deinit, &subnetmod_operate, + "subnetcache", + NULL, NULL, &subnetmod_init, &subnetmod_deinit, &subnetmod_operate, &subnetmod_inform_super, &subnetmod_clear, &subnetmod_get_mem }; diff --git a/usr.sbin/unbound/ipsecmod/ipsecmod.c b/usr.sbin/unbound/ipsecmod/ipsecmod.c index 802e86bd5..bfea77350 100644 --- a/usr.sbin/unbound/ipsecmod/ipsecmod.c +++ b/usr.sbin/unbound/ipsecmod/ipsecmod.c @@ -615,7 +615,7 @@ ipsecmod_get_mem(struct module_env* env, int id) */ static struct module_func_block ipsecmod_block = { "ipsecmod", - &ipsecmod_init, &ipsecmod_deinit, &ipsecmod_operate, + NULL, NULL, &ipsecmod_init, &ipsecmod_deinit, &ipsecmod_operate, &ipsecmod_inform_super, &ipsecmod_clear, &ipsecmod_get_mem }; diff --git a/usr.sbin/unbound/ipset/ipset.c b/usr.sbin/unbound/ipset/ipset.c index b372503c8..714daf249 100644 --- a/usr.sbin/unbound/ipset/ipset.c +++ b/usr.sbin/unbound/ipset/ipset.c @@ -17,9 +17,19 @@ #include "sldns/wire2str.h" #include "sldns/parseutil.h" +#ifdef HAVE_NET_PFVAR_H +#include +#include +#include +#include +#include +typedef intptr_t filter_dev; +#else #include #include #include +typedef struct mnl_socket * filter_dev; +#endif #define BUFF_LEN 256 @@ -41,24 +51,95 @@ static int error_response(struct module_qstate* qstate, int id, int rcode) { return 0; } -static struct mnl_socket * open_mnl_socket() { - struct mnl_socket *mnl; +#ifdef HAVE_NET_PFVAR_H +static void * open_filter() { + filter_dev dev; - mnl = mnl_socket_open(NETLINK_NETFILTER); - if (!mnl) { + dev = open("/dev/pf", O_RDWR); + if (dev == -1) { + log_err("open(\"/dev/pf\") failed: %s", strerror(errno)); + return NULL; + } + else + return (void *)dev; +} +#else +static void * open_filter() { + filter_dev dev; + + dev = mnl_socket_open(NETLINK_NETFILTER); + if (!dev) { log_err("ipset: could not open netfilter."); return NULL; } - if (mnl_socket_bind(mnl, 0, MNL_SOCKET_AUTOPID) < 0) { - mnl_socket_close(mnl); + if (mnl_socket_bind(dev, 0, MNL_SOCKET_AUTOPID) < 0) { + mnl_socket_close(dev); log_err("ipset: could not bind netfilter."); return NULL; } - return mnl; + return (void *)dev; } +#endif -static int add_to_ipset(struct mnl_socket *mnl, const char *setname, const void *ipaddr, int af) { +#ifdef HAVE_NET_PFVAR_H +static int add_to_ipset(filter_dev dev, const char *setname, const void *ipaddr, int af) { + struct pfioc_table io; + struct pfr_addr addr; + const char *p; + int i; + + bzero(&io, sizeof(io)); + bzero(&addr, sizeof(addr)); + + p = strrchr(setname, '/'); + if (p) { + i = p - setname; + if (i >= PATH_MAX) { + errno = ENAMETOOLONG; + return -1; + } + memcpy(io.pfrio_table.pfrt_anchor, setname, i); + if (i < PATH_MAX) + io.pfrio_table.pfrt_anchor[i] = '\0'; + p++; + } + else + p = setname; + + if (strlen(p) >= PF_TABLE_NAME_SIZE) { + errno = ENAMETOOLONG; + return -1; + } + strlcpy(io.pfrio_table.pfrt_name, p, PF_TABLE_NAME_SIZE); + + io.pfrio_buffer = &addr; + io.pfrio_size = 1; + io.pfrio_esize = sizeof(addr); + + switch (af) { + case AF_INET: + addr.pfra_ip4addr = *(struct in_addr *)ipaddr; + addr.pfra_net = 32; + break; + case AF_INET6: + addr.pfra_ip6addr = *(struct in6_addr *)ipaddr; + addr.pfra_net = 128; + break; + default: + errno = EAFNOSUPPORT; + return -1; +} + addr.pfra_af = af; + + if (ioctl(dev, DIOCRADDADDRS, &io) == -1) { + log_err("ioctl failed: %s", strerror(errno)); + return -1; + } + return 0; +} +#else +static int add_to_ipset(filter_dev dev, const char *setname, const void *ipaddr, int af) { struct nlmsghdr *nlh; struct nfgenmsg *nfg; struct nlattr *nested[2]; @@ -91,14 +172,15 @@ static int add_to_ipset(struct mnl_socket *mnl, const char *setname, const void mnl_attr_nest_end(nlh, nested[1]); mnl_attr_nest_end(nlh, nested[0]); - if (mnl_socket_sendto(mnl, nlh, nlh->nlmsg_len) < 0) { + if (mnl_socket_sendto(dev, nlh, nlh->nlmsg_len) < 0) { return -1; } return 0; } +#endif static void -ipset_add_rrset_data(struct ipset_env *ie, struct mnl_socket *mnl, +ipset_add_rrset_data(struct ipset_env *ie, struct packed_rrset_data *d, const char* setname, int af, const char* dname) { @@ -123,12 +205,16 @@ ipset_add_rrset_data(struct ipset_env *ie, struct mnl_socket *mnl, snprintf(ip, sizeof(ip), "(inet_ntop_error)"); verbose(VERB_QUERY, "ipset: add %s to %s for %s", ip, setname, dname); } - ret = add_to_ipset(mnl, setname, rr_data + 2, af); + ret = add_to_ipset((filter_dev)ie->dev, setname, rr_data + 2, af); if (ret < 0) { log_err("ipset: could not add %s into %s", dname, setname); - mnl_socket_close(mnl); - ie->mnl = NULL; +#if HAVE_NET_PFVAR_H + /* don't close as we might not be able to open again due to dropped privs */ +#else + mnl_socket_close((filter_dev)ie->dev); + ie->dev = NULL; +#endif break; } } @@ -137,8 +223,8 @@ ipset_add_rrset_data(struct ipset_env *ie, struct mnl_socket *mnl, static int ipset_check_zones_for_rrset(struct module_env *env, struct ipset_env *ie, - struct mnl_socket *mnl, struct ub_packed_rrset_key *rrset, - const char *qname, const int qlen, const char *setname, int af) + struct ub_packed_rrset_key *rrset, const char *qname, int qlen, + const char *setname, int af) { static char dname[BUFF_LEN]; const char *ds, *qs; @@ -152,11 +238,20 @@ ipset_check_zones_for_rrset(struct module_env *env, struct ipset_env *ie, log_err("bad domain name"); return -1; } + if (dname[dlen - 1] == '.') { + dlen--; + } + if (qname[qlen - 1] == '.') { + qlen--; + } for (p = env->cfg->local_zones_ipset; p; p = p->next) { ds = NULL; qs = NULL; plen = strlen(p->str); + if (p->str[plen - 1] == '.') { + plen--; + } if (dlen == plen || (dlen > plen && dname[dlen - plen - 1] == '.' )) { ds = dname + (dlen - plen); @@ -167,8 +262,7 @@ ipset_check_zones_for_rrset(struct module_env *env, struct ipset_env *ie, if ((ds && strncasecmp(p->str, ds, plen) == 0) || (qs && strncasecmp(p->str, qs, plen) == 0)) { d = (struct packed_rrset_data*)rrset->entry.data; - ipset_add_rrset_data(ie, mnl, d, setname, - af, dname); + ipset_add_rrset_data(ie, d, setname, af, dname); break; } } @@ -178,7 +272,6 @@ ipset_check_zones_for_rrset(struct module_env *env, struct ipset_env *ie, static int ipset_update(struct module_env *env, struct dns_msg *return_msg, struct query_info qinfo, struct ipset_env *ie) { - struct mnl_socket *mnl; size_t i; const char *setname; struct ub_packed_rrset_key *rrset; @@ -186,15 +279,17 @@ static int ipset_update(struct module_env *env, struct dns_msg *return_msg, static char qname[BUFF_LEN]; int qlen; - mnl = (struct mnl_socket *)ie->mnl; - if (!mnl) { +#ifdef HAVE_NET_PFVAR_H +#else + if (!ie->dev) { /* retry to create mnl socket */ - mnl = open_mnl_socket(); - if (!mnl) { + ie->dev = open_filter(); + if (!ie->dev) { + log_warn("ipset open_filter failed"); return -1; } - ie->mnl = mnl; } +#endif qlen = sldns_wire2str_dname_buf(qinfo.qname, qinfo.qname_len, qname, BUFF_LEN); @@ -217,8 +312,8 @@ static int ipset_update(struct module_env *env, struct dns_msg *return_msg, } if (setname) { - if(ipset_check_zones_for_rrset(env, ie, mnl, rrset, - qname, qlen, setname, af) == -1) + if(ipset_check_zones_for_rrset(env, ie, rrset, qname, + qlen, setname, af) == -1) return -1; } } @@ -226,7 +321,7 @@ static int ipset_update(struct module_env *env, struct dns_msg *return_msg, return 0; } -int ipset_init(struct module_env* env, int id) { +int ipset_startup(struct module_env* env, int id) { struct ipset_env *ipset_env; ipset_env = (struct ipset_env *)calloc(1, sizeof(struct ipset_env)); @@ -237,7 +332,43 @@ int ipset_init(struct module_env* env, int id) { env->modinfo[id] = (void *)ipset_env; - ipset_env->mnl = NULL; +#ifdef HAVE_NET_PFVAR_H + ipset_env->dev = open_filter(); + if (!ipset_env->dev) { + log_err("ipset open_filter failed"); + return 0; + } +#else + ipset_env->dev = NULL; +#endif + return 1; +} + +void ipset_destartup(struct module_env* env, int id) { + filter_dev dev; + struct ipset_env *ipset_env; + + if (!env || !env->modinfo[id]) { + return; + } + ipset_env = (struct ipset_env *)env->modinfo[id]; + + dev = (filter_dev)ipset_env->dev; + if (dev) { +#if HAVE_NET_PFVAR_H + close(dev); +#else + mnl_socket_close(dev); +#endif + ipset_env->dev = NULL; + } + + free(ipset_env); + env->modinfo[id] = NULL; +} + +int ipset_init(struct module_env* env, int id) { + struct ipset_env *ipset_env = env->modinfo[id]; ipset_env->name_v4 = env->cfg->ipset_name_v4; ipset_env->name_v6 = env->cfg->ipset_name_v6; @@ -253,24 +384,8 @@ int ipset_init(struct module_env* env, int id) { return 1; } -void ipset_deinit(struct module_env *env, int id) { - struct mnl_socket *mnl; - struct ipset_env *ipset_env; - - if (!env || !env->modinfo[id]) { - return; - } - - ipset_env = (struct ipset_env *)env->modinfo[id]; - - mnl = (struct mnl_socket *)ipset_env->mnl; - if (mnl) { - mnl_socket_close(mnl); - ipset_env->mnl = NULL; - } - - free(ipset_env); - env->modinfo[id] = NULL; +void ipset_deinit(struct module_env *ATTR_UNUSED(env), int ATTR_UNUSED(id)) { + /* nothing */ } static int ipset_new(struct module_qstate* qstate, int id) { @@ -376,8 +491,8 @@ size_t ipset_get_mem(struct module_env *env, int id) { */ static struct module_func_block ipset_block = { "ipset", - &ipset_init, &ipset_deinit, &ipset_operate, - &ipset_inform_super, &ipset_clear, &ipset_get_mem + &ipset_startup, &ipset_destartup, &ipset_init, &ipset_deinit, + &ipset_operate, &ipset_inform_super, &ipset_clear, &ipset_get_mem }; struct module_func_block * ipset_get_funcblock(void) { diff --git a/usr.sbin/unbound/ipset/ipset.h b/usr.sbin/unbound/ipset/ipset.h index f60a8be8c..195c7db93 100644 --- a/usr.sbin/unbound/ipset/ipset.h +++ b/usr.sbin/unbound/ipset/ipset.h @@ -37,7 +37,7 @@ extern "C" { #endif struct ipset_env { - void* mnl; + void* dev; int v4_enabled; int v6_enabled; @@ -50,6 +50,10 @@ struct ipset_qstate { int dummy; }; +/** Startup the ipset module */ +int ipset_startup(struct module_env* env, int id); +/** Destartup the ipset module */ +void ipset_destartup(struct module_env* env, int id); /** Init the ipset module */ int ipset_init(struct module_env* env, int id); /** Deinit the ipset module */ diff --git a/usr.sbin/unbound/iterator/iter_scrub.c b/usr.sbin/unbound/iterator/iter_scrub.c index 04c62df31..754117861 100644 --- a/usr.sbin/unbound/iterator/iter_scrub.c +++ b/usr.sbin/unbound/iterator/iter_scrub.c @@ -367,6 +367,47 @@ type_allowed_in_additional_section(uint16_t tp) return 0; } +/** Shorten RRset */ +static void +shorten_rrset(sldns_buffer* pkt, struct rrset_parse* rrset, int count) +{ + /* The too large NS RRset is shortened. This is so that too large + * content does not overwhelm the cache. It may make the rrset + * bogus if it was signed, and then the domain is not resolved any + * more, that is okay, the NS RRset was too large. During a referral + * it can be shortened and then the first part of the list could + * be used to resolve. The scrub continues to disallow glue for the + * removed nameserver RRs and removes that too. Because the glue + * is not marked as okay, since the RRs have been removed here. */ + int i; + struct rr_parse* rr = rrset->rr_first, *prev = NULL; + if(!rr) + return; + for(i=0; inext; + if(!rr) + return; /* The RRset is already short. */ + } + if(verbosity >= VERB_QUERY + && rrset->dname_len <= LDNS_MAX_DOMAINLEN) { + uint8_t buf[LDNS_MAX_DOMAINLEN+1]; + dname_pkt_copy(pkt, buf, rrset->dname); + log_nametypeclass(VERB_QUERY, "normalize: shorten RRset:", buf, + rrset->type, ntohs(rrset->rrset_class)); + } + /* remove further rrs */ + rrset->rr_last = prev; + rrset->rr_count = count; + while(rr) { + rrset->size -= rr->size; + rr = rr->next; + } + if(rrset->rr_last) + rrset->rr_last->next = NULL; + else rrset->rr_first = NULL; +} + /** * This routine normalizes a response. This includes removing "irrelevant" * records from the answer and additional sections and (re)synthesizing @@ -387,6 +428,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, uint8_t* sname = qinfo->qname; size_t snamelen = qinfo->qname_len; struct rrset_parse* rrset, *prev, *nsset=NULL; + int cname_length = 0; /* number of CNAMEs, or DNAMEs */ if(FLAGS_GET_RCODE(msg->flags) != LDNS_RCODE_NOERROR && FLAGS_GET_RCODE(msg->flags) != LDNS_RCODE_NXDOMAIN) @@ -401,6 +443,16 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, prev = NULL; rrset = msg->rrset_first; while(rrset && rrset->section == LDNS_SECTION_ANSWER) { + if(cname_length > 11 /* env->cfg.iter_scrub_cname */) { + /* Too many CNAMEs, or DNAMEs, from the authority + * server, scrub down the length to something + * shorter. This deletes everything after the limit + * is reached. The iterator is going to look up + * the content one by one anyway. */ + remove_rrset("normalize: removing because too many cnames:", + pkt, msg, prev, &rrset); + continue; + } if(rrset->type == LDNS_RR_TYPE_DNAME && pkt_strict_sub(pkt, sname, rrset->dname)) { /* check if next rrset is correct CNAME. else, @@ -420,6 +472,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, "too long"); return 0; } + cname_length++; if(nx && nx->type == LDNS_RR_TYPE_CNAME && dname_pkt_compare(pkt, sname, nx->dname) == 0) { /* check next cname */ @@ -460,6 +513,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, if(rrset->type == LDNS_RR_TYPE_CNAME) { struct rrset_parse* nx = rrset->rrset_all_next; uint8_t* oldsname = sname; + cname_length++; /* see if the next one is a DNAME, if so, swap them */ if(nx && nx->section == LDNS_SECTION_ANSWER && nx->type == LDNS_RR_TYPE_DNAME && @@ -507,6 +561,10 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, LDNS_SECTION_ANSWER && dname_pkt_compare(pkt, oldsname, rrset->dname) == 0) { + if(rrset->type == LDNS_RR_TYPE_NS && + rrset->rr_count > 20 /* env->cfg->iter_scrub_ns */) { + shorten_rrset(pkt, rrset, 20 /* env->cfg->iter_scrub_ns */); + } prev = rrset; rrset = rrset->rrset_all_next; } @@ -522,6 +580,11 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, continue; } + if(rrset->type == LDNS_RR_TYPE_NS && + rrset->rr_count > 20 /* env->cfg->iter_scrub_ns */) { + shorten_rrset(pkt, rrset, 20 /* env->cfg->iter_scrub_ns */); + } + /* Mark the additional names from relevant rrset as OK. */ /* only for RRsets that match the query name, other ones * will be removed by sanitize, so no additional for them */ @@ -578,6 +641,25 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, "RRset:", pkt, msg, prev, &rrset); continue; } + if(rrset->rr_count > 20 /* env->cfg->iter_scrub_ns */) { + /* If this is not a referral, and the NS RRset + * is signed, then remove it entirely, so + * that when it becomes bogus it does not + * make the message that is otherwise fine + * into a bogus message. */ + if(!(msg->an_rrsets == 0 && + FLAGS_GET_RCODE(msg->flags) == + LDNS_RCODE_NOERROR && + !soa_in_auth(msg) && + !(msg->flags & BIT_AA)) && + rrset->rrsig_count != 0) { + remove_rrset("normalize: removing too large NS " + "RRset:", pkt, msg, prev, &rrset); + continue; + } else { + shorten_rrset(pkt, rrset, 20 /* env->cfg->iter_scrub_ns */); + } + } } /* if this is type DS and we query for type DS we just got * a referral answer for our type DS query, fix packet */ diff --git a/usr.sbin/unbound/iterator/iter_utils.c b/usr.sbin/unbound/iterator/iter_utils.c index f291178d2..1b4f5f6eb 100644 --- a/usr.sbin/unbound/iterator/iter_utils.c +++ b/usr.sbin/unbound/iterator/iter_utils.c @@ -279,9 +279,10 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env, name, namelen, qtype, &lame, &dnsseclame, &reclame, &rtt, now)) { log_addr(VERB_ALGO, "servselect", &a->addr, a->addrlen); - verbose(VERB_ALGO, " rtt=%d%s%s%s%s", rtt, + verbose(VERB_ALGO, " rtt=%d%s%s%s%s%s", rtt, lame?" LAME":"", dnsseclame?" DNSSEC_LAME":"", + a->dnsseclame?" ADDR_DNSSEC_LAME":"", reclame?" REC_LAME":"", a->lame?" ADDR_LAME":""); if(lame) diff --git a/usr.sbin/unbound/iterator/iterator.c b/usr.sbin/unbound/iterator/iterator.c index 2ecdd1495..9f39df029 100644 --- a/usr.sbin/unbound/iterator/iterator.c +++ b/usr.sbin/unbound/iterator/iterator.c @@ -760,6 +760,14 @@ target_count_increase_nx(struct iter_qstate* iq, int num) iq->target_count[TARGET_COUNT_NX] += num; } +static void +target_count_increase_global_quota(struct iter_qstate* iq, int num) +{ + target_count_create(iq); + if(iq->target_count) + iq->target_count[TARGET_COUNT_GLOBAL_QUOTA] += num; +} + /** * Generate a subrequest. * Generate a local request event. Local events are tied to this module, and @@ -1378,7 +1386,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, "restarts (eg. indirections)"); if(iq->qchase.qname) errinf_dname(qstate, "stop at", iq->qchase.qname); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } /* We enforce a maximum recursion/dependency depth -- in general, @@ -1560,6 +1568,11 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, errinf(qstate, "malloc failure for forward zone"); return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } + if(!cache_fill_missing(qstate->env, iq->qchase.qclass, + qstate->region, iq->dp)) { + errinf(qstate, "malloc failure, copy extra info into delegation point"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } if((qstate->query_flags&BIT_RD)==0) { /* If the server accepts RD=0 queries and forwards * with RD=1, then if the server is listed as an NS @@ -1654,7 +1667,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, if(!iq->dp) { log_err("internal error: no hints dp"); errinf(qstate, "no hints for this class"); - return error_response(qstate, id, + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } iq->dp = delegpt_copy(iq->dp, qstate->region); @@ -1974,7 +1987,8 @@ generate_target_query(struct module_qstate* qstate, struct iter_qstate* iq, * if it is negative, there is no maximum number of targets. * @param num: returns the number of queries generated and processed, * which may be zero if there were no missing targets. - * @return false on error. + * @return 0 on success, nonzero on error. 1 means temporary failure and + * 2 means the failure can be cached. */ static int query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, @@ -1997,13 +2011,13 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, else toget = maxtargets; if(toget == 0) { *num = 0; - return 1; + return 0; } /* now that we are sure that a target query is going to be made, * check the limits. */ if(iq->depth == ie->max_dependency_depth) - return 0; + return 1; if(iq->depth > 0 && iq->target_count && iq->target_count[TARGET_COUNT_QUERIES] > MAX_TARGET_COUNT) { char s[LDNS_MAX_DOMAINLEN+1]; @@ -2011,7 +2025,7 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, verbose(VERB_QUERY, "request %s has exceeded the maximum " "number of glue fetches %d", s, iq->target_count[TARGET_COUNT_QUERIES]); - return 0; + return 2; } if(iq->dp_target_count > MAX_DP_TARGET_COUNT) { char s[LDNS_MAX_DOMAINLEN+1]; @@ -2019,7 +2033,7 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, verbose(VERB_QUERY, "request %s has exceeded the maximum " "number of glue fetches %d to a single delegation point", s, iq->dp_target_count); - return 0; + return 2; } /* select 'toget' items from the total of 'missing' items */ @@ -2048,7 +2062,7 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, *num = query_count; if(query_count > 0) qstate->ext_state[id] = module_wait_subquery; - return 0; + return 1; } query_count++; /* If the mesh query list is full, exit the loop here. @@ -2057,9 +2071,17 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, * increase, because the spawned state uses cpu and a * socket while this state waits for that spawned * state. Next time we can look up further targets */ - if(mesh_jostle_exceeded(qstate->env->mesh)) + if(mesh_jostle_exceeded(qstate->env->mesh)) { + /* If no ip4 query is possible, that makes + * this ns resolved. */ + if(!((ie->supports_ipv4 || ie->use_nat64) && + ((ns->lame && !ns->done_pside4) || + (!ns->lame && !ns->got4)))) { + ns->resolved = 1; + } break; } + } /* Send the A request. */ if((ie->supports_ipv4 || ie->use_nat64) && ((ns->lame && !ns->done_pside4) || @@ -2070,13 +2092,18 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, *num = query_count; if(query_count > 0) qstate->ext_state[id] = module_wait_subquery; - return 0; + return 1; } query_count++; /* If the mesh query list is full, exit the loop. */ - if(mesh_jostle_exceeded(qstate->env->mesh)) + if(mesh_jostle_exceeded(qstate->env->mesh)) { + /* With the ip6 query already checked for, + * this makes the ns resolved. It is no longer + * a missing target. */ + ns->resolved = 1; break; } + } /* mark this target as in progress. */ ns->resolved = 1; @@ -2089,7 +2116,7 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, if(query_count > 0) qstate->ext_state[id] = module_wait_subquery; - return 1; + return 0; } /** @@ -2180,12 +2207,14 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, } /* query for an extra name added by the parent-NS record */ if(delegpt_count_missing_targets(iq->dp, NULL) > 0) { - int qs = 0; + int qs = 0, ret; verbose(VERB_ALGO, "try parent-side target name"); - if(!query_for_targets(qstate, iq, ie, id, 1, &qs)) { + if((ret=query_for_targets(qstate, iq, ie, id, 1, &qs))!=0) { errinf(qstate, "could not fetch nameserver"); errinf_dname(qstate, "at zone", iq->dp->name); + if(ret == 1) return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } iq->num_target_queries += qs; target_count_increase(iq, qs); @@ -2414,13 +2443,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, verbose(VERB_QUERY, "request has exceeded the maximum " "number of referrrals with %d", iq->referral_count); errinf(qstate, "exceeded the maximum of referrals"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } if(iq->sent_count > ie->max_sent_count) { verbose(VERB_QUERY, "request has exceeded the maximum " "number of sends with %d", iq->sent_count); errinf(qstate, "exceeded the maximum number of sends"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } /* Check if we reached MAX_TARGET_NX limit without a fallback activation. */ @@ -2450,7 +2479,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, "already present for the delegation point, no " "fallback possible"); errinf(qstate, "exceeded the maximum nameserver nxdomains"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } verbose(VERB_ALGO, "initiating parent-side fallback for " "nxdomain nameserver lookups"); @@ -2493,7 +2522,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, "lookups (%d) with %d", MAX_TARGET_NX_FALLBACK, iq->target_count[TARGET_COUNT_NX]); errinf(qstate, "exceeded the maximum nameserver nxdomains"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } if(!iq->dp->has_parent_side_NS) { @@ -2707,7 +2736,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, verbose(VERB_ALGO, "auth zone lookup failed, no fallback," " servfail"); errinf(qstate, "auth zone lookup failed, fallback is off"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } if(iq->dp->auth_dp) { /* we wanted to fallback, but had no delegpt, only the @@ -2736,11 +2765,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, /* if in 0x20 fallback get as many targets as possible */ if(iq->caps_fallback) { - int extra = 0; + int extra = 0, ret; size_t naddr, nres, navail; - if(!query_for_targets(qstate, iq, ie, id, -1, &extra)) { + if((ret=query_for_targets(qstate, iq, ie, id, -1, &extra))!=0) { errinf(qstate, "could not fetch nameservers for 0x20 fallback"); + if(ret == 1) return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } iq->num_target_queries += extra; target_count_increase(iq, extra); @@ -2883,15 +2914,18 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, * to distinguish between generating (a) new target * query, or failing. */ if(delegpt_count_missing_targets(iq->dp, NULL) > 0) { - int qs = 0; + int qs = 0, ret; verbose(VERB_ALGO, "querying for next " "missing target"); - if(!query_for_targets(qstate, iq, ie, id, - 1, &qs)) { + if((ret=query_for_targets(qstate, iq, ie, id, + 1, &qs))!=0) { errinf(qstate, "could not fetch nameserver"); errinf_dname(qstate, "at zone", iq->dp->name); + if(ret == 1) return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, + LDNS_RCODE_SERVFAIL); } if(qs == 0 && delegpt_count_missing_targets(iq->dp, NULL) == 0){ @@ -2902,6 +2936,17 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, * so this is not a loop. */ return 1; } + if(qs == 0) { + /* There should be targets now, and + * if there are not, it should not + * wait for no targets. Stop it from + * waiting forever, or looping to + * here, as a safeguard. */ + errinf(qstate, "could not generate nameserver lookups"); + errinf_dname(qstate, "at zone", iq->dp->name); + return error_response(qstate, id, + LDNS_RCODE_SERVFAIL); + } iq->num_target_queries += qs; target_count_increase(iq, qs); } @@ -2976,6 +3021,17 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, } } + target_count_increase_global_quota(iq, 1); + if(iq->target_count && iq->target_count[TARGET_COUNT_GLOBAL_QUOTA] + > MAX_GLOBAL_QUOTA) { + char s[LDNS_MAX_DOMAINLEN+1]; + dname_str(qstate->qinfo.qname, s); + verbose(VERB_QUERY, "request %s has exceeded the maximum " + "global quota on number of upstream queries %d", s, + iq->target_count[TARGET_COUNT_GLOBAL_QUOTA]); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); + } + /* Do not check ratelimit for forwarding queries or if we already got a * pass. */ sq_check_ratelimit = (!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok); @@ -3025,7 +3081,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, qstate->was_ratelimited = 1; errinf_dname(qstate, "exceeded ratelimit for zone", iq->dp->name); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } log_addr(VERB_QUERY, "error sending query to auth server", &real_addr, real_addrlen); @@ -3247,7 +3303,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, iter_scrub_nxdomain(iq->response); return final_state(iq); } - return error_response(qstate, id, + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } /* Best effort qname-minimisation. @@ -3582,7 +3638,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, " fallback possible, servfail"); errinf_dname(qstate, "response is bad, no fallback, " "for auth zone", iq->dp->name); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } verbose(VERB_ALGO, "auth zone response was bad, " "fallback enabled"); @@ -3990,7 +4046,7 @@ processCollectClass(struct module_qstate* qstate, int id) if(iq->num_current_queries == 0) { verbose(VERB_ALGO, "No root hints or fwds, giving up " "on qclass ANY"); - return error_response(qstate, id, LDNS_RCODE_REFUSED); + return error_response_cache(qstate, id, LDNS_RCODE_REFUSED); } /* return false, wait for queries to return */ } @@ -4357,7 +4413,7 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, "getting different replies, failed"); outbound_list_remove(&iq->outlist, outbound); errinf(qstate, "0x20 failed, then got different replies in fallback"); - (void)error_response(qstate, id, + (void)error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); return; } @@ -4457,8 +4513,8 @@ iter_get_mem(struct module_env* env, int id) */ static struct module_func_block iter_block = { "iterator", - &iter_init, &iter_deinit, &iter_operate, &iter_inform_super, - &iter_clear, &iter_get_mem + NULL, NULL, &iter_init, &iter_deinit, &iter_operate, + &iter_inform_super, &iter_clear, &iter_get_mem }; struct module_func_block* diff --git a/usr.sbin/unbound/iterator/iterator.h b/usr.sbin/unbound/iterator/iterator.h index c81eb9435..9843a234e 100644 --- a/usr.sbin/unbound/iterator/iterator.h +++ b/usr.sbin/unbound/iterator/iterator.h @@ -55,6 +55,9 @@ struct rbtree_type; /** max number of targets spawned for a query and its subqueries */ #define MAX_TARGET_COUNT 64 +/** max number of upstream queries for a query and its subqueries, it is + * never reset. */ +#define MAX_GLOBAL_QUOTA 128 /** max number of target lookups per qstate, per delegation point */ #define MAX_DP_TARGET_COUNT 16 /** max number of nxdomains allowed for target lookups for a query and @@ -248,6 +251,9 @@ enum target_count_variables { TARGET_COUNT_QUERIES, /** Number of nxdomain responses encountered. */ TARGET_COUNT_NX, + /** Global quota on number of queries to upstream servers per + * client request, that is never reset. */ + TARGET_COUNT_GLOBAL_QUOTA, /** This should stay last here, it is used for the allocation */ TARGET_COUNT_MAX, diff --git a/usr.sbin/unbound/libunbound/context.c b/usr.sbin/unbound/libunbound/context.c index 179695dd8..c1ccdd720 100644 --- a/usr.sbin/unbound/libunbound/context.c +++ b/usr.sbin/unbound/libunbound/context.c @@ -75,7 +75,9 @@ context_finalize(struct ub_ctx* ctx) ctx->pipe_pid = getpid(); cfg_apply_local_port_policy(cfg, 65536); config_apply(cfg); - if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env)) + if(!modstack_call_startup(&ctx->mods, cfg->module_conf, ctx->env)) + return UB_INITFAIL; + if(!modstack_call_init(&ctx->mods, cfg->module_conf, ctx->env)) return UB_INITFAIL; listen_setup_locks(); log_edns_known_options(VERB_ALGO, ctx->env); diff --git a/usr.sbin/unbound/libunbound/libunbound.c b/usr.sbin/unbound/libunbound/libunbound.c index 1f0e1b131..3e273140c 100644 --- a/usr.sbin/unbound/libunbound/libunbound.c +++ b/usr.sbin/unbound/libunbound/libunbound.c @@ -188,7 +188,9 @@ ub_ctx_create(void) int e = errno; ub_randfree(ctx->seed_rnd); config_delete(ctx->env->cfg); - modstack_desetup(&ctx->mods, ctx->env); + modstack_call_deinit(&ctx->mods, ctx->env); + modstack_call_destartup(&ctx->mods, ctx->env); + modstack_free(&ctx->mods); listen_desetup_locks(); edns_known_options_delete(ctx->env); edns_strings_delete(ctx->env->edns_strings); @@ -202,7 +204,9 @@ ub_ctx_create(void) tube_delete(ctx->qq_pipe); ub_randfree(ctx->seed_rnd); config_delete(ctx->env->cfg); - modstack_desetup(&ctx->mods, ctx->env); + modstack_call_deinit(&ctx->mods, ctx->env); + modstack_call_destartup(&ctx->mods, ctx->env); + modstack_free(&ctx->mods); listen_desetup_locks(); edns_known_options_delete(ctx->env); edns_strings_delete(ctx->env->edns_strings); @@ -360,7 +364,9 @@ ub_ctx_delete(struct ub_ctx* ctx) } libworker_delete_event(ctx->event_worker); - modstack_desetup(&ctx->mods, ctx->env); + modstack_call_deinit(&ctx->mods, ctx->env); + modstack_call_destartup(&ctx->mods, ctx->env); + modstack_free(&ctx->mods); a = ctx->alloc_list; while(a) { na = a->super; @@ -981,7 +987,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) if(!addr) { /* disable fwd mode - the root stub should be first. */ if(ctx->env->cfg->forwards && - strcmp(ctx->env->cfg->forwards->name, ".") == 0) { + (ctx->env->cfg->forwards->name && + strcmp(ctx->env->cfg->forwards->name, ".") == 0)) { s = ctx->env->cfg->forwards; ctx->env->cfg->forwards = s->next; s->next = NULL; @@ -1001,7 +1008,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) /* it parses, add root stub in front of list */ lock_basic_lock(&ctx->cfglock); if(!ctx->env->cfg->forwards || - strcmp(ctx->env->cfg->forwards->name, ".") != 0) { + (ctx->env->cfg->forwards->name && + strcmp(ctx->env->cfg->forwards->name, ".") != 0)) { s = calloc(1, sizeof(*s)); if(!s) { lock_basic_unlock(&ctx->cfglock); @@ -1019,6 +1027,7 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) ctx->env->cfg->forwards = s; } else { log_assert(ctx->env->cfg->forwards); + log_assert(ctx->env->cfg->forwards->name); s = ctx->env->cfg->forwards; } dupl = strdup(addr); diff --git a/usr.sbin/unbound/libunbound/libworker.c b/usr.sbin/unbound/libunbound/libworker.c index d13387dc1..a8e4755af 100644 --- a/usr.sbin/unbound/libunbound/libworker.c +++ b/usr.sbin/unbound/libunbound/libworker.c @@ -292,6 +292,7 @@ libworker_do_cmd(struct libworker* w, uint8_t* msg, uint32_t len) log_err("unknown command for bg worker %d", (int)context_serial_getcmd(msg, len)); /* and fall through to quit */ + ATTR_FALLTHROUGH /* fallthrough */ case UB_LIBCMD_QUIT: free(msg); diff --git a/usr.sbin/unbound/respip/respip.c b/usr.sbin/unbound/respip/respip.c index 2613e80bf..2e67016e1 100644 --- a/usr.sbin/unbound/respip/respip.c +++ b/usr.sbin/unbound/respip/respip.c @@ -1259,8 +1259,8 @@ respip_get_mem(struct module_env* env, int id) */ static struct module_func_block respip_block = { "respip", - &respip_init, &respip_deinit, &respip_operate, &respip_inform_super, - &respip_clear, &respip_get_mem + NULL, NULL, &respip_init, &respip_deinit, &respip_operate, + &respip_inform_super, &respip_clear, &respip_get_mem }; struct module_func_block* diff --git a/usr.sbin/unbound/services/authzone.c b/usr.sbin/unbound/services/authzone.c index 084f8ca1c..efa63b203 100644 --- a/usr.sbin/unbound/services/authzone.c +++ b/usr.sbin/unbound/services/authzone.c @@ -7778,7 +7778,8 @@ static void auth_zone_log(uint8_t* name, enum verbosity_value level, static int zonemd_dnssec_verify_rrset(struct auth_zone* z, struct module_env* env, struct module_stack* mods, struct ub_packed_rrset_key* dnskey, struct auth_data* node, - struct auth_rrset* rrset, char** why_bogus, uint8_t* sigalg) + struct auth_rrset* rrset, char** why_bogus, uint8_t* sigalg, + char* reasonbuf, size_t reasonlen) { struct ub_packed_rrset_key pk; enum sec_status sec; @@ -7808,7 +7809,7 @@ static int zonemd_dnssec_verify_rrset(struct auth_zone* z, "zonemd: verify %s RRset with DNSKEY", typestr); } sec = dnskeyset_verify_rrset(env, ve, &pk, dnskey, sigalg, why_bogus, NULL, - LDNS_SECTION_ANSWER, NULL, &verified); + LDNS_SECTION_ANSWER, NULL, &verified, reasonbuf, reasonlen); if(sec == sec_status_secure) { return 1; } @@ -7851,7 +7852,8 @@ static int nsec3_of_param_has_type(struct auth_rrset* nsec3, int algo, static int zonemd_check_dnssec_absence(struct auth_zone* z, struct module_env* env, struct module_stack* mods, struct ub_packed_rrset_key* dnskey, struct auth_data* apex, - char** reason, char** why_bogus, uint8_t* sigalg) + char** reason, char** why_bogus, uint8_t* sigalg, char* reasonbuf, + size_t reasonlen) { struct auth_rrset* nsec = NULL; if(!apex) { @@ -7863,7 +7865,7 @@ static int zonemd_check_dnssec_absence(struct auth_zone* z, struct ub_packed_rrset_key pk; /* dnssec verify the NSEC */ if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, - nsec, why_bogus, sigalg)) { + nsec, why_bogus, sigalg, reasonbuf, reasonlen)) { *reason = "DNSSEC verify failed for NSEC RRset"; return 0; } @@ -7906,7 +7908,7 @@ static int zonemd_check_dnssec_absence(struct auth_zone* z, } /* dnssec verify the NSEC3 */ if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, match, - nsec3, why_bogus, sigalg)) { + nsec3, why_bogus, sigalg, reasonbuf, reasonlen)) { *reason = "DNSSEC verify failed for NSEC3 RRset"; return 0; } @@ -7928,7 +7930,7 @@ static int zonemd_check_dnssec_soazonemd(struct auth_zone* z, struct module_env* env, struct module_stack* mods, struct ub_packed_rrset_key* dnskey, struct auth_data* apex, struct auth_rrset* zonemd_rrset, char** reason, char** why_bogus, - uint8_t* sigalg) + uint8_t* sigalg, char* reasonbuf, size_t reasonlen) { struct auth_rrset* soa; if(!apex) { @@ -7941,12 +7943,12 @@ static int zonemd_check_dnssec_soazonemd(struct auth_zone* z, return 0; } if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, soa, - why_bogus, sigalg)) { + why_bogus, sigalg, reasonbuf, reasonlen)) { *reason = "DNSSEC verify failed for SOA RRset"; return 0; } if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, - zonemd_rrset, why_bogus, sigalg)) { + zonemd_rrset, why_bogus, sigalg, reasonbuf, reasonlen)) { *reason = "DNSSEC verify failed for ZONEMD RRset"; return 0; } @@ -8014,6 +8016,7 @@ auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env, struct module_stack* mods, struct ub_packed_rrset_key* dnskey, int is_insecure, char** result, uint8_t* sigalg) { + char reasonbuf[256]; char* reason = NULL, *why_bogus = NULL; struct auth_data* apex = NULL; struct auth_rrset* zonemd_rrset = NULL; @@ -8042,7 +8045,8 @@ auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env, } else if(!zonemd_rrset && dnskey && !is_insecure) { /* fetch, DNSSEC verify, and check NSEC/NSEC3 */ if(!zonemd_check_dnssec_absence(z, env, mods, dnskey, apex, - &reason, &why_bogus, sigalg)) { + &reason, &why_bogus, sigalg, reasonbuf, + sizeof(reasonbuf))) { auth_zone_zonemd_fail(z, env, reason, why_bogus, result); return; } @@ -8050,7 +8054,8 @@ auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env, } else if(zonemd_rrset && dnskey && !is_insecure) { /* check DNSSEC verify of SOA and ZONEMD */ if(!zonemd_check_dnssec_soazonemd(z, env, mods, dnskey, apex, - zonemd_rrset, &reason, &why_bogus, sigalg)) { + zonemd_rrset, &reason, &why_bogus, sigalg, reasonbuf, + sizeof(reasonbuf))) { auth_zone_zonemd_fail(z, env, reason, why_bogus, result); return; } @@ -8107,6 +8112,8 @@ auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env, * @param why_bogus: if the routine fails, returns the failure reason. * @param keystorage: where to store the ub_packed_rrset_key that is created * on success. A pointer to it is returned on success. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return the dnskey RRset, reference to zone data and keystorage, or * NULL on failure. */ @@ -8114,7 +8121,8 @@ static struct ub_packed_rrset_key* zonemd_get_dnskey_from_anchor(struct auth_zone* z, struct module_env* env, struct module_stack* mods, struct trust_anchor* anchor, int* is_insecure, char** why_bogus, - struct ub_packed_rrset_key* keystorage) + struct ub_packed_rrset_key* keystorage, char* reasonbuf, + size_t reasonlen) { struct auth_data* apex; struct auth_rrset* dnskey_rrset; @@ -8150,7 +8158,8 @@ zonemd_get_dnskey_from_anchor(struct auth_zone* z, struct module_env* env, auth_zone_log(z->name, VERB_QUERY, "zonemd: verify DNSKEY RRset with trust anchor"); sec = val_verify_DNSKEY_with_TA(env, ve, keystorage, anchor->ds_rrset, - anchor->dnskey_rrset, NULL, why_bogus, NULL, NULL); + anchor->dnskey_rrset, NULL, why_bogus, NULL, NULL, reasonbuf, + reasonlen); regional_free_all(env->scratch); if(sec == sec_status_secure) { /* success */ @@ -8173,7 +8182,8 @@ static struct ub_packed_rrset_key* auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z, struct module_env* env, struct module_stack* mods, struct ub_packed_rrset_key* ds, int* is_insecure, char** why_bogus, - struct ub_packed_rrset_key* keystorage, uint8_t* sigalg) + struct ub_packed_rrset_key* keystorage, uint8_t* sigalg, + char* reasonbuf, size_t reasonlen) { struct auth_data* apex; struct auth_rrset* dnskey_rrset; @@ -8209,7 +8219,7 @@ auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z, keystorage->rk.rrset_class = htons(z->dclass); auth_zone_log(z->name, VERB_QUERY, "zonemd: verify zone DNSKEY with DS"); sec = val_verify_DNSKEY_with_DS(env, ve, keystorage, ds, sigalg, - why_bogus, NULL, NULL); + why_bogus, NULL, NULL, reasonbuf, reasonlen); regional_free_all(env->scratch); if(sec == sec_status_secure) { /* success */ @@ -8235,6 +8245,7 @@ void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf, { struct auth_zone* z = (struct auth_zone*)arg; struct module_env* env; + char reasonbuf[256]; char* reason = NULL, *ds_bogus = NULL, *typestr="DNSKEY"; struct ub_packed_rrset_key* dnskey = NULL, *ds = NULL; int is_insecure = 0, downprot; @@ -8346,7 +8357,8 @@ void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf, if(!reason && !is_insecure && !dnskey && ds) { dnskey = auth_zone_verify_zonemd_key_with_ds(z, env, &env->mesh->mods, ds, &is_insecure, &ds_bogus, - &keystorage, downprot?sigalg:NULL); + &keystorage, downprot?sigalg:NULL, reasonbuf, + sizeof(reasonbuf)); if(!dnskey && !is_insecure && !reason) reason = "DNSKEY verify with DS failed"; } @@ -8354,6 +8366,7 @@ void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf, if(reason) { auth_zone_zonemd_fail(z, env, reason, ds_bogus, NULL); lock_rw_unlock(&z->lock); + regional_free_all(env->scratch); return; } @@ -8438,6 +8451,7 @@ zonemd_lookup_dnskey(struct auth_zone* z, struct module_env* env) void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env, struct module_stack* mods, char** result, int offline, int only_online) { + char reasonbuf[256]; char* reason = NULL, *why_bogus = NULL; struct trust_anchor* anchor = NULL; struct ub_packed_rrset_key* dnskey = NULL; @@ -8472,7 +8486,8 @@ void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env, } /* equal to trustanchor, no need for online lookups */ dnskey = zonemd_get_dnskey_from_anchor(z, env, mods, anchor, - &is_insecure, &why_bogus, &keystorage); + &is_insecure, &why_bogus, &keystorage, reasonbuf, + sizeof(reasonbuf)); lock_basic_unlock(&anchor->lock); if(!dnskey && !reason && !is_insecure) { reason = "verify DNSKEY RRset with trust anchor failed"; @@ -8498,6 +8513,7 @@ void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env, if(reason) { auth_zone_zonemd_fail(z, env, reason, why_bogus, result); + regional_free_all(env->scratch); return; } diff --git a/usr.sbin/unbound/services/cache/dns.c b/usr.sbin/unbound/services/cache/dns.c index 9d18b7901..16cf216ca 100644 --- a/usr.sbin/unbound/services/cache/dns.c +++ b/usr.sbin/unbound/services/cache/dns.c @@ -96,7 +96,8 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now, struct ub_packed_rrset_key* ck; lock_rw_rdlock(&rep->ref[i].key->entry.lock); /* if deleted rrset, do not copy it */ - if(rep->ref[i].key->id == 0) + if(rep->ref[i].key->id == 0 || + rep->ref[i].id != rep->ref[i].key->id) ck = NULL; else ck = packed_rrset_copy_region( rep->ref[i].key, region, now); @@ -109,14 +110,22 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now, /* no break: also copy key item */ /* the line below is matched by gcc regex and silences * the fallthrough warning */ + ATTR_FALLTHROUGH /* fallthrough */ case 1: /* ref updated, item inserted */ rep->rrsets[i] = rep->ref[i].key; - } - /* if ref was updated make sure the message ttl is updated to - * the minimum of the current rrsets. */ - ttl = ((struct packed_rrset_data*)rep->rrsets[i]->entry.data)->ttl; + /* ref was updated; make sure the message ttl is + * updated to the minimum of the current rrsets. */ + lock_rw_rdlock(&rep->ref[i].key->entry.lock); + /* if deleted, skip ttl update. */ + if(rep->ref[i].key->id != 0 && + rep->ref[i].id == rep->ref[i].key->id) { + ttl = ((struct packed_rrset_data*) + rep->rrsets[i]->entry.data)->ttl; if(ttl < min_ttl) min_ttl = ttl; + } + lock_rw_unlock(&rep->ref[i].key->entry.lock); + } } if(min_ttl < rep->ttl) { rep->ttl = min_ttl; @@ -337,6 +346,13 @@ find_add_addrs(struct module_env* env, uint16_t qclass, * not use dns64 translation */ neg = msg_cache_lookup(env, ns->name, ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); + /* Because recursion for lookup uses BIT_CD, check + * for that so it stops the recursion lookup, if a + * negative answer is cached. Because the cache uses + * the CD flag for type AAAA. */ + if(!neg) + neg = msg_cache_lookup(env, ns->name, ns->namelen, + LDNS_RR_TYPE_AAAA, qclass, BIT_CD, now, 0); if(neg) { delegpt_add_neg_msg(dp, neg); lock_rw_unlock(&neg->entry.lock); @@ -396,6 +412,13 @@ cache_fill_missing(struct module_env* env, uint16_t qclass, * not use dns64 translation */ neg = msg_cache_lookup(env, ns->name, ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); + /* Because recursion for lookup uses BIT_CD, check + * for that so it stops the recursion lookup, if a + * negative answer is cached. Because the cache uses + * the CD flag for type AAAA. */ + if(!neg) + neg = msg_cache_lookup(env, ns->name, ns->namelen, + LDNS_RR_TYPE_AAAA, qclass, BIT_CD, now, 0); if(neg) { delegpt_add_neg_msg(dp, neg); lock_rw_unlock(&neg->entry.lock); diff --git a/usr.sbin/unbound/services/cache/infra.c b/usr.sbin/unbound/services/cache/infra.c index c110af7b5..831808882 100644 --- a/usr.sbin/unbound/services/cache/infra.c +++ b/usr.sbin/unbound/services/cache/infra.c @@ -60,6 +60,16 @@ * can do this number of packets (until those all timeout too) */ #define TIMEOUT_COUNT_MAX 3 +/** Minus 1000 because that is outside of the RTTBAND, so + * blacklisted servers stay blacklisted if this is chosen. + * If USEFUL_SERVER_TOP_TIMEOUT is below 1000 (configured via RTT_MAX_TIMEOUT, + * infra-cache-max-rtt) change it to just above the RTT_BAND. */ +#define STILL_USEFUL_TIMEOUT ( \ + USEFUL_SERVER_TOP_TIMEOUT < 1000 || \ + USEFUL_SERVER_TOP_TIMEOUT - 1000 <= RTT_BAND \ + ?RTT_BAND + 1 \ + :USEFUL_SERVER_TOP_TIMEOUT - 1000) + /** ratelimit value for delegation point */ int infra_dp_ratelimit = 0; @@ -347,6 +357,7 @@ infra_create(struct config_file* cfg) return NULL; } infra_ip_ratelimit = cfg->ip_ratelimit; + infra_ip_ratelimit_cookie = cfg->ip_ratelimit_cookie; infra->client_ip_rates = slabhash_create(cfg->ip_ratelimit_slabs, INFRA_HOST_STARTSIZE, cfg->ip_ratelimit_size, &ip_rate_sizefunc, &ip_rate_compfunc, &ip_rate_delkeyfunc, &ip_rate_deldatafunc, NULL); @@ -398,6 +409,7 @@ infra_adjust(struct infra_cache* infra, struct config_file* cfg) infra->infra_keep_probing = cfg->infra_keep_probing; infra_dp_ratelimit = cfg->ratelimit; infra_ip_ratelimit = cfg->ip_ratelimit; + infra_ip_ratelimit_cookie = cfg->ip_ratelimit_cookie; maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+ sizeof(struct infra_data)+INFRA_BYTES_NAME); /* divide cachesize by slabs and multiply by slabs, because if the @@ -656,7 +668,7 @@ infra_update_tcp_works(struct infra_cache* infra, if(data->rtt.rto >= RTT_MAX_TIMEOUT) /* do not disqualify this server altogether, it is better * than nothing */ - data->rtt.rto = RTT_MAX_TIMEOUT-1000; + data->rtt.rto = STILL_USEFUL_TIMEOUT; lock_rw_unlock(&e->lock); } @@ -796,7 +808,7 @@ infra_get_lame_rtt(struct infra_cache* infra, && infra->infra_keep_probing) { /* single probe, keep probing */ if(*rtt >= USEFUL_SERVER_TOP_TIMEOUT) - *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; + *rtt = STILL_USEFUL_TIMEOUT; } else if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay && rtt_notimeout(&host->rtt)*4 <= host->rtt.rto) { /* single probe for this domain, and we are not probing */ @@ -804,26 +816,23 @@ infra_get_lame_rtt(struct infra_cache* infra, if(qtype == LDNS_RR_TYPE_A) { if(host->timeout_A >= TIMEOUT_COUNT_MAX) *rtt = USEFUL_SERVER_TOP_TIMEOUT; - else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; + else *rtt = STILL_USEFUL_TIMEOUT; } else if(qtype == LDNS_RR_TYPE_AAAA) { if(host->timeout_AAAA >= TIMEOUT_COUNT_MAX) *rtt = USEFUL_SERVER_TOP_TIMEOUT; - else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; + else *rtt = STILL_USEFUL_TIMEOUT; } else { if(host->timeout_other >= TIMEOUT_COUNT_MAX) *rtt = USEFUL_SERVER_TOP_TIMEOUT; - else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; + else *rtt = STILL_USEFUL_TIMEOUT; } } /* expired entry */ if(timenow > host->ttl) { - /* see if this can be a re-probe of an unresponsive server */ - /* minus 1000 because that is outside of the RTTBAND, so - * blacklisted servers stay blacklisted if this is chosen */ if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) { lock_rw_unlock(&e->lock); - *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; + *rtt = STILL_USEFUL_TIMEOUT; *lame = 0; *dnsseclame = 0; *reclame = 0; diff --git a/usr.sbin/unbound/services/cache/infra.h b/usr.sbin/unbound/services/cache/infra.h index a9864d67b..95f48c063 100644 --- a/usr.sbin/unbound/services/cache/infra.h +++ b/usr.sbin/unbound/services/cache/infra.h @@ -234,7 +234,7 @@ struct infra_cache* infra_adjust(struct infra_cache* infra, struct config_file* cfg); /** - * Plain find infra data function (used by the the other functions) + * Plain find infra data function (used by the other functions) * @param infra: infrastructure cache. * @param addr: host address. * @param addrlen: length of addr. diff --git a/usr.sbin/unbound/services/listen_dnsport.c b/usr.sbin/unbound/services/listen_dnsport.c index 7eb59a161..6c0691f2a 100644 --- a/usr.sbin/unbound/services/listen_dnsport.c +++ b/usr.sbin/unbound/services/listen_dnsport.c @@ -675,7 +675,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, int* reuseport, int transparent, int mss, int nodelay, int freebind, int use_systemd, int dscp) { - int s; + int s = -1; char* err; #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined(SO_BINDANY) int on = 1; diff --git a/usr.sbin/unbound/services/localzone.c b/usr.sbin/unbound/services/localzone.c index cd04c014e..c4e7e55df 100644 --- a/usr.sbin/unbound/services/localzone.c +++ b/usr.sbin/unbound/services/localzone.c @@ -242,7 +242,7 @@ lz_enter_zone_dname(struct local_zones* zones, uint8_t* nm, size_t len, } /** enter a new zone */ -static struct local_zone* +struct local_zone* lz_enter_zone(struct local_zones* zones, const char* name, const char* type, uint16_t dclass) { @@ -983,36 +983,39 @@ lz_enter_overrides(struct local_zones* zones, struct config_file* cfg) return 1; } -/** setup parent pointers, so that a lookup can be done for closest match */ -static void -init_parents(struct local_zones* zones) +/* return closest parent in the tree, NULL if none */ +static struct local_zone* find_closest_parent(struct local_zone* curr, + struct local_zone* prev) { - struct local_zone* node, *prev = NULL, *p; + struct local_zone* p; int m; - lock_rw_wrlock(&zones->lock); - RBTREE_FOR(node, struct local_zone*, &zones->ztree) { - lock_rw_wrlock(&node->lock); - node->parent = NULL; - if(!prev || prev->dclass != node->dclass) { - prev = node; - lock_rw_unlock(&node->lock); - continue; - } - (void)dname_lab_cmp(prev->name, prev->namelabs, node->name, - node->namelabs, &m); /* we know prev is smaller */ + if(!prev || prev->dclass != curr->dclass) return NULL; + (void)dname_lab_cmp(prev->name, prev->namelabs, curr->name, + curr->namelabs, &m); /* we know prev is smaller */ /* sort order like: . com. bla.com. zwb.com. net. */ /* find the previous, or parent-parent-parent */ - for(p = prev; p; p = p->parent) + for(p = prev; p; p = p->parent) { /* looking for name with few labels, a parent */ if(p->namelabs <= m) { /* ==: since prev matched m, this is closest*/ /* <: prev matches more, but is not a parent, * this one is a (grand)parent */ - node->parent = p; - break; + return p; + } + } + return NULL; } - prev = node; +/** setup parent pointers, so that a lookup can be done for closest match */ +void +lz_init_parents(struct local_zones* zones) +{ + struct local_zone* node, *prev = NULL; + lock_rw_wrlock(&zones->lock); + RBTREE_FOR(node, struct local_zone*, &zones->ztree) { + lock_rw_wrlock(&node->lock); + node->parent = find_closest_parent(node, prev); + prev = node; if(node->override_tree) addr_tree_init_parents(node->override_tree); lock_rw_unlock(&node->lock); @@ -1036,7 +1039,7 @@ lz_setup_implicit(struct local_zones* zones, struct config_file* cfg) int nmlabs = 0; int match = 0; /* number of labels match count */ - init_parents(zones); /* to enable local_zones_lookup() */ + lz_init_parents(zones); /* to enable local_zones_lookup() */ for(p = cfg->local_data; p; p = p->next) { uint8_t* rr_name; uint16_t rr_class, rr_type; @@ -1202,7 +1205,7 @@ local_zones_apply_cfg(struct local_zones* zones, struct config_file* cfg) } /* setup parent ptrs for lookup during data entry */ - init_parents(zones); + lz_init_parents(zones); /* insert local zone tags */ if(!lz_enter_zone_tags(zones, cfg)) { return 0; @@ -2028,7 +2031,9 @@ struct local_zone* local_zones_add_zone(struct local_zones* zones, uint8_t* name, size_t len, int labs, uint16_t dclass, enum localzone_type tp) { + int exact; /* create */ + struct local_zone *prev; struct local_zone* z = local_zone_create(name, len, labs, tp, dclass); if(!z) { free(name); @@ -2037,10 +2042,12 @@ struct local_zone* local_zones_add_zone(struct local_zones* zones, lock_rw_wrlock(&z->lock); /* find the closest parent */ - z->parent = local_zones_find(zones, name, len, labs, dclass); + prev = local_zones_find_le(zones, name, len, labs, dclass, &exact); + if(!exact) + z->parent = find_closest_parent(z, prev); /* insert into the tree */ - if(!rbtree_insert(&zones->ztree, &z->node)) { + if(exact||!rbtree_insert(&zones->ztree, &z->node)) { /* duplicate entry! */ lock_rw_unlock(&z->lock); local_zone_delete(z); diff --git a/usr.sbin/unbound/services/localzone.h b/usr.sbin/unbound/services/localzone.h index 0c67b3fe5..dd6aa3f57 100644 --- a/usr.sbin/unbound/services/localzone.h +++ b/usr.sbin/unbound/services/localzone.h @@ -641,4 +641,23 @@ local_zone_enter_rr(struct local_zone* z, uint8_t* nm, size_t nmlen, */ struct local_data* local_zone_find_data(struct local_zone* z, uint8_t* nm, size_t nmlen, int nmlabs); + +/** Enter a new zone; returns with WRlock + * Made public for unit testing + * @param zones: the local zones tree + * @param name: name of the zone + * @param type: type of the zone + * @param dclass: class of the zone + * @return local_zone (or duplicate), NULL on parse and malloc failures + */ +struct local_zone* +lz_enter_zone(struct local_zones* zones, const char* name, const char* type, + uint16_t dclass); + +/** Setup parent pointers, so that a lookup can be done for closest match + * Made public for unit testing + * @param zones: the local zones tree + */ +void +lz_init_parents(struct local_zones* zones); #endif /* SERVICES_LOCALZONE_H */ diff --git a/usr.sbin/unbound/services/mesh.c b/usr.sbin/unbound/services/mesh.c index e886c4b92..522118844 100644 --- a/usr.sbin/unbound/services/mesh.c +++ b/usr.sbin/unbound/services/mesh.c @@ -413,6 +413,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, int timeout = mesh->env->cfg->serve_expired? mesh->env->cfg->serve_expired_client_timeout:0; struct sldns_buffer* r_buffer = rep->c->buffer; + uint16_t mesh_flags = qflags&(BIT_RD|BIT_CD); if(rep->c->tcp_req_info) { r_buffer = rep->c->tcp_req_info->spool_buffer; } @@ -425,7 +426,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, return; } if(!unique) - s = mesh_area_find(mesh, cinfo, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_area_find(mesh, cinfo, qinfo, mesh_flags, 0, 0); /* does this create a new reply state? */ if(!s || s->list_select == mesh_no_list) { if(!mesh_make_new_space(mesh, rep->c->buffer)) { @@ -453,7 +454,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, struct rbnode_type* n; #endif s = mesh_state_create(mesh->env, qinfo, cinfo, - qflags&(BIT_RD|BIT_CD), 0, 0); + mesh_flags, 0, 0); if(!s) { log_err("mesh_state_create: out of memory; SERVFAIL"); if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL, @@ -565,6 +566,8 @@ servfail_mem: edns->opt_list_inplace_cb_out = NULL; error_encode(r_buffer, LDNS_RCODE_SERVFAIL, qinfo, qid, qflags, edns); + if(rep->c->use_h2) + http2_stream_remove_mesh_state(rep->c->h2_stream); comm_point_send_reply(rep); if(added) mesh_state_delete(&s->s); @@ -583,8 +586,9 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, int was_detached = 0; int was_noreply = 0; int added = 0; + uint16_t mesh_flags = qflags&(BIT_RD|BIT_CD); if(!unique) - s = mesh_area_find(mesh, NULL, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_area_find(mesh, NULL, qinfo, mesh_flags, 0, 0); /* there are no limits on the number of callbacks */ @@ -594,7 +598,7 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, struct rbnode_type* n; #endif s = mesh_state_create(mesh->env, qinfo, NULL, - qflags&(BIT_RD|BIT_CD), 0, 0); + mesh_flags, 0, 0); if(!s) { return 0; } @@ -673,8 +677,12 @@ static void mesh_schedule_prefetch(struct mesh_area* mesh, struct query_info* qinfo, uint16_t qflags, time_t leeway, int run, int rpz_passthru) { + /* Explicitly set the BIT_RD regardless of the client's flags. This is + * for a prefetch query (no client attached) but it needs to be treated + * as a recursion query. */ + uint16_t mesh_flags = BIT_RD|(qflags&BIT_CD); struct mesh_state* s = mesh_area_find(mesh, NULL, qinfo, - qflags&(BIT_RD|BIT_CD), 0, 0); + mesh_flags, 0, 0); #ifdef UNBOUND_DEBUG struct rbnode_type* n; #endif @@ -694,8 +702,7 @@ static void mesh_schedule_prefetch(struct mesh_area* mesh, return; } - s = mesh_state_create(mesh->env, qinfo, NULL, - qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_state_create(mesh->env, qinfo, NULL, mesh_flags, 0, 0); if(!s) { log_err("prefetch mesh_state_create: out of memory"); return; @@ -756,14 +763,17 @@ static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh, #ifdef UNBOUND_DEBUG struct rbnode_type* n; #endif + /* Explicitly set the BIT_RD regardless of the client's flags. This is + * for a prefetch query (no client attached) but it needs to be treated + * as a recursion query. */ + uint16_t mesh_flags = BIT_RD|(qflags&BIT_CD); if(!mesh_make_new_space(mesh, NULL)) { verbose(VERB_ALGO, "Too many queries. dropped prefetch."); mesh->stats_dropped ++; return; } - s = mesh_state_create(mesh->env, qinfo, NULL, - qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_state_create(mesh->env, qinfo, NULL, mesh_flags, 0, 0); if(!s) { log_err("prefetch_subnet mesh_state_create: out of memory"); return; @@ -966,6 +976,8 @@ mesh_state_cleanup(struct mesh_state* mstate) for(; rep; rep=rep->next) { infra_wait_limit_dec(mesh->env->infra_cache, &rep->query_reply, mesh->env->cfg); + if(rep->query_reply.c->use_h2) + http2_stream_remove_mesh_state(rep->h2_stream); comm_point_drop_reply(&rep->query_reply); log_assert(mesh->num_reply_addrs > 0); mesh->num_reply_addrs--; @@ -1522,6 +1534,8 @@ void mesh_query_done(struct mesh_state* mstate) infra_wait_limit_dec(mstate->s.env->infra_cache, &r->query_reply, mstate->s.env->cfg); mstate->reply_list = NULL; + if(r->query_reply.c->use_h2) + http2_stream_remove_mesh_state(r->h2_stream); comm_point_drop_reply(&r->query_reply); mstate->reply_list = reply_list; mstate->s.env->mesh->stats_dropped++; @@ -1554,6 +1568,9 @@ void mesh_query_done(struct mesh_state* mstate) infra_wait_limit_dec(mstate->s.env->infra_cache, &r->query_reply, mstate->s.env->cfg); mstate->reply_list = NULL; + if(r->query_reply.c->use_h2) { + http2_stream_remove_mesh_state(r->h2_stream); + } comm_point_drop_reply(&r->query_reply); mstate->reply_list = reply_list; } else { @@ -1568,6 +1585,8 @@ void mesh_query_done(struct mesh_state* mstate) tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate); r_buffer = NULL; } + /* mesh_send_reply removed mesh state from + * http2_stream. */ prev = r; prev_buffer = r_buffer; } @@ -1720,6 +1739,7 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, return 0; if(rep->c->use_h2) r->h2_stream = rep->c->h2_stream; + else r->h2_stream = NULL; /* Data related to local alias stored in 'qinfo' (if any) is ephemeral * and can be different for different original queries (even if the @@ -2243,6 +2263,8 @@ mesh_serve_expired_callback(void* arg) infra_wait_limit_dec(mstate->s.env->infra_cache, &r->query_reply, mstate->s.env->cfg); mstate->reply_list = NULL; + if(r->query_reply.c->use_h2) + http2_stream_remove_mesh_state(r->h2_stream); comm_point_drop_reply(&r->query_reply); mstate->reply_list = reply_list; mstate->s.env->mesh->stats_dropped++; @@ -2276,6 +2298,7 @@ mesh_serve_expired_callback(void* arg) r, r_buffer, prev, prev_buffer); if(r->query_reply.c->tcp_req_info) tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate); + /* mesh_send_reply removed mesh state from http2_stream. */ infra_wait_limit_dec(mstate->s.env->infra_cache, &r->query_reply, mstate->s.env->cfg); prev = r; diff --git a/usr.sbin/unbound/services/modstack.c b/usr.sbin/unbound/services/modstack.c index fc46286cd..97a23bee6 100644 --- a/usr.sbin/unbound/services/modstack.c +++ b/usr.sbin/unbound/services/modstack.c @@ -95,6 +95,16 @@ modstack_init(struct module_stack* stack) stack->mod = NULL; } +void +modstack_free(struct module_stack* stack) +{ + if(!stack) + return; + stack->num = 0; + free(stack->mod); + stack->mod = NULL; +} + int modstack_config(struct module_stack* stack, const char* module_conf) { @@ -223,17 +233,58 @@ module_func_block* module_factory(const char** str) } int -modstack_setup(struct module_stack* stack, const char* module_conf, +modstack_call_startup(struct module_stack* stack, const char* module_conf, struct module_env* env) { int i; if(stack->num != 0) - modstack_desetup(stack, env); + fatal_exit("unexpected already initialised modules"); /* fixed setup of the modules */ if(!modstack_config(stack, module_conf)) { return 0; } + for(i=0; inum; i++) { + if(stack->mod[i]->startup == NULL) + continue; + verbose(VERB_OPS, "startup module %d: %s", + i, stack->mod[i]->name); + fptr_ok(fptr_whitelist_mod_startup(stack->mod[i]->startup)); + if(!(*stack->mod[i]->startup)(env, i)) { + log_err("module startup for module %s failed", + stack->mod[i]->name); + return 0; + } + } + return 1; +} + +int +modstack_call_init(struct module_stack* stack, const char* module_conf, + struct module_env* env) +{ + int i, changed = 0; env->need_to_validate = 0; /* set by module init below */ + for(i=0; inum; i++) { + while(*module_conf && isspace(*module_conf)) + module_conf++; + if(strncmp(stack->mod[i]->name, module_conf, + strlen(stack->mod[i]->name))) { + if(stack->mod[i]->startup || stack->mod[i]->destartup) { + log_err("changed module ordering during reload not supported, for module that needs startup"); + return 0; + } else { + changed = 1; + } + } + module_conf += strlen(stack->mod[i]->name); + } + if(changed) { + modstack_free(stack); + if(!modstack_config(stack, module_conf)) { + return 0; + } + } + for(i=0; inum; i++) { verbose(VERB_OPS, "init module %d: %s", i, stack->mod[i]->name); @@ -248,16 +299,25 @@ modstack_setup(struct module_stack* stack, const char* module_conf, } void -modstack_desetup(struct module_stack* stack, struct module_env* env) +modstack_call_deinit(struct module_stack* stack, struct module_env* env) { int i; for(i=0; inum; i++) { fptr_ok(fptr_whitelist_mod_deinit(stack->mod[i]->deinit)); (*stack->mod[i]->deinit)(env, i); } - stack->num = 0; - free(stack->mod); - stack->mod = NULL; +} + +void +modstack_call_destartup(struct module_stack* stack, struct module_env* env) +{ + int i; + for(i=0; inum; i++) { + if(stack->mod[i]->destartup == NULL) + continue; + fptr_ok(fptr_whitelist_mod_destartup(stack->mod[i]->destartup)); + (*stack->mod[i]->destartup)(env, i); + } } int diff --git a/usr.sbin/unbound/services/modstack.h b/usr.sbin/unbound/services/modstack.h index 54c03d1e2..9abc40c27 100644 --- a/usr.sbin/unbound/services/modstack.h +++ b/usr.sbin/unbound/services/modstack.h @@ -60,6 +60,23 @@ struct module_stack { */ void modstack_init(struct module_stack* stack); +/** + * Free the stack of modules + * @param stack: stack that frees up memory. + */ +void modstack_free(struct module_stack* stack); + +/** + * Initialises modules and assignes ids. Calls module_startup(). + * @param stack: Expected empty, filled according to module_conf + * @param module_conf: string what modules to initialize + * @param env: module environment which is inited by the modules. + * environment should have a superalloc, cfg, + * @return on false a module init failed. + */ +int modstack_call_startup(struct module_stack* stack, const char* module_conf, + struct module_env* env); + /** * Read config file module settings and set up the modfunc block * @param stack: the stack of modules (empty before call). @@ -83,24 +100,31 @@ struct module_func_block* module_factory(const char** str); const char** module_list_avail(void); /** - * Setup modules. Assigns ids and calls module_init. - * @param stack: if not empty beforehand, it will be desetup()ed. - * It is then modstack_configged(). - * @param module_conf: string what modules to insert. + * Init modules. Calls module_init(). + * @param stack: It is modstack_setupped(). + * @param module_conf: module ordering to check against the ordering in stack. + * fails on changed ordering. * @param env: module environment which is inited by the modules. * environment should have a superalloc, cfg, * env.need_to_validate is set by the modules. * @return on false a module init failed. */ -int modstack_setup(struct module_stack* stack, const char* module_conf, +int modstack_call_init(struct module_stack* stack, const char* module_conf, struct module_env* env); /** - * Desetup the modules, deinit, delete. + * Deinit the modules. * @param stack: made empty. * @param env: module env for module deinit() calls. */ -void modstack_desetup(struct module_stack* stack, struct module_env* env); +void modstack_call_deinit(struct module_stack* stack, struct module_env* env); + +/** + * Destartup the modules, close, delete. + * @param stack: made empty. + * @param env: module env for module destartup() calls. + */ +void modstack_call_destartup(struct module_stack* stack, struct module_env* env); /** * Find index of module by name. diff --git a/usr.sbin/unbound/services/outside_network.c b/usr.sbin/unbound/services/outside_network.c index 0cc553d70..0ea01b005 100644 --- a/usr.sbin/unbound/services/outside_network.c +++ b/usr.sbin/unbound/services/outside_network.c @@ -2051,7 +2051,8 @@ select_id(struct outside_network* outnet, struct pending* pend, } /** return true is UDP connect error needs to be logged */ -static int udp_connect_needs_log(int err) +static int udp_connect_needs_log(int err, struct sockaddr_storage* addr, + socklen_t addrlen) { switch(err) { case ECONNREFUSED: @@ -2075,6 +2076,15 @@ static int udp_connect_needs_log(int err) if(verbosity >= VERB_ALGO) return 1; return 0; + case EINVAL: + /* Stop 'Invalid argument for fe80::/10' addresses appearing + * in the logs, at low verbosity. They cannot be sent to. */ + if(addr_is_ip6linklocal(addr, addrlen)) { + if(verbosity >= VERB_ALGO) + return 1; + return 0; + } + break; default: break; } @@ -2141,7 +2151,8 @@ select_ifport(struct outside_network* outnet, struct pending* pend, /* connect() to the destination */ if(connect(fd, (struct sockaddr*)&pend->addr, pend->addrlen) < 0) { - if(udp_connect_needs_log(errno)) { + if(udp_connect_needs_log(errno, + &pend->addr, pend->addrlen)) { log_err_addr("udp connect failed", strerror(errno), &pend->addr, pend->addrlen); @@ -3455,7 +3466,10 @@ outnet_serviced_query(struct outside_network* outnet, timenow = *env->now; if(!infra_ratelimit_inc(env->infra_cache, zone, zonelen, timenow, env->cfg->ratelimit_backoff, - &qstate->qinfo, qstate->reply)) { + &qstate->qinfo, + qstate->mesh_info->reply_list + ?&qstate->mesh_info->reply_list->query_reply + :NULL)) { /* Can we pass through with slip factor? */ if(env->cfg->ratelimit_factor == 0 || ub_random_max(env->rnd, diff --git a/usr.sbin/unbound/services/rpz.c b/usr.sbin/unbound/services/rpz.c index 7f3a00d09..0bcf78f49 100644 --- a/usr.sbin/unbound/services/rpz.c +++ b/usr.sbin/unbound/services/rpz.c @@ -242,10 +242,14 @@ rpz_action_to_localzone_type(enum rpz_action a) case RPZ_NODATA_ACTION: return local_zone_always_nodata; case RPZ_DROP_ACTION: return local_zone_always_deny; case RPZ_PASSTHRU_ACTION: return local_zone_always_transparent; - case RPZ_LOCAL_DATA_ACTION: /* fallthrough */ + case RPZ_LOCAL_DATA_ACTION: + ATTR_FALLTHROUGH + /* fallthrough */ case RPZ_CNAME_OVERRIDE_ACTION: return local_zone_redirect; case RPZ_TCP_ONLY_ACTION: return local_zone_truncate; - case RPZ_INVALID_ACTION: /* fallthrough */ + case RPZ_INVALID_ACTION: + ATTR_FALLTHROUGH + /* fallthrough */ default: return local_zone_invalid; } } @@ -258,10 +262,14 @@ rpz_action_to_respip_action(enum rpz_action a) case RPZ_NODATA_ACTION: return respip_always_nodata; case RPZ_DROP_ACTION: return respip_always_deny; case RPZ_PASSTHRU_ACTION: return respip_always_transparent; - case RPZ_LOCAL_DATA_ACTION: /* fallthrough */ + case RPZ_LOCAL_DATA_ACTION: + ATTR_FALLTHROUGH + /* fallthrough */ case RPZ_CNAME_OVERRIDE_ACTION: return respip_redirect; case RPZ_TCP_ONLY_ACTION: return respip_truncate; - case RPZ_INVALID_ACTION: /* fallthrough */ + case RPZ_INVALID_ACTION: + ATTR_FALLTHROUGH + /* fallthrough */ default: return respip_invalid; } } @@ -276,7 +284,9 @@ localzone_type_to_rpz_action(enum localzone_type lzt) case local_zone_always_transparent: return RPZ_PASSTHRU_ACTION; case local_zone_redirect: return RPZ_LOCAL_DATA_ACTION; case local_zone_truncate: return RPZ_TCP_ONLY_ACTION; - case local_zone_invalid: /* fallthrough */ + case local_zone_invalid: + ATTR_FALLTHROUGH + /* fallthrough */ default: return RPZ_INVALID_ACTION; } } @@ -291,7 +301,9 @@ respip_action_to_rpz_action(enum respip_action a) case respip_always_transparent: return RPZ_PASSTHRU_ACTION; case respip_redirect: return RPZ_LOCAL_DATA_ACTION; case respip_truncate: return RPZ_TCP_ONLY_ACTION; - case respip_invalid: /* fallthrough */ + case respip_invalid: + ATTR_FALLTHROUGH + /* fallthrough */ default: return RPZ_INVALID_ACTION; } } @@ -2435,11 +2447,10 @@ rpz_callback_from_iterator_module(struct module_qstate* ms, struct iter_qstate* if(ms->env == NULL || ms->env->auth_zones == NULL) { return 0; } az = ms->env->auth_zones; + lock_rw_rdlock(&az->rpz_lock); verbose(VERB_ALGO, "rpz: iterator module callback: have_rpz=%d", az->rpz_first != NULL); - lock_rw_rdlock(&az->rpz_lock); - /* precedence of RPZ works, loosely, like this: * CNAMEs in order of the CNAME chain. rpzs in the order they are * configured. In an RPZ: first client-IP addr, then QNAME, then @@ -2454,6 +2465,13 @@ rpz_callback_from_iterator_module(struct module_qstate* ms, struct iter_qstate* lock_rw_unlock(&a->lock); continue; } + if(r->taglist && (!ms->client_info || + !taglist_intersect(r->taglist, r->taglistlen, + ms->client_info->taglist, + ms->client_info->taglen))) { + lock_rw_unlock(&a->lock); + continue; + } /* the nsdname has precedence over the nsip triggers */ z = rpz_delegation_point_zone_lookup(is->dp, r->nsdname_zones, @@ -2512,6 +2530,13 @@ struct dns_msg* rpz_callback_from_iterator_cname(struct module_qstate* ms, lock_rw_unlock(&a->lock); continue; } + if(r->taglist && (!ms->client_info || + !taglist_intersect(r->taglist, r->taglistlen, + ms->client_info->taglist, + ms->client_info->taglen))) { + lock_rw_unlock(&a->lock); + continue; + } z = rpz_find_zone(r->local_zones, is->qchase.qname, is->qchase.qname_len, is->qchase.qclass, 0, 0, 0); if(z && r->action_override == RPZ_DISABLED_ACTION) { diff --git a/usr.sbin/unbound/sldns/parse.h b/usr.sbin/unbound/sldns/parse.h index 6e756674e..e545ac172 100644 --- a/usr.sbin/unbound/sldns/parse.h +++ b/usr.sbin/unbound/sldns/parse.h @@ -106,7 +106,7 @@ ssize_t sldns_bget_token(struct sldns_buffer *b, char *token, const char *delim, * \param[in] k_del keyword delimiter * \param[out] data the data found * \param[in] d_del the data delimiter - * \param[in] data_limit maximum size the the data buffer + * \param[in] data_limit maximum size the data buffer * \return the number of character read */ ssize_t sldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit); @@ -119,7 +119,7 @@ ssize_t sldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, * \param[in] k_del keyword delimiter * \param[out] data the data found * \param[in] d_del the data delimiter - * \param[in] data_limit maximum size the the data buffer + * \param[in] data_limit maximum size the data buffer * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) * \return the number of character read @@ -134,7 +134,7 @@ ssize_t sldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_de * \param[in] k_del keyword delimiter * \param[out] data the data found * \param[in] d_del the data delimiter - * \param[in] data_limit maximum size the the data buffer + * \param[in] data_limit maximum size the data buffer * \return the number of character read */ ssize_t sldns_bget_keyword_data(struct sldns_buffer *b, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit); diff --git a/usr.sbin/unbound/sldns/parseutil.c b/usr.sbin/unbound/sldns/parseutil.c index c891b0b61..f749aea4a 100644 --- a/usr.sbin/unbound/sldns/parseutil.c +++ b/usr.sbin/unbound/sldns/parseutil.c @@ -436,11 +436,13 @@ sldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz, /* ........ ........ ....4444 4....... ........ */ c = src[3] >> 7 ; + ATTR_FALLTHROUGH /* fallthrough */ case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c]; /* ........ .......3 3333.... ........ ........ */ c = src[2] >> 4 ; + ATTR_FALLTHROUGH /* fallthrough */ case 2: dst[3] = b32[(src[1] & 0x01) << 4 | c]; @@ -449,6 +451,7 @@ sldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz, /* .....111 11...... ........ ........ ........ */ c = src[1] >> 6 ; + ATTR_FALLTHROUGH /* fallthrough */ case 1: dst[1] = b32[(src[0] & 0x07) << 2 | c]; @@ -460,11 +463,14 @@ sldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz, switch (src_sz) { case 1: dst[2] = '='; dst[3] = '='; + ATTR_FALLTHROUGH /* fallthrough */ case 2: dst[4] = '='; + ATTR_FALLTHROUGH /* fallthrough */ case 3: dst[5] = '='; dst[6] = '='; + ATTR_FALLTHROUGH /* fallthrough */ case 4: dst[7] = '='; } @@ -577,17 +583,20 @@ sldns_b32_pton_base(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz, /* ........ ........ ........ .55555.. ........ */ /* ........ ........ ....4444 4....... ........ */ dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3; + ATTR_FALLTHROUGH /* fallthrough */ case 5: /* ........ ........ ....4444 4....... ........ */ /* ........ .......3 3333.... ........ ........ */ dst[2] = buf[3] << 4 | buf[4] >> 1; + ATTR_FALLTHROUGH /* fallthrough */ case 4: /* ........ .......3 3333.... ........ ........ */ /* ........ ..22222. ........ ........ ........ */ /* .....111 11...... ........ ........ ........ */ dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4; + ATTR_FALLTHROUGH /* fallthrough */ case 2: /* .....111 11...... ........ ........ ........ */ diff --git a/usr.sbin/unbound/sldns/rrdef.h b/usr.sbin/unbound/sldns/rrdef.h index c43b21dad..5fe6da89d 100644 --- a/usr.sbin/unbound/sldns/rrdef.h +++ b/usr.sbin/unbound/sldns/rrdef.h @@ -470,6 +470,11 @@ enum sldns_enum_ede_code LDNS_EDE_NO_REACHABLE_AUTHORITY = 22, LDNS_EDE_NETWORK_ERROR = 23, LDNS_EDE_INVALID_DATA = 24, + LDNS_EDE_SIGNATURE_EXPIRED_BEFORE_VALID = 25, + LDNS_EDE_TOO_EARLY = 26, + LDNS_EDE_UNSUPPORTED_NSEC3_ITERATIONS = 27, + LDNS_EDE_BADPROXYPOLICY = 28, + LDNS_EDE_SYNTHESIZED = 29 }; typedef enum sldns_enum_ede_code sldns_ede_code; diff --git a/usr.sbin/unbound/sldns/wire2str.c b/usr.sbin/unbound/sldns/wire2str.c index 2b5dc0513..ff8399947 100644 --- a/usr.sbin/unbound/sldns/wire2str.c +++ b/usr.sbin/unbound/sldns/wire2str.c @@ -228,6 +228,11 @@ static sldns_lookup_table sldns_edns_ede_codes_data[] = { { LDNS_EDE_NO_REACHABLE_AUTHORITY, "No Reachable Authority" }, { LDNS_EDE_NETWORK_ERROR, "Network Error" }, { LDNS_EDE_INVALID_DATA, "Invalid Data" }, + { LDNS_EDE_SIGNATURE_EXPIRED_BEFORE_VALID, "Signature Expired Before Valid" }, + { LDNS_EDE_TOO_EARLY, "Non-Replayable Transactions Received in 0-RTT Data" }, + { LDNS_EDE_UNSUPPORTED_NSEC3_ITERATIONS, "Unsupported NSEC3 Iterations Value" }, + { LDNS_EDE_BADPROXYPOLICY, "Unable to Conform to Policy" }, + { LDNS_EDE_SYNTHESIZED, "Synthesized Answer" }, { 0, NULL} }; sldns_lookup_table* sldns_edns_ede_codes = sldns_edns_ede_codes_data; @@ -1236,6 +1241,7 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl r = sldns_wire2str_svcparam_ech2str(s, slen, data_len, *d); break; case SVCB_KEY_DOHPATH: + ATTR_FALLTHROUGH /* fallthrough */ default: r = sldns_str_print(s, slen, "=\""); diff --git a/usr.sbin/unbound/smallapp/unbound-anchor.c b/usr.sbin/unbound/smallapp/unbound-anchor.c index f547766b0..cf78f9c7d 100644 --- a/usr.sbin/unbound/smallapp/unbound-anchor.c +++ b/usr.sbin/unbound/smallapp/unbound-anchor.c @@ -155,7 +155,7 @@ #define HTTPS_PORT 443 #ifdef USE_WINSOCK -/* sneakily reuse the the wsa_strerror function, on windows */ +/* sneakily reuse the wsa_strerror function, on windows */ char* wsa_strerror(int err); #endif @@ -187,7 +187,9 @@ static const char DS_TRUST_ANCHOR[] = /* The anchors must start on a new line with ". IN DS and end with \n"[;] * because the makedist script greps on the source here */ /* anchor 20326 is from 2017 */ -". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n"; +". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n" + /* anchor 38696 is from 2024 */ +". IN DS 38696 8 2 683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16\n"; /** verbosity for this application */ static int verb = 0; @@ -809,7 +811,11 @@ TLS_initiate(SSL_CTX* sslctx, int fd, const char* urlname, int use_sni) } /* wants to be called again */ } +#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE + x = SSL_get1_peer_certificate(ssl); +#else x = SSL_get_peer_certificate(ssl); +#endif if(!x) { if(verb) printf("Server presented no peer certificate\n"); SSL_free(ssl); diff --git a/usr.sbin/unbound/smallapp/unbound-checkconf.c b/usr.sbin/unbound/smallapp/unbound-checkconf.c index 5d7997fe0..b775dcdaa 100644 --- a/usr.sbin/unbound/smallapp/unbound-checkconf.c +++ b/usr.sbin/unbound/smallapp/unbound-checkconf.c @@ -140,10 +140,13 @@ check_mod(struct config_file* cfg, struct module_func_block* fb) fatal_exit("out of memory"); if(!edns_known_options_init(&env)) fatal_exit("out of memory"); - if(!(*fb->init)(&env, 0)) { - fatal_exit("bad config for %s module", fb->name); - } + if(fb->startup && !(*fb->startup)(&env, 0)) + fatal_exit("bad config during startup for %s module", fb->name); + if(!(*fb->init)(&env, 0)) + fatal_exit("bad config during init for %s module", fb->name); (*fb->deinit)(&env, 0); + if(fb->destartup) + (*fb->destartup)(&env, 0); sldns_buffer_free(env.scratch_buffer); regional_destroy(env.scratch); edns_known_options_delete(&env); diff --git a/usr.sbin/unbound/smallapp/unbound-control-setup.sh.in b/usr.sbin/unbound/smallapp/unbound-control-setup.sh.in index eaf1d082c..f74b0105a 100644 --- a/usr.sbin/unbound/smallapp/unbound-control-setup.sh.in +++ b/usr.sbin/unbound/smallapp/unbound-control-setup.sh.in @@ -104,6 +104,10 @@ while getopts 'd:hr' arg; do done shift $((OPTIND - 1)) +if ! openssl >/dev/null 2>&1; then + echo "$0 requires openssl to be installed for keys/certificates generation." >&2 + exit 1 +fi echo "setup in directory $DESTDIR" cd "$DESTDIR" diff --git a/usr.sbin/unbound/smallapp/unbound-control.c b/usr.sbin/unbound/smallapp/unbound-control.c index 57b0787db..21e7eb82d 100644 --- a/usr.sbin/unbound/smallapp/unbound-control.c +++ b/usr.sbin/unbound/smallapp/unbound-control.c @@ -122,20 +122,27 @@ usage(void) printf(" local_data add local data, for example\n"); printf(" local_data www.example.com A 192.0.2.1\n"); printf(" local_data_remove remove local RR data from name\n"); - printf(" local_zones, local_zones_remove, local_datas, local_datas_remove\n"); - printf(" same, but read list from stdin\n"); + printf(" local_zones,\n"); + printf(" local_zones_remove,\n"); + printf(" local_datas,\n"); + printf(" local_datas_remove same, but read list from stdin\n"); printf(" (one entry per line).\n"); printf(" dump_cache print cache to stdout\n"); + printf(" (not supported in remote unbounds in\n"); + printf(" multi-process operation)\n"); printf(" load_cache load cache from stdin\n"); + printf(" (not supported in remote unbounds in\n"); + printf(" multi-process operation)\n"); printf(" lookup print nameservers for name\n"); - printf(" flush flushes common types for name from cache\n"); + printf(" flush [+c] flushes common types for name from cache\n"); printf(" types: A, AAAA, MX, PTR, NS,\n"); printf(" SOA, CNAME, DNAME, SRV, NAPTR\n"); - printf(" flush_type flush name, type from cache\n"); - printf(" flush_zone flush everything at or under name\n"); + printf(" flush_type [+c] flush name, type from cache\n"); + printf(" +c remove from cachedb too\n"); + printf(" flush_zone [+c] flush everything at or under name\n"); printf(" from rr and dnssec caches\n"); - printf(" flush_bogus flush all bogus data\n"); - printf(" flush_negative flush all negative data\n"); + printf(" flush_bogus [+c] flush all bogus data\n"); + printf(" flush_negative [+c] flush all negative data\n"); printf(" flush_stats flush statistics, make zero\n"); printf(" flush_requestlist drop queries that are worked on\n"); printf(" dump_requestlist show what is worked on by first thread\n"); @@ -179,6 +186,10 @@ usage(void) printf(" rpz_enable zone Enable the RPZ zone if it had previously\n"); printf(" been disabled\n"); printf(" rpz_disable zone Disable the RPZ zone\n"); + printf(" add_cookie_secret add (or replace) a new cookie secret \n"); + printf(" drop_cookie_secret drop a staging cookie secret\n"); + printf(" activate_cookie_secret make a staging cookie secret active\n"); + printf(" print_cookie_secrets show all cookie secrets with their status\n"); printf("Version %s\n", PACKAGE_VERSION); printf("BSD licensed, see LICENSE in source package for details.\n"); printf("Report bugs to %s\n", PACKAGE_BUGREPORT); @@ -752,7 +763,11 @@ setup_ssl(SSL_CTX* ctx, int fd) /* check authenticity of server */ if(SSL_get_verify_result(ssl) != X509_V_OK) ssl_err("SSL verification failed"); +#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE + x = SSL_get1_peer_certificate(ssl); +#else x = SSL_get_peer_certificate(ssl); +#endif if(!x) ssl_err("Server presented no peer certificate"); X509_free(x); diff --git a/usr.sbin/unbound/systemd.m4 b/usr.sbin/unbound/systemd.m4 index e5d4e27f6..154f4ffab 100644 --- a/usr.sbin/unbound/systemd.m4 +++ b/usr.sbin/unbound/systemd.m4 @@ -2,17 +2,19 @@ # Copyright 2015, Sami Kerola, CloudFlare. # BSD licensed. AC_ARG_ENABLE([systemd], - [AS_HELP_STRING([--enable-systemd], [compile with systemd support])], + [AS_HELP_STRING([--enable-systemd], [compile with systemd support (requires libsystemd, pkg-config)])], [], [enable_systemd=no]) have_systemd=no AS_IF([test "x$enable_systemd" != xno], [ - ifdef([PKG_CHECK_MODULES], [ + if test -n "$PKG_CONFIG"; then dnl systemd v209 or newer - PKG_CHECK_MODULES([SYSTEMD], [libsystemd], [have_systemd=yes], [have_systemd=no]) + have_systemd=no + PKG_CHECK_MODULES([SYSTEMD], [libsystemd], [have_systemd=yes], []) dnl old systemd library AS_IF([test "x$have_systemd" != "xyes"], [ + have_systemd_daemon=no PKG_CHECK_MODULES([SYSTEMD_DAEMON], [libsystemd-daemon], - [have_systemd_daemon=yes], [have_systemd_daemon=no]) + [have_systemd_daemon=yes], []) AS_IF([test "x$have_systemd_daemon" = "xyes"], [have_systemd=yes]) ]) @@ -24,8 +26,8 @@ AS_IF([test "x$enable_systemd" != xno], [ LIBS="$LIBS $SYSTEMD_LIBS" ] ) - ], [ + else AC_MSG_ERROR([systemd enabled but need pkg-config to configure for it]) - ]) + fi ]) AM_CONDITIONAL([USE_SYSTEMD], [test "x$have_systemd" = xyes]) diff --git a/usr.sbin/unbound/testcode/fake_event.c b/usr.sbin/unbound/testcode/fake_event.c index 09269289d..a517fa5f3 100644 --- a/usr.sbin/unbound/testcode/fake_event.c +++ b/usr.sbin/unbound/testcode/fake_event.c @@ -1655,6 +1655,12 @@ void comm_timer_set(struct comm_timer* timer, struct timeval* tv) timeval_add(&t->tv, &t->runtime->now_tv); } +int comm_timer_is_set(struct comm_timer* timer) +{ + struct fake_timer* t = (struct fake_timer*)timer; + return t->enabled; +} + void comm_timer_delete(struct comm_timer* timer) { struct fake_timer* t = (struct fake_timer*)timer; @@ -1978,4 +1984,8 @@ void http2_stream_add_meshstate(struct http2_stream* ATTR_UNUSED(h2_stream), { } +void http2_stream_remove_mesh_state(struct http2_stream* ATTR_UNUSED(h2_stream)) +{ +} + /*********** End of Dummy routines ***********/ diff --git a/usr.sbin/unbound/testcode/mini_tdir.sh b/usr.sbin/unbound/testcode/mini_tdir.sh index 624ecdf7f..d1f7bfce9 100755 --- a/usr.sbin/unbound/testcode/mini_tdir.sh +++ b/usr.sbin/unbound/testcode/mini_tdir.sh @@ -127,6 +127,7 @@ dir=$name.$$ result=result.$name done=.done-$name skip=.skip-$name +asan_text="SUMMARY: AddressSanitizer" success="no" if test -x "`which bash`"; then shell="bash" @@ -200,6 +201,16 @@ if test -f $name.post -a ! -f ../$skip; then echo "Warning: $name.post did not exit successfully" fi fi +# Check if there were any AddressSanitizer errors +# if compiled with -fsanitize=address +if grep "$asan_text" $result >/dev/null 2>&1; then + if test -f ../$done; then + rm ../$done + fi + echo "$name: FAILED (AddressSanitizer)" >> $result + echo "$name: FAILED (AddressSanitizer)" + success="no" +fi echo "DateRunEnd: "`date "+%s" 2>/dev/null` >> $result mv $result .. diff --git a/usr.sbin/unbound/testcode/petal.c b/usr.sbin/unbound/testcode/petal.c index e9202193a..3a2b2fe17 100644 --- a/usr.sbin/unbound/testcode/petal.c +++ b/usr.sbin/unbound/testcode/petal.c @@ -256,7 +256,7 @@ setup_ctx(char* key, char* cert) #if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO if (!SSL_CTX_set_ecdh_auto(ctx,1)) if(verb>=1) printf("failed to set_ecdh_auto, not enabling ECDHE\n"); -#elif defined(USE_ECDSA) +#elif defined(USE_ECDSA) && defined(HAVE_SSL_CTX_SET_TMP_ECDH) if(1) { EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); if (!ecdh) { diff --git a/usr.sbin/unbound/testcode/readzone.c b/usr.sbin/unbound/testcode/readzone.c index 94511e577..f50eea31f 100644 --- a/usr.sbin/unbound/testcode/readzone.c +++ b/usr.sbin/unbound/testcode/readzone.c @@ -45,7 +45,6 @@ #include #include -#include #include "sldns/str2wire.h" #include "sldns/wire2str.h" diff --git a/usr.sbin/unbound/testcode/streamtcp.c b/usr.sbin/unbound/testcode/streamtcp.c index 79b25039c..a761bccc4 100644 --- a/usr.sbin/unbound/testcode/streamtcp.c +++ b/usr.sbin/unbound/testcode/streamtcp.c @@ -471,7 +471,11 @@ send_em(const char* svr, const char* pp2_client, int udp, int usessl, } } if(1) { +#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE + X509* x = SSL_get1_peer_certificate(ssl); +#else X509* x = SSL_get_peer_certificate(ssl); +#endif if(!x) printf("SSL: no peer certificate\n"); else { X509_print_fp(stdout, x); diff --git a/usr.sbin/unbound/testcode/testbound.c b/usr.sbin/unbound/testcode/testbound.c index c781830a1..3c4601ac2 100644 --- a/usr.sbin/unbound/testcode/testbound.c +++ b/usr.sbin/unbound/testcode/testbound.c @@ -72,23 +72,6 @@ int daemon_main(int argc, char* argv[]); /** config files (removed at exit) */ static struct config_strlist* cfgfiles = NULL; -#ifdef UNBOUND_ALLOC_STATS -# define strdup(s) unbound_stat_strdup_log(s, __FILE__, __LINE__, __func__) -char* unbound_stat_strdup_log(char* s, const char* file, int line, - const char* func); -char* unbound_stat_strdup_log(char* s, const char* file, int line, - const char* func) { - char* result; - size_t len; - if(!s) return NULL; - len = strlen(s); - log_info("%s:%d %s strdup(%u)", file, line, func, (unsigned)len+1); - result = unbound_stat_malloc(len+1); - memmove(result, s, len+1); - return result; -} -#endif /* UNBOUND_ALLOC_STATS */ - /** give commandline usage for testbound. */ static void testbound_usage(void) diff --git a/usr.sbin/unbound/testcode/unitmain.c b/usr.sbin/unbound/testcode/unitmain.c index 18741538a..688aa9d55 100644 --- a/usr.sbin/unbound/testcode/unitmain.c +++ b/usr.sbin/unbound/testcode/unitmain.c @@ -1117,7 +1117,7 @@ static void edns_ede_encode_encodedecode(struct query_info* qinfo, sldns_buffer_skip(pkt, 2 + 2); /* decode */ unit_assert(parse_edns_from_query_pkt(pkt, edns, NULL, NULL, NULL, 0, - region) == 0); + region, NULL) == 0); } static void edns_ede_encode_check(struct edns_data* edns, int* found_ede, @@ -1252,6 +1252,109 @@ static void edns_ede_answer_encode_test(void) regional_destroy(region); } +#include "services/localzone.h" +/* Utility function that compares two localzone trees */ +static void compare_localzone_trees(struct local_zones* z1, + struct local_zones* z2) +{ + struct local_zone *node1, *node2; + lock_rw_rdlock(&z1->lock); + lock_rw_rdlock(&z2->lock); + /* size should be the same */ + unit_assert(z1->ztree.count == z2->ztree.count); + for(node1=(struct local_zone*)rbtree_first(&z1->ztree), + node2=(struct local_zone*)rbtree_first(&z2->ztree); + (rbnode_type*)node1 != RBTREE_NULL && + (rbnode_type*)node2 != RBTREE_NULL; + node1=(struct local_zone*)rbtree_next((rbnode_type*)node1), + node2=(struct local_zone*)rbtree_next((rbnode_type*)node2)) { + int labs; + /* the same zone should be at the same nodes */ + unit_assert(!dname_lab_cmp( + node1->name, node1->namelabs, + node2->name, node2->namelabs, + &labs)); + /* the zone's parent should be the same on both nodes */ + unit_assert( + (node1->parent == NULL && node2->parent == NULL) || + (node1->parent != NULL && node2->parent != NULL)); + if(node1->parent) { + unit_assert(!dname_lab_cmp( + node1->parent->name, node1->parent->namelabs, + node2->parent->name, node2->parent->namelabs, + &labs)); + } + } + lock_rw_unlock(&z1->lock); + lock_rw_unlock(&z2->lock); +} + +/* test that zone addition results in the same tree from both the configuration + * file and the unbound-control commands */ +static void localzone_parents_test(void) +{ + struct local_zones *z1, *z2; + size_t i; + char* zone_data[] = { + "one", + "a.b.c.one", + "b.c.one", + "c.one", + "two", + "c.two", + "b.c.two", + "a.b.c.two", + "a.b.c.three", + "b.c.three", + "c.three", + "three", + "c.four", + "b.c.four", + "a.b.c.four", + "four", + "." + }; + unit_show_feature("localzones parent calculation"); + z1 = local_zones_create(); + z2 = local_zones_create(); + /* parse test data */ + for(i=0; ilock); + lz_init_parents(z1); + + /* This is the unbound-control way */ + nm = sldns_str2wire_dname(zone_data[i], &nmlen); + if(!nm) unit_assert(0); + nmlabs = dname_count_size_labels(nm, &nmlen); + lock_rw_wrlock(&z2->lock); + local_zones_add_zone(z2, nm, nmlen, nmlabs, LDNS_RR_CLASS_IN, + local_zone_always_nxdomain); + lock_rw_unlock(&z2->lock); + } + /* The trees should be the same, iterate and check the nodes */ + compare_localzone_trees(z1, z2); + + /* cleanup */ + local_zones_delete(z1); + local_zones_delete(z2); +} + +/** localzone unit tests */ +static void localzone_test(void) +{ + localzone_parents_test(); +} + void unit_show_func(const char* file, const char* func) { printf("test %s:%s\n", file, func); @@ -1325,6 +1428,7 @@ main(int argc, char* argv[]) tcpreuse_test(); msgparse_test(); edns_ede_answer_encode_test(); + localzone_test(); #ifdef CLIENT_SUBNET ecs_test(); #endif /* CLIENT_SUBNET */ diff --git a/usr.sbin/unbound/testcode/unitverify.c b/usr.sbin/unbound/testcode/unitverify.c index 2a9bf2683..49989a4b2 100644 --- a/usr.sbin/unbound/testcode/unitverify.c +++ b/usr.sbin/unbound/testcode/unitverify.c @@ -178,6 +178,7 @@ verifytest_rrset(struct module_env* env, struct val_env* ve, struct query_info* qinfo) { enum sec_status sec; + char reasonbuf[256]; char* reason = NULL; uint8_t sigalg[ALGO_NEEDS_MAX+1]; int verified = 0; @@ -188,8 +189,9 @@ verifytest_rrset(struct module_env* env, struct val_env* ve, } setup_sigalg(dnskey, sigalg); /* check all algorithms in the dnskey */ /* ok to give null as qstate here, won't be used for answer section. */ - sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, sigalg, &reason, NULL, - LDNS_SECTION_ANSWER, NULL, &verified); + sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, sigalg, &reason, + NULL, LDNS_SECTION_ANSWER, NULL, &verified, reasonbuf, + sizeof(reasonbuf)); if(vsig) { printf("verify outcome is: %s %s\n", sec_status_to_string(sec), reason?reason:""); diff --git a/usr.sbin/unbound/testcode/unitzonemd.c b/usr.sbin/unbound/testcode/unitzonemd.c index 23c9f7010..bf130df5a 100644 --- a/usr.sbin/unbound/testcode/unitzonemd.c +++ b/usr.sbin/unbound/testcode/unitzonemd.c @@ -256,7 +256,6 @@ static void zonemd_verify_test(char* zname, char* zfile, char* tastr, struct auth_zone* z; /* setup test harness */ - memset(&mods, 0, sizeof(mods)); memset(&env, 0, sizeof(env)); env.scratch = regional_create(); if(!env.scratch) @@ -288,8 +287,10 @@ static void zonemd_verify_test(char* zname, char* zfile, char* tastr, if(!env.auth_zones) fatal_exit("out of memory"); modstack_init(&mods); - if(!modstack_setup(&mods, env.cfg->module_conf, &env)) - fatal_exit("could not modstack_setup"); + if(!modstack_call_startup(&mods, env.cfg->module_conf, &env)) + fatal_exit("could not modstack_startup"); + if(!modstack_call_init(&mods, env.cfg->module_conf, &env)) + fatal_exit("could not modstack_call_init"); env.mesh = mesh_create(&mods, &env); if(!env.mesh) fatal_exit("out of memory"); @@ -327,7 +328,9 @@ static void zonemd_verify_test(char* zname, char* zfile, char* tastr, /* desetup test harness */ mesh_delete(env.mesh); - modstack_desetup(&mods, &env); + modstack_call_deinit(&mods, &env); + modstack_call_destartup(&mods, &env); + modstack_free(&mods); auth_zones_delete(env.auth_zones); anchors_delete(env.anchors); config_delete(env.cfg); diff --git a/usr.sbin/unbound/util/alloc.c b/usr.sbin/unbound/util/alloc.c index 75ce23acf..37c7e17ea 100644 --- a/usr.sbin/unbound/util/alloc.c +++ b/usr.sbin/unbound/util/alloc.c @@ -466,6 +466,18 @@ void *unbound_stat_realloc(void *ptr, size_t size) memcpy(res+8, &mem_special, sizeof(mem_special)); return res+16; } +/** strdup with stats */ +char *unbound_stat_strdup(const char* s) +{ + size_t len; + char* res; + if(!s) return NULL; + len = strlen(s); + res = unbound_stat_malloc(len+1); + if(!res) return NULL; + memmove(res, s, len+1); + return res; +} /** log to file where alloc was done */ void *unbound_stat_malloc_log(size_t size, const char* file, int line, @@ -507,6 +519,15 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, return unbound_stat_realloc(ptr, size); } +/** log to file where strdup was done */ +char *unbound_stat_strdup_log(const char *s, const char* file, int line, + const char* func) +{ + log_info("%s:%d %s strdup size %u", file, line, func, + (s?(unsigned)strlen(s)+1:0)); + return unbound_stat_strdup(s); +} + #endif /* UNBOUND_ALLOC_STATS */ #ifdef UNBOUND_ALLOC_LITE #undef malloc diff --git a/usr.sbin/unbound/util/config_file.c b/usr.sbin/unbound/util/config_file.c index 62d1eedf9..3f51353b7 100644 --- a/usr.sbin/unbound/util/config_file.c +++ b/usr.sbin/unbound/util/config_file.c @@ -42,6 +42,7 @@ #include "config.h" #include #include +#include #ifdef HAVE_TIME_H #include #endif @@ -386,6 +387,7 @@ config_create(void) memset(cfg->cookie_secret, 0, sizeof(cfg->cookie_secret)); cfg->cookie_secret_len = 16; init_cookie_secret(cfg->cookie_secret, cfg->cookie_secret_len); + cfg->cookie_secret_file = NULL; #ifdef USE_CACHEDB if(!(cfg->cachedb_backend = strdup("testframe"))) goto error_exit; if(!(cfg->cachedb_secret = strdup("default"))) goto error_exit; @@ -769,6 +771,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("dnstap-send-version:", dnstap_send_version) else S_STR("dnstap-identity:", dnstap_identity) else S_STR("dnstap-version:", dnstap_version) + else S_NUMBER_OR_ZERO("dnstap-sample-rate:", dnstap_sample_rate) else S_YNO("dnstap-log-resolver-query-messages:", dnstap_log_resolver_query_messages) else S_YNO("dnstap-log-resolver-response-messages:", @@ -837,6 +840,8 @@ int config_set_option(struct config_file* cfg, const char* opt, { IS_NUMBER_OR_ZERO; cfg->ipsecmod_max_ttl = atoi(val); } else S_YNO("ipsecmod-strict:", ipsecmod_strict) #endif + else S_YNO("answer-cookie:", do_answer_cookie) + else S_STR("cookie-secret-file:", cookie_secret_file) #ifdef USE_CACHEDB else S_YNO("cachedb-no-store:", cachedb_no_store) else S_YNO("cachedb-check-when-serve-expired:", cachedb_check_when_serve_expired) @@ -1248,6 +1253,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "dnstap-send-version", dnstap_send_version) else O_STR(opt, "dnstap-identity", dnstap_identity) else O_STR(opt, "dnstap-version", dnstap_version) + else O_UNS(opt, "dnstap-sample-rate", dnstap_sample_rate) else O_YNO(opt, "dnstap-log-resolver-query-messages", dnstap_log_resolver_query_messages) else O_YNO(opt, "dnstap-log-resolver-response-messages", @@ -1333,6 +1339,8 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LST(opt, "ipsecmod-whitelist", ipsecmod_whitelist) else O_YNO(opt, "ipsecmod-strict", ipsecmod_strict) #endif + else O_YNO(opt, "answer-cookie", do_answer_cookie) + else O_STR(opt, "cookie-secret-file", cookie_secret_file) #ifdef USE_CACHEDB else O_STR(opt, "backend", cachedb_backend) else O_STR(opt, "secret-seed", cachedb_secret) @@ -1718,6 +1726,7 @@ config_delete(struct config_file* cfg) free(cfg->ipsecmod_hook); config_delstrlist(cfg->ipsecmod_whitelist); #endif + free(cfg->cookie_secret_file); #ifdef USE_CACHEDB free(cfg->cachedb_backend); free(cfg->cachedb_secret); @@ -1772,6 +1781,39 @@ init_outgoing_availports(int* a, int num) } } +static int +extract_port_from_str(const char* str, int max_port) { + char* endptr; + long int value; + if (str == NULL || *str == '\0') { + log_err("str: '%s' is invalid", (str?str:"NULL")); + return -1; + } + + value = strtol(str, &endptr, 10); + if ((endptr == str) || (*endptr != '\0')) { + log_err("cannot parse port number '%s'", str); + return -1; + } + + if (errno == ERANGE) { + log_err("overflow occurred when parsing '%s'", str); + return -1; + } + + if (value == 0 && strcmp(str, "0") != 0) { + log_err("cannot parse port number '%s'", str); + return -1; + } + + if (value < 0 || value >= max_port) { + log_err(" '%s' is out of bounds [0, %d)", str, max_port); + return -1; + } + + return (int)value; +} + int cfg_mark_ports(const char* str, int allow, int* avail, int num) { @@ -1782,53 +1824,45 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num) "options"); #endif if(!mid) { - int port = atoi(str); + int port = extract_port_from_str(str, num); if(port < 0) { - log_err("port number is negative: %d", port); - return 0; - } - if(port == 0 && strcmp(str, "0") != 0) { - log_err("cannot parse port number '%s'", str); + log_err("Failed to parse the port number"); return 0; } if(port < num) avail[port] = (allow?port:0); } else { - int i, low, high = atoi(mid+1); char buf[16]; + int i, low; + int high = extract_port_from_str(mid+1, num); if(high < 0) { - log_err("port number is negative: %d", high); - return 0; - } - if(high == 0 && strcmp(mid+1, "0") != 0) { - log_err("cannot parse port number '%s'", mid+1); + log_err("Failed to parse the port number"); return 0; } + if( (int)(mid-str)+1 >= (int)sizeof(buf) ) { log_err("cannot parse port number '%s'", str); return 0; } + if(mid > str) memcpy(buf, str, (size_t)(mid-str)); buf[mid-str] = 0; - low = atoi(buf); + low = extract_port_from_str(buf, num); if(low < 0) { - log_err("port number is negative: %d", low); + log_err("Failed to parse the port number"); return 0; } - if(low == 0 && strcmp(buf, "0") != 0) { - log_err("cannot parse port number '%s'", buf); + + if (low > high) { + log_err("Low value is greater than high value"); return 0; } - if(high > num) { - /* Stop very high values from taking a long time. */ - high = num; - } + for(i=low; i<=high; i++) { if(i < num) avail[i] = (allow?i:0); } - return 1; } return 1; } diff --git a/usr.sbin/unbound/util/config_file.h b/usr.sbin/unbound/util/config_file.h index d3a2e268c..23aacc67a 100644 --- a/usr.sbin/unbound/util/config_file.h +++ b/usr.sbin/unbound/util/config_file.h @@ -592,6 +592,8 @@ struct config_file { char* dnstap_identity; /** dnstap "version", package version is used if "". */ char* dnstap_version; + /** dnstap sample rate */ + int dnstap_sample_rate; /** true to log dnstap RESOLVER_QUERY message events */ int dnstap_log_resolver_query_messages; @@ -748,6 +750,8 @@ struct config_file { uint8_t cookie_secret[40]; /** cookie secret length */ size_t cookie_secret_len; + /** path to cookie secret store */ + char* cookie_secret_file; /* ipset module */ #ifdef USE_IPSET diff --git a/usr.sbin/unbound/util/configlexer.lex b/usr.sbin/unbound/util/configlexer.lex index 7ae1b8c38..cd5062092 100644 --- a/usr.sbin/unbound/util/configlexer.lex +++ b/usr.sbin/unbound/util/configlexer.lex @@ -513,6 +513,7 @@ dnstap-log-forwarder-query-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } +dnstap-sample-rate { YDVAR(1, VAR_DNSTAP_SAMPLE_RATE) } disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } ip-ratelimit-cookie{COLON} { YDVAR(1, VAR_IP_RATELIMIT_COOKIE) } @@ -581,6 +582,7 @@ udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNS tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } answer-cookie{COLON} { YDVAR(1, VAR_ANSWER_COOKIE ) } cookie-secret{COLON} { YDVAR(1, VAR_COOKIE_SECRET) } +cookie-secret-file{COLON} { YDVAR(1, VAR_COOKIE_SECRET_FILE) } edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) } edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } nsid{COLON} { YDVAR(1, VAR_NSID ) } diff --git a/usr.sbin/unbound/util/configparser.y b/usr.sbin/unbound/util/configparser.y index 0feeb61b1..f201e66b3 100644 --- a/usr.sbin/unbound/util/configparser.y +++ b/usr.sbin/unbound/util/configparser.y @@ -137,6 +137,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES +%token VAR_DNSTAP_SAMPLE_RATE %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT %token VAR_IP_DSCP @@ -204,6 +205,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO %token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE %token VAR_LOG_DESTADDR VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED +%token VAR_COOKIE_SECRET_FILE %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -341,7 +343,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_interface_automatic_ports | server_ede | server_proxy_protocol_port | server_statistics_inhibit_zero | server_harden_unknown_additional | server_disable_edns_do | - server_log_destaddr + server_log_destaddr | server_cookie_secret_file ; stubstart: VAR_STUB_ZONE { @@ -357,8 +359,14 @@ stubstart: VAR_STUB_ZONE } } ; -contents_stub: contents_stub content_stub - | ; +contents_stub: content_stub contents_stub + | + { + /* stub end */ + if(cfg_parser->cfg->stubs && + !cfg_parser->cfg->stubs->name) + yyerror("stub-zone without name"); + }; content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first | stub_no_cache | stub_ssl_upstream | stub_tcp_upstream ; @@ -376,8 +384,14 @@ forwardstart: VAR_FORWARD_ZONE } } ; -contents_forward: contents_forward content_forward - | ; +contents_forward: content_forward contents_forward + | + { + /* forward end */ + if(cfg_parser->cfg->forwards && + !cfg_parser->cfg->forwards->name) + yyerror("forward-zone without name"); + }; content_forward: forward_name | forward_host | forward_addr | forward_first | forward_no_cache | forward_ssl_upstream | forward_tcp_upstream ; @@ -389,16 +403,20 @@ viewstart: VAR_VIEW s = (struct config_view*)calloc(1, sizeof(struct config_view)); if(s) { s->next = cfg_parser->cfg->views; - if(s->next && !s->next->name) - yyerror("view without name"); cfg_parser->cfg->views = s; } else { yyerror("out of memory"); } } ; -contents_view: contents_view content_view - | ; +contents_view: content_view contents_view + | + { + /* view end */ + if(cfg_parser->cfg->views && + !cfg_parser->cfg->views->name) + yyerror("view without name"); + }; content_view: view_name | view_local_zone | view_local_data | view_first | view_response_ip | view_response_ip_data | view_local_data_ptr ; @@ -3437,7 +3455,8 @@ content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional | dt_dnstap_log_client_query_messages | dt_dnstap_log_client_response_messages | dt_dnstap_log_forwarder_query_messages | - dt_dnstap_log_forwarder_response_messages + dt_dnstap_log_forwarder_response_messages | + dt_dnstap_sample_rate ; dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG { @@ -3601,6 +3620,17 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES free($2); } ; +dt_dnstap_sample_rate: VAR_DNSTAP_SAMPLE_RATE STRING_ARG + { + OUTYY(("P(dt_dnstap_sample_rate:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else if(atoi($2) < 0) + yyerror("dnstap sample rate too small"); + else cfg_parser->cfg->dnstap_sample_rate = atoi($2); + free($2); + } + ; pythonstart: VAR_PYTHON { OUTYY(("\nP(python:)\n")); @@ -3969,6 +3999,13 @@ server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG free($2); } ; +server_cookie_secret_file: VAR_COOKIE_SECRET_FILE STRING_ARG + { + OUTYY(("P(cookie_secret_file:%s)\n", $2)); + free(cfg_parser->cfg->cookie_secret_file); + cfg_parser->cfg->cookie_secret_file = $2; + } + ; ipsetstart: VAR_IPSET { OUTYY(("\nP(ipset:)\n")); diff --git a/usr.sbin/unbound/util/data/dname.h b/usr.sbin/unbound/util/data/dname.h index 62770b0f2..07bf0adac 100644 --- a/usr.sbin/unbound/util/data/dname.h +++ b/usr.sbin/unbound/util/data/dname.h @@ -225,7 +225,7 @@ int dname_strict_subdomain(uint8_t* d1, int labs1, uint8_t* d2, int labs2); int dname_strict_subdomain_c(uint8_t* d1, uint8_t* d2); /** - * Counts labels. Tests is d1 is a subdomain of d2. + * Counts labels. Tests if d1 is a subdomain of d2. * @param d1: domain name, uncompressed wireformat * @param d2: domain name, uncompressed wireformat * @return true if d1 is a subdomain of d2. diff --git a/usr.sbin/unbound/util/data/msgparse.c b/usr.sbin/unbound/util/data/msgparse.c index 037a673e8..76f1b8e46 100644 --- a/usr.sbin/unbound/util/data/msgparse.c +++ b/usr.sbin/unbound/util/data/msgparse.c @@ -947,7 +947,8 @@ parse_packet(sldns_buffer* pkt, struct msg_parse* msg, struct regional* region) static int parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, struct edns_data* edns, struct config_file* cfg, struct comm_point* c, - struct comm_reply* repinfo, uint32_t now, struct regional* region) + struct comm_reply* repinfo, uint32_t now, struct regional* region, + struct cookie_secrets* cookie_secrets) { /* To respond with a Keepalive option, the client connection must have * received one message with a TCP Keepalive EDNS option, and that @@ -1070,13 +1071,24 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, &((struct sockaddr_in6*)&repinfo->remote_addr)->sin6_addr, 16); } + if(cfg->cookie_secret_file && + cfg->cookie_secret_file[0]) { + /* Loop over the active and staging cookies. */ + cookie_val_status = + cookie_secrets_server_validate( + rdata_ptr, opt_len, cookie_secrets, + cookie_is_v4, server_cookie, now); + } else { + /* Use the cookie option value to validate. */ cookie_val_status = edns_cookie_server_validate( rdata_ptr, opt_len, cfg->cookie_secret, cfg->cookie_secret_len, cookie_is_v4, server_cookie, now); + } + if(cookie_val_status == COOKIE_STATUS_VALID_RENEW) + edns->cookie_valid = 1; switch(cookie_val_status) { case COOKIE_STATUS_VALID: - case COOKIE_STATUS_VALID_RENEW: edns->cookie_valid = 1; /* Reuse cookie */ if(!edns_opt_list_append( @@ -1091,13 +1103,30 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, break; case COOKIE_STATUS_CLIENT_ONLY: edns->cookie_client = 1; + ATTR_FALLTHROUGH /* fallthrough */ + case COOKIE_STATUS_VALID_RENEW: case COOKIE_STATUS_FUTURE: case COOKIE_STATUS_EXPIRED: case COOKIE_STATUS_INVALID: default: + if(cfg->cookie_secret_file && + cfg->cookie_secret_file[0]) { + if(!cookie_secrets) + break; + lock_basic_lock(&cookie_secrets->lock); + if(cookie_secrets->cookie_count < 1) { + lock_basic_unlock(&cookie_secrets->lock); + break; + } + edns_cookie_server_write(server_cookie, + cookie_secrets->cookie_secrets[0].cookie_secret, + cookie_is_v4, now); + lock_basic_unlock(&cookie_secrets->lock); + } else { edns_cookie_server_write(server_cookie, cfg->cookie_secret, cookie_is_v4, now); + } if(!edns_opt_list_append(&edns->opt_list_out, LDNS_EDNS_COOKIE, 24, server_cookie, region)) { @@ -1239,7 +1268,8 @@ skip_pkt_rrs(sldns_buffer* pkt, int num) int parse_edns_from_query_pkt(sldns_buffer* pkt, struct edns_data* edns, struct config_file* cfg, struct comm_point* c, - struct comm_reply* repinfo, time_t now, struct regional* region) + struct comm_reply* repinfo, time_t now, struct regional* region, + struct cookie_secrets* cookie_secrets) { size_t rdata_len; uint8_t* rdata_ptr; @@ -1285,7 +1315,7 @@ parse_edns_from_query_pkt(sldns_buffer* pkt, struct edns_data* edns, rdata_ptr = sldns_buffer_current(pkt); /* ignore rrsigs */ return parse_edns_options_from_query(rdata_ptr, rdata_len, edns, cfg, - c, repinfo, now, region); + c, repinfo, now, region, cookie_secrets); } void diff --git a/usr.sbin/unbound/util/data/msgparse.h b/usr.sbin/unbound/util/data/msgparse.h index bf63ad216..0fd99edd7 100644 --- a/usr.sbin/unbound/util/data/msgparse.h +++ b/usr.sbin/unbound/util/data/msgparse.h @@ -73,6 +73,7 @@ struct edns_option; struct config_file; struct comm_point; struct comm_reply; +struct cookie_secrets; /** number of buckets in parse rrset hash table. Must be power of 2. */ #define PARSE_TABLE_SIZE 32 @@ -322,12 +323,14 @@ int skip_pkt_rrs(struct sldns_buffer* pkt, int num); * @param repinfo: commreply to determine the client address * @param now: current time * @param region: region to alloc results in (edns option contents) + * @param cookie_secrets: the cookie secrets for EDNS COOKIE validation. * @return: 0 on success, or an RCODE on error. * RCODE formerr if OPT is badly formatted and so on. */ int parse_edns_from_query_pkt(struct sldns_buffer* pkt, struct edns_data* edns, struct config_file* cfg, struct comm_point* c, - struct comm_reply* repinfo, time_t now, struct regional* region); + struct comm_reply* repinfo, time_t now, struct regional* region, + struct cookie_secrets* cookie_secrets); /** * Calculate hash value for rrset in packet. diff --git a/usr.sbin/unbound/util/edns.c b/usr.sbin/unbound/util/edns.c index 2b4047f0b..ee95a6912 100644 --- a/usr.sbin/unbound/util/edns.c +++ b/usr.sbin/unbound/util/edns.c @@ -187,3 +187,189 @@ edns_cookie_server_validate(const uint8_t* cookie, size_t cookie_len, return COOKIE_STATUS_VALID_RENEW; return COOKIE_STATUS_VALID; } + +struct cookie_secrets* +cookie_secrets_create(void) +{ + struct cookie_secrets* cookie_secrets = calloc(1, + sizeof(*cookie_secrets)); + if(!cookie_secrets) + return NULL; + lock_basic_init(&cookie_secrets->lock); + lock_protect(&cookie_secrets->lock, &cookie_secrets->cookie_count, + sizeof(cookie_secrets->cookie_count)); + lock_protect(&cookie_secrets->lock, cookie_secrets->cookie_secrets, + sizeof(cookie_secret_type)*UNBOUND_COOKIE_HISTORY_SIZE); + return cookie_secrets; +} + +void +cookie_secrets_delete(struct cookie_secrets* cookie_secrets) +{ + if(!cookie_secrets) + return; + lock_basic_destroy(&cookie_secrets->lock); + explicit_bzero(cookie_secrets->cookie_secrets, + sizeof(cookie_secret_type)*UNBOUND_COOKIE_HISTORY_SIZE); + free(cookie_secrets); +} + +/** Read the cookie secret file */ +static int +cookie_secret_file_read(struct cookie_secrets* cookie_secrets, + char* cookie_secret_file) +{ + char secret[UNBOUND_COOKIE_SECRET_SIZE * 2 + 2/*'\n' and '\0'*/]; + FILE* f; + int corrupt = 0; + size_t count; + + log_assert(cookie_secret_file != NULL); + cookie_secrets->cookie_count = 0; + f = fopen(cookie_secret_file, "r"); + /* a non-existing cookie file is not an error */ + if( f == NULL ) { + if(errno != EPERM) { + log_err("Could not read cookie-secret-file '%s': %s", + cookie_secret_file, strerror(errno)); + return 0; + } + return 1; + } + /* cookie secret file exists and is readable */ + for( count = 0; count < UNBOUND_COOKIE_HISTORY_SIZE; count++ ) { + size_t secret_len = 0; + ssize_t decoded_len = 0; + if( fgets(secret, sizeof(secret), f) == NULL ) { break; } + secret_len = strlen(secret); + if( secret_len == 0 ) { break; } + log_assert( secret_len <= sizeof(secret) ); + secret_len = secret[secret_len - 1] == '\n' ? secret_len - 1 : secret_len; + if( secret_len != UNBOUND_COOKIE_SECRET_SIZE * 2 ) { corrupt++; break; } + /* needed for `hex_pton`; stripping potential `\n` */ + secret[secret_len] = '\0'; + decoded_len = hex_pton(secret, cookie_secrets->cookie_secrets[count].cookie_secret, + UNBOUND_COOKIE_SECRET_SIZE); + if( decoded_len != UNBOUND_COOKIE_SECRET_SIZE ) { corrupt++; break; } + cookie_secrets->cookie_count++; + } + fclose(f); + return corrupt == 0; +} + +int +cookie_secrets_apply_cfg(struct cookie_secrets* cookie_secrets, + char* cookie_secret_file) +{ + if(!cookie_secrets) { + if(!cookie_secret_file || !cookie_secret_file[0]) + return 1; /* There is nothing to read anyway */ + log_err("Could not read cookie secrets, no structure alloced"); + return 0; + } + if(!cookie_secret_file_read(cookie_secrets, cookie_secret_file)) + return 0; + return 1; +} + +enum edns_cookie_val_status +cookie_secrets_server_validate(const uint8_t* cookie, size_t cookie_len, + struct cookie_secrets* cookie_secrets, int v4, + const uint8_t* hash_input, uint32_t now) +{ + size_t i; + enum edns_cookie_val_status cookie_val_status, + last = COOKIE_STATUS_INVALID; + if(!cookie_secrets) + return COOKIE_STATUS_INVALID; /* There are no cookie secrets.*/ + lock_basic_lock(&cookie_secrets->lock); + if(cookie_secrets->cookie_count == 0) { + lock_basic_unlock(&cookie_secrets->lock); + return COOKIE_STATUS_INVALID; /* There are no cookie secrets.*/ + } + for(i=0; icookie_count; i++) { + cookie_val_status = edns_cookie_server_validate(cookie, + cookie_len, + cookie_secrets->cookie_secrets[i].cookie_secret, + UNBOUND_COOKIE_SECRET_SIZE, v4, hash_input, now); + if(cookie_val_status == COOKIE_STATUS_VALID || + cookie_val_status == COOKIE_STATUS_VALID_RENEW) { + lock_basic_unlock(&cookie_secrets->lock); + /* For staging cookies, write a fresh cookie. */ + if(i != 0) + return COOKIE_STATUS_VALID_RENEW; + return cookie_val_status; + } + if(last == COOKIE_STATUS_INVALID) + last = cookie_val_status; /* Store more interesting + failure to return. */ + } + lock_basic_unlock(&cookie_secrets->lock); + return last; +} + +void add_cookie_secret(struct cookie_secrets* cookie_secrets, + uint8_t* secret, size_t secret_len) +{ + log_assert(secret_len == UNBOUND_COOKIE_SECRET_SIZE); + (void)secret_len; + if(!cookie_secrets) + return; + + /* New cookie secret becomes the staging secret (position 1) + * unless there is no active cookie yet, then it becomes the active + * secret. If the UNBOUND_COOKIE_HISTORY_SIZE > 2 then all staging cookies + * are moved one position down. + */ + if(cookie_secrets->cookie_count == 0) { + memcpy( cookie_secrets->cookie_secrets->cookie_secret + , secret, UNBOUND_COOKIE_SECRET_SIZE); + cookie_secrets->cookie_count = 1; + explicit_bzero(secret, UNBOUND_COOKIE_SECRET_SIZE); + return; + } +#if UNBOUND_COOKIE_HISTORY_SIZE > 2 + memmove( &cookie_secrets->cookie_secrets[2], &cookie_secrets->cookie_secrets[1] + , sizeof(struct cookie_secret) * (UNBOUND_COOKIE_HISTORY_SIZE - 2)); +#endif + memcpy( cookie_secrets->cookie_secrets[1].cookie_secret + , secret, UNBOUND_COOKIE_SECRET_SIZE); + cookie_secrets->cookie_count = cookie_secrets->cookie_count < UNBOUND_COOKIE_HISTORY_SIZE + ? cookie_secrets->cookie_count + 1 : UNBOUND_COOKIE_HISTORY_SIZE; + explicit_bzero(secret, UNBOUND_COOKIE_SECRET_SIZE); +} + +void activate_cookie_secret(struct cookie_secrets* cookie_secrets) +{ + uint8_t active_secret[UNBOUND_COOKIE_SECRET_SIZE]; + if(!cookie_secrets) + return; + /* The staging secret becomes the active secret. + * The active secret becomes a staging secret. + * If the UNBOUND_COOKIE_HISTORY_SIZE > 2 then all staging secrets are moved + * one position up and the previously active secret becomes the last + * staging secret. + */ + if(cookie_secrets->cookie_count < 2) + return; + memcpy( active_secret, cookie_secrets->cookie_secrets[0].cookie_secret + , UNBOUND_COOKIE_SECRET_SIZE); + memmove( &cookie_secrets->cookie_secrets[0], &cookie_secrets->cookie_secrets[1] + , sizeof(struct cookie_secret) * (UNBOUND_COOKIE_HISTORY_SIZE - 1)); + memcpy( cookie_secrets->cookie_secrets[cookie_secrets->cookie_count - 1].cookie_secret + , active_secret, UNBOUND_COOKIE_SECRET_SIZE); + explicit_bzero(active_secret, UNBOUND_COOKIE_SECRET_SIZE); +} + +void drop_cookie_secret(struct cookie_secrets* cookie_secrets) +{ + if(!cookie_secrets) + return; + /* Drops a staging cookie secret. If there are more than one, it will + * drop the last staging secret. */ + if(cookie_secrets->cookie_count < 2) + return; + explicit_bzero( cookie_secrets->cookie_secrets[cookie_secrets->cookie_count - 1].cookie_secret + , UNBOUND_COOKIE_SECRET_SIZE); + cookie_secrets->cookie_count -= 1; +} diff --git a/usr.sbin/unbound/util/edns.h b/usr.sbin/unbound/util/edns.h index 5da0ecb29..47ccb1ad2 100644 --- a/usr.sbin/unbound/util/edns.h +++ b/usr.sbin/unbound/util/edns.h @@ -43,6 +43,7 @@ #define UTIL_EDNS_H #include "util/storage/dnstree.h" +#include "util/locks.h" struct edns_data; struct config_file; @@ -75,6 +76,31 @@ struct edns_string_addr { size_t string_len; }; +#define UNBOUND_COOKIE_HISTORY_SIZE 2 +#define UNBOUND_COOKIE_SECRET_SIZE 16 + +typedef struct cookie_secret cookie_secret_type; +struct cookie_secret { + /** cookie secret */ + uint8_t cookie_secret[UNBOUND_COOKIE_SECRET_SIZE]; +}; + +/** + * The cookie secrets from the cookie-secret-file. + */ +struct cookie_secrets { + /** lock on the structure, in case there are modifications + * from remote control, this avoids race conditions. */ + lock_basic_type lock; + + /** how many cookies are there in the cookies array */ + size_t cookie_count; + + /* keep track of the last `UNBOUND_COOKIE_HISTORY_SIZE` + * cookies as per rfc requirement .*/ + cookie_secret_type cookie_secrets[UNBOUND_COOKIE_HISTORY_SIZE]; +}; + enum edns_cookie_val_status { COOKIE_STATUS_CLIENT_ONLY = -3, COOKIE_STATUS_FUTURE = -2, @@ -165,4 +191,63 @@ enum edns_cookie_val_status edns_cookie_server_validate(const uint8_t* cookie, size_t cookie_len, const uint8_t* secret, size_t secret_len, int v4, const uint8_t* hash_input, uint32_t now); +/** + * Create the cookie secrets structure. + * @return the structure or NULL on failure. + */ +struct cookie_secrets* cookie_secrets_create(void); + +/** + * Delete the cookie secrets. + * @param cookie_secrets: the cookie secrets. + */ +void cookie_secrets_delete(struct cookie_secrets* cookie_secrets); + +/** + * Apply configuration to cookie secrets, read them from file. + * @param cookie_secrets: the cookie secrets structure. + * @param cookie_secret_file: the file name, it is read. + * @return false on failure. + */ +int cookie_secrets_apply_cfg(struct cookie_secrets* cookie_secrets, + char* cookie_secret_file); + +/** + * Validate the cookie secrets, try all of them. + * @param cookie: pointer to the cookie data. + * @param cookie_len: the length of the cookie data. + * @param cookie_secrets: struct of cookie secrets. + * @param v4: if the client IP is v4 or v6. + * @param hash_input: pointer to the hash input for validation. It needs to be: + * Client Cookie | Version | Reserved | Timestamp | Client-IP + * @param now: the current time. + * return edns_cookie_val_status with the cookie validation status i.e., + * <=0 for invalid, else valid. + */ +enum edns_cookie_val_status cookie_secrets_server_validate( + const uint8_t* cookie, size_t cookie_len, + struct cookie_secrets* cookie_secrets, int v4, + const uint8_t* hash_input, uint32_t now); + +/** + * Add a cookie secret. If there are no secrets yet, the secret will become + * the active secret. Otherwise it will become the staging secret. + * Active secrets are used to both verify and create new DNS Cookies. + * Staging secrets are only used to verify DNS Cookies. Caller has to lock. + */ +void add_cookie_secret(struct cookie_secrets* cookie_secrets, uint8_t* secret, + size_t secret_len); + +/** + * Makes the staging cookie secret active and the active secret staging. + * Caller has to lock. + */ +void activate_cookie_secret(struct cookie_secrets* cookie_secrets); + +/** + * Drop a cookie secret. Drops the staging secret. An active secret will not + * be dropped. Caller has to lock. + */ +void drop_cookie_secret(struct cookie_secrets* cookie_secrets); + #endif diff --git a/usr.sbin/unbound/util/fptr_wlist.c b/usr.sbin/unbound/util/fptr_wlist.c index 261acf7cb..4b63f00bc 100644 --- a/usr.sbin/unbound/util/fptr_wlist.c +++ b/usr.sbin/unbound/util/fptr_wlist.c @@ -448,6 +448,28 @@ fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id)) return 0; } +int +fptr_whitelist_mod_startup(int (*fptr)(struct module_env* env, int id)) +{ +#ifdef USE_IPSET + if(fptr == &ipset_startup) return 1; +#else + (void)fptr; +#endif + return 0; +} + +int +fptr_whitelist_mod_destartup(void (*fptr)(struct module_env* env, int id)) +{ +#ifdef USE_IPSET + if(fptr == &ipset_destartup) return 1; +#else + (void)fptr; +#endif + return 0; +} + int fptr_whitelist_mod_operate(void (*fptr)(struct module_qstate* qstate, enum module_ev event, int id, struct outbound_entry* outbound)) diff --git a/usr.sbin/unbound/util/fptr_wlist.h b/usr.sbin/unbound/util/fptr_wlist.h index 7a01620b7..027a490a2 100644 --- a/usr.sbin/unbound/util/fptr_wlist.h +++ b/usr.sbin/unbound/util/fptr_wlist.h @@ -278,6 +278,22 @@ int fptr_whitelist_mod_init(int (*fptr)(struct module_env* env, int id)); */ int fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id)); +/** + * Check function pointer whitelist for module startup call values. + * + * @param fptr: function pointer to check. + * @return false if not in whitelist. + */ +int fptr_whitelist_mod_startup(int (*fptr)(struct module_env* env, int id)); + +/** + * Check function pointer whitelist for module destartup call values. + * + * @param fptr: function pointer to check. + * @return false if not in whitelist. + */ +int fptr_whitelist_mod_destartup(void (*fptr)(struct module_env* env, int id)); + /** * Check function pointer whitelist for module operate call values. * diff --git a/usr.sbin/unbound/util/module.h b/usr.sbin/unbound/util/module.h index e4dd02df9..b496903c1 100644 --- a/usr.sbin/unbound/util/module.h +++ b/usr.sbin/unbound/util/module.h @@ -143,7 +143,7 @@ * also contain an rcode that is nonzero, but in this case additional * information (query, additional) can be passed along. * - * The rcode and dns_msg are used to pass the result from the the rightmost + * The rcode and dns_msg are used to pass the result from the rightmost * module towards the leftmost modules and then towards the user. * * If you want to avoid recursion-cycles where queries need other queries @@ -713,7 +713,28 @@ struct module_func_block { const char* name; /** - * init the module. Called once for the global state. + * Set up the module for start. This is called only once at startup. + * Privileged operations like opening device files may be done here. + * The function ptr can be NULL, if it is not used. + * @param env: module environment. + * @param id: module id number. + * return: 0 on error + */ + int (*startup)(struct module_env* env, int id); + + /** + * Close down the module for stop. This is called only once before + * shutdown to free resources allocated during startup(). + * Closing privileged ports or files must be done here. + * The function ptr can be NULL, if it is not used. + * @param env: module environment. + * @param id: module id number. + */ + void (*destartup)(struct module_env* env, int id); + + /** + * Initialise the module. Called when restarting or reloading the + * daemon. * This is the place to apply settings from the config file. * @param env: module environment. * @param id: module id number. @@ -722,7 +743,8 @@ struct module_func_block { int (*init)(struct module_env* env, int id); /** - * de-init, delete, the module. Called once for the global state. + * Deinitialise the module, undo stuff done during init(). + * Called before reloading the daemon. * @param env: module environment. * @param id: module id number. */ diff --git a/usr.sbin/unbound/util/net_help.c b/usr.sbin/unbound/util/net_help.c index d2d777ec1..702df0308 100644 --- a/usr.sbin/unbound/util/net_help.c +++ b/usr.sbin/unbound/util/net_help.c @@ -47,6 +47,7 @@ #ifdef HAVE_NETIOAPI_H #include #endif +#include #include "util/net_help.h" #include "util/log.h" #include "util/data/dname.h" @@ -862,6 +863,20 @@ addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen) return (memcmp(s, map_prefix, 12) == 0); } +int addr_is_ip6linklocal(struct sockaddr_storage* addr, socklen_t addrlen) +{ + const uint8_t prefix[2] = {0xfe, 0x80}; + int af = (int)((struct sockaddr_in6*)addr)->sin6_family; + void* sin6addr = &((struct sockaddr_in6*)addr)->sin6_addr; + uint8_t start[2]; + if(af != AF_INET6 || addrlen<(socklen_t)sizeof(struct sockaddr_in6)) + return 0; + /* Put the first 10 bits of sin6addr in start, match fe80::/10. */ + memmove(start, sin6addr, 2); + start[1] &= 0xc0; + return memcmp(start, prefix, 2) == 0; +} + int addr_is_broadcast(struct sockaddr_storage* addr, socklen_t addrlen) { int af = (int)((struct sockaddr_in*)addr)->sin_family; @@ -1206,7 +1221,7 @@ listen_sslctx_setup_2(void* ctxt) if(!SSL_CTX_set_ecdh_auto(ctx,1)) { log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE"); } -#elif defined(USE_ECDSA) +#elif defined(USE_ECDSA) && defined(HAVE_SSL_CTX_SET_TMP_ECDH) if(1) { EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); if (!ecdh) { @@ -1857,3 +1872,42 @@ sock_close(int socket) closesocket(socket); } # endif /* USE_WINSOCK */ + +ssize_t +hex_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) +{ + static char hexdigits[] = { + '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' + }; + size_t i; + + if (targsize < srclength * 2 + 1) { + return -1; + } + + for (i = 0; i < srclength; ++i) { + *target++ = hexdigits[src[i] >> 4U]; + *target++ = hexdigits[src[i] & 0xfU]; + } + *target = '\0'; + return 2 * srclength; +} + +ssize_t +hex_pton(const char* src, uint8_t* target, size_t targsize) +{ + uint8_t *t = target; + if(strlen(src) % 2 != 0 || strlen(src)/2 > targsize) { + return -1; + } + while(*src) { + if(!isxdigit((unsigned char)src[0]) || + !isxdigit((unsigned char)src[1])) + return -1; + *t++ = sldns_hexdigit_to_int(src[0]) * 16 + + sldns_hexdigit_to_int(src[1]) ; + src += 2; + } + return t-target; +} diff --git a/usr.sbin/unbound/util/net_help.h b/usr.sbin/unbound/util/net_help.h index a253c1923..fff7e3bcf 100644 --- a/usr.sbin/unbound/util/net_help.h +++ b/usr.sbin/unbound/util/net_help.h @@ -362,6 +362,14 @@ void addr_to_nat64(const struct sockaddr_storage* addr, */ int addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen); +/** + * See if sockaddr is an ipv6 fe80::/10 link local address. + * @param addr: address + * @param addrlen: length of address + * @return true if so + */ +int addr_is_ip6linklocal(struct sockaddr_storage* addr, socklen_t addrlen); + /** * See if sockaddr is 255.255.255.255. * @param addr: address @@ -564,4 +572,13 @@ char* sock_strerror(int errn); /** close the socket with close, or wsa closesocket */ void sock_close(int socket); +/** + * Convert binary data to a string of hexadecimal characters. + */ +ssize_t hex_ntop(uint8_t const *src, size_t srclength, char *target, + size_t targsize); + +/** Convert hexadecimal data to binary. */ +ssize_t hex_pton(const char* src, uint8_t* target, size_t targsize); + #endif /* NET_HELP_H */ diff --git a/usr.sbin/unbound/util/netevent.c b/usr.sbin/unbound/util/netevent.c index 980829d08..4c40c9c6c 100644 --- a/usr.sbin/unbound/util/netevent.c +++ b/usr.sbin/unbound/util/netevent.c @@ -329,6 +329,7 @@ udp_send_errno_needs_log(struct sockaddr* addr, socklen_t addrlen) case EACCES: if(verbosity < VERB_ALGO) return 0; + break; default: break; } @@ -2365,11 +2366,11 @@ recv_error: #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 1; - if(recv_initial) { #ifdef ECONNRESET if(errno == ECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ #endif + if(recv_initial) { #ifdef ECONNREFUSED if(errno == ECONNREFUSED && verbosity < 2) return 0; /* silence reset by peer */ @@ -2396,7 +2397,7 @@ recv_error: #endif #ifdef ENOTCONN if(errno == ENOTCONN) { - log_err_addr("read (in tcp s) failed and this " + log_err_addr("read (in tcp initial) failed and this " "could be because TCP Fast Open is " "enabled [--disable-tfo-client " "--disable-tfo-server] but does not " @@ -2430,8 +2431,9 @@ recv_error: return 1; } #endif - log_err_addr("read (in tcp s)", sock_strerror(errno), - &c->repinfo.remote_addr, c->repinfo.remote_addrlen); + log_err_addr((recv_initial?"read (in tcp initial)":"read (in tcp)"), + sock_strerror(errno), &c->repinfo.remote_addr, + c->repinfo.remote_addrlen); return 0; } @@ -3306,6 +3308,13 @@ void http2_stream_add_meshstate(struct http2_stream* h2_stream, h2_stream->mesh_state = m; } +void http2_stream_remove_mesh_state(struct http2_stream* h2_stream) +{ + if(!h2_stream) + return; + h2_stream->mesh_state = NULL; +} + /** delete http2 session server. After closing connection. */ static void http2_session_server_delete(struct http2_session* h2_session) { diff --git a/usr.sbin/unbound/util/netevent.h b/usr.sbin/unbound/util/netevent.h index 1e4a13f9b..6f43ce56c 100644 --- a/usr.sbin/unbound/util/netevent.h +++ b/usr.sbin/unbound/util/netevent.h @@ -955,6 +955,9 @@ void http2_session_add_stream(struct http2_session* h2_session, void http2_stream_add_meshstate(struct http2_stream* h2_stream, struct mesh_area* mesh, struct mesh_state* m); +/** Remove mesh state from stream. When the mesh state has been removed. */ +void http2_stream_remove_mesh_state(struct http2_stream* h2_stream); + /** * This routine is published for checks and tests, and is only used internally. * handle libevent callback for timer comm. diff --git a/usr.sbin/unbound/util/proxy_protocol.c b/usr.sbin/unbound/util/proxy_protocol.c index 08c4be7d7..ec1ccf76f 100644 --- a/usr.sbin/unbound/util/proxy_protocol.c +++ b/usr.sbin/unbound/util/proxy_protocol.c @@ -153,6 +153,7 @@ pp2_write_to_buf(uint8_t* buf, size_t buflen, break; #endif /* INET6 */ case AF_UNIX: + ATTR_FALLTHROUGH /* fallthrough */ default: return 0; diff --git a/usr.sbin/unbound/util/siphash.c b/usr.sbin/unbound/util/siphash.c index 32797dff6..a13657ccf 100644 --- a/usr.sbin/unbound/util/siphash.c +++ b/usr.sbin/unbound/util/siphash.c @@ -128,26 +128,32 @@ int siphash(const uint8_t *in, const size_t inlen, const uint8_t *k, case 7: b |= ((uint64_t)in[6]) << 48; /** EDIT annotate case statement fallthrough for gcc */ + ATTR_FALLTHROUGH /* fallthrough */ case 6: b |= ((uint64_t)in[5]) << 40; /** EDIT annotate case statement fallthrough for gcc */ + ATTR_FALLTHROUGH /* fallthrough */ case 5: b |= ((uint64_t)in[4]) << 32; /** EDIT annotate case statement fallthrough for gcc */ + ATTR_FALLTHROUGH /* fallthrough */ case 4: b |= ((uint64_t)in[3]) << 24; /** EDIT annotate case statement fallthrough for gcc */ + ATTR_FALLTHROUGH /* fallthrough */ case 3: b |= ((uint64_t)in[2]) << 16; /** EDIT annotate case statement fallthrough for gcc */ + ATTR_FALLTHROUGH /* fallthrough */ case 2: b |= ((uint64_t)in[1]) << 8; /** EDIT annotate case statement fallthrough for gcc */ + ATTR_FALLTHROUGH /* fallthrough */ case 1: b |= ((uint64_t)in[0]); diff --git a/usr.sbin/unbound/util/storage/lookup3.c b/usr.sbin/unbound/util/storage/lookup3.c index 0794ab752..e275ceb32 100644 --- a/usr.sbin/unbound/util/storage/lookup3.c +++ b/usr.sbin/unbound/util/storage/lookup3.c @@ -254,11 +254,15 @@ uint32_t initval) /* the previous hash, or an arbitrary value */ switch(length) /* all the case statements fall through */ { case 3 : c+=k[2]; + ATTR_FALLTHROUGH /* fallthrough */ case 2 : b+=k[1]; + ATTR_FALLTHROUGH /* fallthrough */ case 1 : a+=k[0]; final(a,b,c); + ATTR_FALLTHROUGH + /* fallthrough */ case 0: /* case 0: nothing left to add */ break; } @@ -304,9 +308,15 @@ uint32_t *pb) /* IN: more seed OUT: secondary hash value */ switch(length) /* all the case statements fall through */ { case 3 : c+=k[2]; + ATTR_FALLTHROUGH + /* fallthrough */ case 2 : b+=k[1]; + ATTR_FALLTHROUGH + /* fallthrough */ case 1 : a+=k[0]; final(a,b,c); + ATTR_FALLTHROUGH + /* fallthrough */ case 0: /* case 0: nothing left to add */ break; } @@ -404,16 +414,32 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval) switch(length) { case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ - case 10: c+=((uint32_t)k8[9])<<8; /* fall through */ - case 9 : c+=k8[8]; /* fall through */ + case 11: c+=((uint32_t)k8[10])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 10: c+=((uint32_t)k8[9])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 9 : c+=k8[8]; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ - case 6 : b+=((uint32_t)k8[5])<<8; /* fall through */ - case 5 : b+=k8[4]; /* fall through */ + case 7 : b+=((uint32_t)k8[6])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 6 : b+=((uint32_t)k8[5])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 5 : b+=k8[4]; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=k[0]; break; - case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ - case 2 : a+=((uint32_t)k8[1])<<8; /* fall through */ + case 3 : a+=((uint32_t)k8[2])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 2 : a+=((uint32_t)k8[1])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 1 : a+=k8[0]; break; case 0 : return c; } @@ -443,23 +469,33 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval) b+=k[2]+(((uint32_t)k[3])<<16); a+=k[0]+(((uint32_t)k[1])<<16); break; - case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ + case 11: c+=((uint32_t)k8[10])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 10: c+=k[4]; b+=k[2]+(((uint32_t)k[3])<<16); a+=k[0]+(((uint32_t)k[1])<<16); break; - case 9 : c+=k8[8]; /* fall through */ + case 9 : c+=k8[8]; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=k[2]+(((uint32_t)k[3])<<16); a+=k[0]+(((uint32_t)k[1])<<16); break; - case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ + case 7 : b+=((uint32_t)k8[6])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 6 : b+=k[2]; a+=k[0]+(((uint32_t)k[1])<<16); break; - case 5 : b+=k8[4]; /* fall through */ + case 5 : b+=k8[4]; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=k[0]+(((uint32_t)k[1])<<16); break; - case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ + case 3 : a+=((uint32_t)k8[2])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 2 : a+=k[0]; break; case 1 : a+=k8[0]; @@ -494,26 +530,37 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval) switch(length) /* all the case statements fall through */ { case 12: c+=((uint32_t)k[11])<<24; + ATTR_FALLTHROUGH /* fallthrough */ case 11: c+=((uint32_t)k[10])<<16; + ATTR_FALLTHROUGH /* fallthrough */ case 10: c+=((uint32_t)k[9])<<8; + ATTR_FALLTHROUGH /* fallthrough */ case 9 : c+=k[8]; + ATTR_FALLTHROUGH /* fallthrough */ case 8 : b+=((uint32_t)k[7])<<24; + ATTR_FALLTHROUGH /* fallthrough */ case 7 : b+=((uint32_t)k[6])<<16; + ATTR_FALLTHROUGH /* fallthrough */ case 6 : b+=((uint32_t)k[5])<<8; + ATTR_FALLTHROUGH /* fallthrough */ case 5 : b+=k[4]; + ATTR_FALLTHROUGH /* fallthrough */ case 4 : a+=((uint32_t)k[3])<<24; + ATTR_FALLTHROUGH /* fallthrough */ case 3 : a+=((uint32_t)k[2])<<16; + ATTR_FALLTHROUGH /* fallthrough */ case 2 : a+=((uint32_t)k[1])<<8; + ATTR_FALLTHROUGH /* fallthrough */ case 1 : a+=k[0]; break; @@ -603,16 +650,32 @@ void hashlittle2( switch(length) { case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ - case 10: c+=((uint32_t)k8[9])<<8; /* fall through */ - case 9 : c+=k8[8]; /* fall through */ + case 11: c+=((uint32_t)k8[10])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 10: c+=((uint32_t)k8[9])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 9 : c+=k8[8]; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ - case 6 : b+=((uint32_t)k8[5])<<8; /* fall through */ - case 5 : b+=k8[4]; /* fall through */ + case 7 : b+=((uint32_t)k8[6])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 6 : b+=((uint32_t)k8[5])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 5 : b+=k8[4]; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=k[0]; break; - case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ - case 2 : a+=((uint32_t)k8[1])<<8; /* fall through */ + case 3 : a+=((uint32_t)k8[2])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 2 : a+=((uint32_t)k8[1])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 1 : a+=k8[0]; break; case 0 : *pc=c; *pb=b; return; /* zero length strings require no mixing */ } @@ -642,23 +705,33 @@ void hashlittle2( b+=k[2]+(((uint32_t)k[3])<<16); a+=k[0]+(((uint32_t)k[1])<<16); break; - case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ + case 11: c+=((uint32_t)k8[10])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 10: c+=k[4]; b+=k[2]+(((uint32_t)k[3])<<16); a+=k[0]+(((uint32_t)k[1])<<16); break; - case 9 : c+=k8[8]; /* fall through */ + case 9 : c+=k8[8]; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=k[2]+(((uint32_t)k[3])<<16); a+=k[0]+(((uint32_t)k[1])<<16); break; - case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ + case 7 : b+=((uint32_t)k8[6])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 6 : b+=k[2]; a+=k[0]+(((uint32_t)k[1])<<16); break; - case 5 : b+=k8[4]; /* fall through */ + case 5 : b+=k8[4]; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=k[0]+(((uint32_t)k[1])<<16); break; - case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ + case 3 : a+=((uint32_t)k8[2])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 2 : a+=k[0]; break; case 1 : a+=k8[0]; @@ -693,16 +766,38 @@ void hashlittle2( switch(length) /* all the case statements fall through */ { case 12: c+=((uint32_t)k[11])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 11: c+=((uint32_t)k[10])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 10: c+=((uint32_t)k[9])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 9 : c+=k[8]; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=((uint32_t)k[7])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 7 : b+=((uint32_t)k[6])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 6 : b+=((uint32_t)k[5])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 5 : b+=k[4]; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=((uint32_t)k[3])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 3 : a+=((uint32_t)k[2])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 2 : a+=((uint32_t)k[1])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 1 : a+=k[0]; break; case 0 : *pc=c; *pb=b; return; /* zero length strings require no mixing */ @@ -784,16 +879,32 @@ uint32_t hashbig( const void *key, size_t length, uint32_t initval) switch(length) /* all the case statements fall through */ { case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=((uint32_t)k8[10])<<8; /* fall through */ - case 10: c+=((uint32_t)k8[9])<<16; /* fall through */ - case 9 : c+=((uint32_t)k8[8])<<24; /* fall through */ + case 11: c+=((uint32_t)k8[10])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 10: c+=((uint32_t)k8[9])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 9 : c+=((uint32_t)k8[8])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=((uint32_t)k8[6])<<8; /* fall through */ - case 6 : b+=((uint32_t)k8[5])<<16; /* fall through */ - case 5 : b+=((uint32_t)k8[4])<<24; /* fall through */ + case 7 : b+=((uint32_t)k8[6])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 6 : b+=((uint32_t)k8[5])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ + case 5 : b+=((uint32_t)k8[4])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=k[0]; break; - case 3 : a+=((uint32_t)k8[2])<<8; /* fall through */ - case 2 : a+=((uint32_t)k8[1])<<16; /* fall through */ + case 3 : a+=((uint32_t)k8[2])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ + case 2 : a+=((uint32_t)k8[1])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 1 : a+=((uint32_t)k8[0])<<24; break; case 0 : return c; } @@ -827,16 +938,38 @@ uint32_t hashbig( const void *key, size_t length, uint32_t initval) switch(length) /* all the case statements fall through */ { case 12: c+=k[11]; + ATTR_FALLTHROUGH + /* fallthrough */ case 11: c+=((uint32_t)k[10])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 10: c+=((uint32_t)k[9])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 9 : c+=((uint32_t)k[8])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 8 : b+=k[7]; + ATTR_FALLTHROUGH + /* fallthrough */ case 7 : b+=((uint32_t)k[6])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 6 : b+=((uint32_t)k[5])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 5 : b+=((uint32_t)k[4])<<24; + ATTR_FALLTHROUGH + /* fallthrough */ case 4 : a+=k[3]; + ATTR_FALLTHROUGH + /* fallthrough */ case 3 : a+=((uint32_t)k[2])<<8; + ATTR_FALLTHROUGH + /* fallthrough */ case 2 : a+=((uint32_t)k[1])<<16; + ATTR_FALLTHROUGH + /* fallthrough */ case 1 : a+=((uint32_t)k[0])<<24; break; case 0 : return c; diff --git a/usr.sbin/unbound/validator/autotrust.c b/usr.sbin/unbound/validator/autotrust.c index 96d4d6df7..a2b3f7057 100644 --- a/usr.sbin/unbound/validator/autotrust.c +++ b/usr.sbin/unbound/validator/autotrust.c @@ -1262,12 +1262,13 @@ verify_dnskey(struct module_env* env, struct val_env* ve, struct trust_anchor* tp, struct ub_packed_rrset_key* rrset, struct module_qstate* qstate) { + char reasonbuf[256]; char* reason = NULL; uint8_t sigalg[ALGO_NEEDS_MAX+1]; int downprot = env->cfg->harden_algo_downgrade; enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, rrset, tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason, - NULL, qstate); + NULL, qstate, reasonbuf, sizeof(reasonbuf)); /* sigalg is ignored, it returns algorithms signalled to exist, but * in 5011 there are no other rrsets to check. if downprot is * enabled, then it checks that the DNSKEY is signed with all diff --git a/usr.sbin/unbound/validator/val_nsec.c b/usr.sbin/unbound/validator/val_nsec.c index a3aa34ef5..21ce7cd29 100644 --- a/usr.sbin/unbound/validator/val_nsec.c +++ b/usr.sbin/unbound/validator/val_nsec.c @@ -177,7 +177,7 @@ static int nsec_verify_rrset(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* nsec, struct key_entry_key* kkey, char** reason, sldns_ede_code* reason_bogus, - struct module_qstate* qstate) + struct module_qstate* qstate, char* reasonbuf, size_t reasonlen) { struct packed_rrset_data* d = (struct packed_rrset_data*) nsec->entry.data; @@ -189,7 +189,8 @@ nsec_verify_rrset(struct module_env* env, struct val_env* ve, if(d->security == sec_status_secure) return 1; d->security = val_verify_rrset_entry(env, ve, nsec, kkey, reason, - reason_bogus, LDNS_SECTION_AUTHORITY, qstate, &verified); + reason_bogus, LDNS_SECTION_AUTHORITY, qstate, &verified, + reasonbuf, reasonlen); if(d->security == sec_status_secure) { rrset_update_sec_status(env->rrset_cache, nsec, *env->now); return 1; @@ -201,7 +202,8 @@ enum sec_status val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, struct query_info* qinfo, struct reply_info* rep, struct key_entry_key* kkey, time_t* proof_ttl, char** reason, - sldns_ede_code* reason_bogus, struct module_qstate* qstate) + sldns_ede_code* reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen) { struct ub_packed_rrset_key* nsec = reply_find_rrset_section_ns( rep, qinfo->qname, qinfo->qname_len, LDNS_RR_TYPE_NSEC, @@ -219,7 +221,7 @@ val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, * 2) this is not a delegation point */ if(nsec) { if(!nsec_verify_rrset(env, ve, nsec, kkey, reason, - reason_bogus, qstate)) { + reason_bogus, qstate, reasonbuf, reasonlen)) { verbose(VERB_ALGO, "NSEC RRset for the " "referral did not verify."); return sec_status_bogus; @@ -250,7 +252,7 @@ val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, if(rep->rrsets[i]->rk.type != htons(LDNS_RR_TYPE_NSEC)) continue; if(!nsec_verify_rrset(env, ve, rep->rrsets[i], kkey, reason, - reason_bogus, qstate)) { + reason_bogus, qstate, reasonbuf, reasonlen)) { verbose(VERB_ALGO, "NSEC for empty non-terminal " "did not verify."); *reason = "NSEC for empty non-terminal " diff --git a/usr.sbin/unbound/validator/val_nsec.h b/usr.sbin/unbound/validator/val_nsec.h index 41f57c36e..5cf33276a 100644 --- a/usr.sbin/unbound/validator/val_nsec.h +++ b/usr.sbin/unbound/validator/val_nsec.h @@ -68,6 +68,8 @@ struct key_entry_key; * @param reason: string explaining why bogus. * @param reason_bogus: relevant EDE code for validation failure. * @param qstate: qstate with region. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return security status. * SECURE: proved absence of DS. * INSECURE: proved that this was not a delegation point. @@ -78,7 +80,7 @@ enum sec_status val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, struct query_info* qinfo, struct reply_info* rep, struct key_entry_key* kkey, time_t* proof_ttl, char** reason, sldns_ede_code* reason_bogus, - struct module_qstate* qstate); + struct module_qstate* qstate, char* reasonbuf, size_t reasonlen); /** * nsec typemap check, takes an NSEC-type bitmap as argument, checks for type. diff --git a/usr.sbin/unbound/validator/val_nsec3.c b/usr.sbin/unbound/validator/val_nsec3.c index 895db19ac..1e3515369 100644 --- a/usr.sbin/unbound/validator/val_nsec3.c +++ b/usr.sbin/unbound/validator/val_nsec3.c @@ -1445,7 +1445,7 @@ static int list_is_secure(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key** list, size_t num, struct key_entry_key* kkey, char** reason, sldns_ede_code *reason_bogus, - struct module_qstate* qstate) + struct module_qstate* qstate, char* reasonbuf, size_t reasonlen) { struct packed_rrset_data* d; size_t i; @@ -1461,7 +1461,7 @@ list_is_secure(struct module_env* env, struct val_env* ve, continue; d->security = val_verify_rrset_entry(env, ve, list[i], kkey, reason, reason_bogus, LDNS_SECTION_AUTHORITY, qstate, - &verified); + &verified, reasonbuf, reasonlen); if(d->security != sec_status_secure) { verbose(VERB_ALGO, "NSEC3 did not verify"); return 0; @@ -1476,7 +1476,7 @@ nsec3_prove_nods(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key** list, size_t num, struct query_info* qinfo, struct key_entry_key* kkey, char** reason, sldns_ede_code* reason_bogus, struct module_qstate* qstate, - struct nsec3_cache_table* ct) + struct nsec3_cache_table* ct, char* reasonbuf, size_t reasonlen) { struct nsec3_filter flt; struct ce_response ce; @@ -1491,7 +1491,8 @@ nsec3_prove_nods(struct module_env* env, struct val_env* ve, *reason = "no valid NSEC3s"; return sec_status_bogus; /* no valid NSEC3s, bogus */ } - if(!list_is_secure(env, ve, list, num, kkey, reason, reason_bogus, qstate)) { + if(!list_is_secure(env, ve, list, num, kkey, reason, reason_bogus, + qstate, reasonbuf, reasonlen)) { *reason = "not all NSEC3 records secure"; return sec_status_bogus; /* not all NSEC3 records secure */ } diff --git a/usr.sbin/unbound/validator/val_nsec3.h b/usr.sbin/unbound/validator/val_nsec3.h index 6874513d1..efcdb8d6e 100644 --- a/usr.sbin/unbound/validator/val_nsec3.h +++ b/usr.sbin/unbound/validator/val_nsec3.h @@ -210,6 +210,8 @@ nsec3_prove_wildcard(struct module_env* env, struct val_env* ve, * @param reason_bogus: EDE (RFC8914) code paired with the reason of failure. * @param qstate: qstate with region. * @param ct: cached hashes table. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return: * sec_status SECURE of the proposition is proven by the NSEC3 RRs, * BOGUS if not, INSECURE if all of the NSEC3s could be validly ignored. @@ -222,7 +224,7 @@ nsec3_prove_nods(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key** list, size_t num, struct query_info* qinfo, struct key_entry_key* kkey, char** reason, sldns_ede_code* reason_bogus, struct module_qstate* qstate, - struct nsec3_cache_table* ct); + struct nsec3_cache_table* ct, char* reasonbuf, size_t reasonlen); /** * Prove NXDOMAIN or NODATA. diff --git a/usr.sbin/unbound/validator/val_secalgo.c b/usr.sbin/unbound/validator/val_secalgo.c index d9c840d2e..9a8a84199 100644 --- a/usr.sbin/unbound/validator/val_secalgo.c +++ b/usr.sbin/unbound/validator/val_secalgo.c @@ -423,7 +423,10 @@ setup_dsa_sig(unsigned char** sig, unsigned int* len) if(!dsasig) return 0; #ifdef HAVE_DSA_SIG_SET0 - if(!DSA_SIG_set0(dsasig, R, S)) return 0; + if(!DSA_SIG_set0(dsasig, R, S)) { + DSA_SIG_free(dsasig); + return 0; + } #else # ifndef S_SPLINT_S dsasig->r = R; @@ -2057,11 +2060,13 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE); #endif /* double fallthrough annotation to please gcc parser */ + ATTR_FALLTHROUGH /* fallthrough */ #ifdef USE_SHA2 /* fallthrough */ case LDNS_RSASHA256: digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); + ATTR_FALLTHROUGH /* fallthrough */ case LDNS_RSASHA512: digest_size = (digest_size ? digest_size : SHA512_DIGEST_SIZE); @@ -2077,6 +2082,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, #ifdef USE_ECDSA case LDNS_ECDSAP256SHA256: digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); + ATTR_FALLTHROUGH /* fallthrough */ case LDNS_ECDSAP384SHA384: digest_size = (digest_size ? digest_size : SHA384_DIGEST_SIZE); diff --git a/usr.sbin/unbound/validator/val_sigcrypt.c b/usr.sbin/unbound/validator/val_sigcrypt.c index e17ac220b..dc17a2521 100644 --- a/usr.sbin/unbound/validator/val_sigcrypt.c +++ b/usr.sbin/unbound/validator/val_sigcrypt.c @@ -623,7 +623,8 @@ enum sec_status dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, uint8_t* sigalg, char** reason, sldns_ede_code *reason_bogus, - sldns_pkt_section section, struct module_qstate* qstate, int* verified) + sldns_pkt_section section, struct module_qstate* qstate, int* verified, + char* reasonbuf, size_t reasonlen) { enum sec_status sec; size_t i, num; @@ -680,7 +681,8 @@ dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve, verbose(VERB_ALGO, "rrset failed to verify: " "no valid signatures for %d algorithms", (int)algo_needs_num_missing(&needs)); - algo_needs_reason(env, alg, reason, "no signatures"); + algo_needs_reason(alg, reason, "no signatures", reasonbuf, + reasonlen); } else { verbose(VERB_ALGO, "rrset failed to verify: " "no valid signatures"); @@ -688,17 +690,16 @@ dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve, return sec_status_bogus; } -void algo_needs_reason(struct module_env* env, int alg, char** reason, char* s) +void algo_needs_reason(int alg, char** reason, char* s, char* reasonbuf, + size_t reasonlen) { - char buf[256]; sldns_lookup_table *t = sldns_lookup_by_id(sldns_algorithms, alg); if(t&&t->name) - snprintf(buf, sizeof(buf), "%s with algorithm %s", s, t->name); - else snprintf(buf, sizeof(buf), "%s with algorithm ALG%u", s, + snprintf(reasonbuf, reasonlen, "%s with algorithm %s", s, + t->name); + else snprintf(reasonbuf, reasonlen, "%s with algorithm ALG%u", s, (unsigned)alg); - *reason = regional_strdup(env->scratch, buf); - if(!*reason) - *reason = s; + *reason = reasonbuf; } enum sec_status diff --git a/usr.sbin/unbound/validator/val_sigcrypt.h b/usr.sbin/unbound/validator/val_sigcrypt.h index 06dea97e0..583e16e02 100644 --- a/usr.sbin/unbound/validator/val_sigcrypt.h +++ b/usr.sbin/unbound/validator/val_sigcrypt.h @@ -134,12 +134,14 @@ int algo_needs_missing(struct algo_needs* n); /** * Format error reason for algorithm missing. - * @param env: module env with scratch for temp storage of string. * @param alg: DNSKEY-algorithm missing. * @param reason: destination. * @param s: string, appended with 'with algorithm ..'. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. */ -void algo_needs_reason(struct module_env* env, int alg, char** reason, char* s); +void algo_needs_reason(int alg, char** reason, char* s, char* reasonbuf, + size_t reasonlen); /** * Check if dnskey matches a DS digest @@ -261,6 +263,8 @@ uint16_t dnskey_get_flags(struct ub_packed_rrset_key* k, size_t idx); * @param section: section of packet where this rrset comes from. * @param qstate: qstate with region. * @param verified: if not NULL the number of RRSIG validations is returned. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return SECURE if one key in the set verifies one rrsig. * UNCHECKED on allocation errors, unsupported algorithms, malformed data, * and BOGUS on verification failures (no keys match any signatures). @@ -269,8 +273,8 @@ enum sec_status dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, uint8_t* sigalg, char** reason, sldns_ede_code *reason_bogus, - sldns_pkt_section section, struct module_qstate* qstate, int* verified); - + sldns_pkt_section section, struct module_qstate* qstate, int* verified, + char* reasonbuf, size_t reasonlen); /** * verify rrset against one specific dnskey (from rrset) diff --git a/usr.sbin/unbound/validator/val_utils.c b/usr.sbin/unbound/validator/val_utils.c index 36aa745cb..ddcd36258 100644 --- a/usr.sbin/unbound/validator/val_utils.c +++ b/usr.sbin/unbound/validator/val_utils.c @@ -240,6 +240,26 @@ val_find_best_signer(struct ub_packed_rrset_key* rrset, } } +/** Detect if the, unsigned, CNAME is under a previous DNAME RR in the + * message, and thus it was generated from that previous DNAME. + */ +static int +cname_under_previous_dname(struct reply_info* rep, size_t cname_idx, + size_t* ret) +{ + size_t i; + for(i=0; irrsets[i]->rk.type) == LDNS_RR_TYPE_DNAME && + dname_strict_subdomain_c(rep->rrsets[cname_idx]-> + rk.dname, rep->rrsets[i]->rk.dname)) { + *ret = i; + return 1; + } + } + *ret = 0; + return 0; +} + void val_find_signer(enum val_classification subtype, struct query_info* qinf, struct reply_info* rep, size_t skip, uint8_t** signer_name, @@ -275,12 +295,19 @@ val_find_signer(enum val_classification subtype, struct query_info* qinf, *signer_name = NULL; *signer_len = 0; } else if(subtype == VAL_CLASS_CNAME) { + size_t j; /* check for the first signed cname/dname rrset */ for(i=skip; ian_numrrsets; i++) { val_find_rrset_signer(rep->rrsets[i], signer_name, signer_len); if(*signer_name) return; + if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_CNAME + && cname_under_previous_dname(rep, i, &j)) { + val_find_rrset_signer(rep->rrsets[j], + signer_name, signer_len); + return; + } if(ntohs(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_DNAME) break; /* only check CNAME after a DNAME */ } @@ -379,7 +406,7 @@ val_verify_rrset(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* keys, uint8_t* sigalg, char** reason, sldns_ede_code *reason_bogus, sldns_pkt_section section, struct module_qstate* qstate, - int *verified) + int *verified, char* reasonbuf, size_t reasonlen) { enum sec_status sec; struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> @@ -404,7 +431,7 @@ val_verify_rrset(struct module_env* env, struct val_env* ve, log_nametypeclass(VERB_ALGO, "verify rrset", rrset->rk.dname, ntohs(rrset->rk.type), ntohs(rrset->rk.rrset_class)); sec = dnskeyset_verify_rrset(env, ve, rrset, keys, sigalg, reason, - reason_bogus, section, qstate, verified); + reason_bogus, section, qstate, verified, reasonbuf, reasonlen); verbose(VERB_ALGO, "verify result: %s", sec_status_to_string(sec)); regional_free_all(env->scratch); @@ -439,7 +466,7 @@ val_verify_rrset_entry(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* rrset, struct key_entry_key* kkey, char** reason, sldns_ede_code *reason_bogus, sldns_pkt_section section, struct module_qstate* qstate, - int* verified) + int* verified, char* reasonbuf, size_t reasonlen) { /* temporary dnskey rrset-key */ struct ub_packed_rrset_key dnskey; @@ -453,7 +480,7 @@ val_verify_rrset_entry(struct module_env* env, struct val_env* ve, dnskey.entry.key = &dnskey; dnskey.entry.data = kd->rrset_data; sec = val_verify_rrset(env, ve, rrset, &dnskey, kd->algo, reason, - reason_bogus, section, qstate, verified); + reason_bogus, section, qstate, verified, reasonbuf, reasonlen); return sec; } @@ -463,7 +490,7 @@ verify_dnskeys_with_ds_rr(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ds_rrset, size_t ds_idx, char** reason, sldns_ede_code *reason_bogus, struct module_qstate* qstate, - int *nonechecked) + int *nonechecked, char* reasonbuf, size_t reasonlen) { enum sec_status sec = sec_status_bogus; size_t i, num, numchecked = 0, numhashok = 0, numsizesupp = 0; @@ -517,8 +544,8 @@ verify_dnskeys_with_ds_rr(struct module_env* env, struct val_env* ve, return sec_status_insecure; } if(numchecked == 0) { - algo_needs_reason(env, ds_get_key_algo(ds_rrset, ds_idx), - reason, "no keys have a DS"); + algo_needs_reason(ds_get_key_algo(ds_rrset, ds_idx), + reason, "no keys have a DS", reasonbuf, reasonlen); *nonechecked = 1; } else if(numhashok == 0) { *reason = "DS hash mismatches key"; @@ -549,7 +576,8 @@ enum sec_status val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason, - sldns_ede_code *reason_bogus, struct module_qstate* qstate) + sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen) { /* as long as this is false, we can consider this DS rrset to be * equivalent to no DS rrset. */ @@ -588,7 +616,7 @@ val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve, sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset, ds_rrset, i, reason, reason_bogus, qstate, - &nonechecked); + &nonechecked, reasonbuf, reasonlen); if(sec == sec_status_insecure) { /* DNSKEY too large unsupported or algo refused by * crypto lib. */ @@ -639,8 +667,8 @@ val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve, /* If any were understandable, then it is bad. */ verbose(VERB_QUERY, "Failed to match any usable DS to a DNSKEY."); if(sigalg && (alg=algo_needs_missing(&needs)) != 0) { - algo_needs_reason(env, alg, reason, "missing verification of " - "DNSKEY signature"); + algo_needs_reason(alg, reason, "missing verification of " + "DNSKEY signature", reasonbuf, reasonlen); } return sec_status_bogus; } @@ -649,12 +677,13 @@ struct key_entry_key* val_verify_new_DNSKEYs(struct regional* region, struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ds_rrset, int downprot, char** reason, - sldns_ede_code *reason_bogus, struct module_qstate* qstate) + sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen) { uint8_t sigalg[ALGO_NEEDS_MAX+1]; enum sec_status sec = val_verify_DNSKEY_with_DS(env, ve, dnskey_rrset, ds_rrset, downprot?sigalg:NULL, reason, - reason_bogus, qstate); + reason_bogus, qstate, reasonbuf, reasonlen); if(sec == sec_status_secure) { return key_entry_create_rrset(region, @@ -679,7 +708,8 @@ val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ta_ds, struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason, - sldns_ede_code *reason_bogus, struct module_qstate* qstate) + sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen) { /* as long as this is false, we can consider this anchor to be * equivalent to no anchor. */ @@ -730,7 +760,8 @@ val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, continue; sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset, - ta_ds, i, reason, reason_bogus, qstate, &nonechecked); + ta_ds, i, reason, reason_bogus, qstate, &nonechecked, + reasonbuf, reasonlen); if(sec == sec_status_insecure) { has_algo_refusal = 1; continue; @@ -810,8 +841,8 @@ val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, /* If any were understandable, then it is bad. */ verbose(VERB_QUERY, "Failed to match any usable anchor to a DNSKEY."); if(sigalg && (alg=algo_needs_missing(&needs)) != 0) { - algo_needs_reason(env, alg, reason, "missing verification of " - "DNSKEY signature"); + algo_needs_reason(alg, reason, "missing verification of " + "DNSKEY signature", reasonbuf, reasonlen); } return sec_status_bogus; } @@ -821,12 +852,14 @@ val_verify_new_DNSKEYs_with_ta(struct regional* region, struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ta_ds_rrset, struct ub_packed_rrset_key* ta_dnskey_rrset, int downprot, - char** reason, sldns_ede_code *reason_bogus, struct module_qstate* qstate) + char** reason, sldns_ede_code *reason_bogus, + struct module_qstate* qstate, char* reasonbuf, size_t reasonlen) { uint8_t sigalg[ALGO_NEEDS_MAX+1]; enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, dnskey_rrset, ta_ds_rrset, ta_dnskey_rrset, - downprot?sigalg:NULL, reason, reason_bogus, qstate); + downprot?sigalg:NULL, reason, reason_bogus, qstate, + reasonbuf, reasonlen); if(sec == sec_status_secure) { return key_entry_create_rrset(region, @@ -979,7 +1012,7 @@ void val_fill_reply(struct reply_info* chase, struct reply_info* orig, size_t skip, uint8_t* name, size_t len, uint8_t* signer) { - size_t i; + size_t i, j; int seen_dname = 0; chase->rrset_count = 0; chase->an_numrrsets = 0; @@ -1002,6 +1035,13 @@ val_fill_reply(struct reply_info* chase, struct reply_info* orig, LDNS_RR_TYPE_DNAME) { seen_dname = 1; } + } else if(ntohs(orig->rrsets[i]->rk.type) == LDNS_RR_TYPE_CNAME + && ((struct packed_rrset_data*)orig->rrsets[i]-> + entry.data)->rrsig_count == 0 && + cname_under_previous_dname(orig, i, &j) && + rrset_has_signer(orig->rrsets[j], name, len)) { + chase->rrsets[chase->an_numrrsets++] = orig->rrsets[j]; + chase->rrsets[chase->an_numrrsets++] = orig->rrsets[i]; } } /* AUTHORITY section */ diff --git a/usr.sbin/unbound/validator/val_utils.h b/usr.sbin/unbound/validator/val_utils.h index e2d5c3f5c..d9981aad1 100644 --- a/usr.sbin/unbound/validator/val_utils.h +++ b/usr.sbin/unbound/validator/val_utils.h @@ -125,13 +125,15 @@ void val_find_signer(enum val_classification subtype, * @param section: section of packet where this rrset comes from. * @param qstate: qstate with region. * @param verified: if not NULL, the number of RRSIG validations is returned. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return security status of verification. */ enum sec_status val_verify_rrset_entry(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* rrset, struct key_entry_key* kkey, char** reason, sldns_ede_code *reason_bogus, sldns_pkt_section section, struct module_qstate* qstate, - int* verified); + int* verified, char* reasonbuf, size_t reasonlen); /** * Verify DNSKEYs with DS rrset. Like val_verify_new_DNSKEYs but @@ -146,6 +148,8 @@ enum sec_status val_verify_rrset_entry(struct module_env* env, * @param reason: reason of failure. Fixed string or alloced in scratch. * @param reason_bogus: EDE (RFC8914) code paired with the reason of failure. * @param qstate: qstate with region. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return: sec_status_secure if a DS matches. * sec_status_insecure if end of trust (i.e., unknown algorithms). * sec_status_bogus if it fails. @@ -153,7 +157,8 @@ enum sec_status val_verify_rrset_entry(struct module_env* env, enum sec_status val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason, - sldns_ede_code *reason_bogus, struct module_qstate* qstate); + sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen); /** * Verify DNSKEYs with DS and DNSKEY rrset. Like val_verify_DNSKEY_with_DS @@ -169,6 +174,8 @@ enum sec_status val_verify_DNSKEY_with_DS(struct module_env* env, * @param reason: reason of failure. Fixed string or alloced in scratch. * @param reason_bogus: EDE (RFC8914) code paired with the reason of failure. * @param qstate: qstate with region. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return: sec_status_secure if a DS matches. * sec_status_insecure if end of trust (i.e., unknown algorithms). * sec_status_bogus if it fails. @@ -177,7 +184,8 @@ enum sec_status val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ta_ds, struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason, - sldns_ede_code *reason_bogus, struct module_qstate* qstate); + sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen); /** * Verify new DNSKEYs with DS rrset. The DS contains hash values that should @@ -194,6 +202,8 @@ enum sec_status val_verify_DNSKEY_with_TA(struct module_env* env, * @param reason: reason of failure. Fixed string or alloced in scratch. * @param reason_bogus: EDE (RFC8914) code paired with the reason of failure. * @param qstate: qstate with region. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return a KeyEntry. This will either contain the now trusted * dnskey_rrset, a "null" key entry indicating that this DS * rrset/DNSKEY pair indicate an secure end to the island of trust @@ -208,7 +218,8 @@ struct key_entry_key* val_verify_new_DNSKEYs(struct regional* region, struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ds_rrset, int downprot, char** reason, - sldns_ede_code *reason_bogus, struct module_qstate* qstate); + sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen); /** * Verify rrset with trust anchor: DS and DNSKEY rrset. @@ -224,6 +235,8 @@ struct key_entry_key* val_verify_new_DNSKEYs(struct regional* region, * @param reason: reason of failure. Fixed string or alloced in scratch. * @param reason_bogus: EDE (RFC8914) code paired with the reason of failure. * @param qstate: qstate with region. + * @param reasonbuf: buffer to use for fail reason string print. + * @param reasonlen: length of reasonbuf. * @return a KeyEntry. This will either contain the now trusted * dnskey_rrset, a "null" key entry indicating that this DS * rrset/DNSKEY pair indicate an secure end to the island of trust @@ -239,7 +252,8 @@ struct key_entry_key* val_verify_new_DNSKEYs_with_ta(struct regional* region, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ta_ds_rrset, struct ub_packed_rrset_key* ta_dnskey_rrset, int downprot, - char** reason, sldns_ede_code *reason_bogus, struct module_qstate* qstate); + char** reason, sldns_ede_code *reason_bogus, struct module_qstate* qstate, + char* reasonbuf, size_t reasonlen); /** * Determine if DS rrset is usable for validator or not. diff --git a/usr.sbin/unbound/validator/validator.c b/usr.sbin/unbound/validator/validator.c index 4fe2cf0f3..26247c235 100644 --- a/usr.sbin/unbound/validator/validator.c +++ b/usr.sbin/unbound/validator/validator.c @@ -72,7 +72,8 @@ /* forward decl for cache response and normal super inform calls of a DS */ static void process_ds_response(struct module_qstate* qstate, struct val_qstate* vq, int id, int rcode, struct dns_msg* msg, - struct query_info* qinfo, struct sock_list* origin, int* suspend); + struct query_info* qinfo, struct sock_list* origin, int* suspend, + struct module_qstate* sub_qstate); /* Updates the suplied EDE (RFC8914) code selectively so we don't lose @@ -273,11 +274,17 @@ val_new_getmsg(struct module_qstate* qstate, struct val_qstate* vq) return NULL; if(vq->orig_msg->rep->rrset_count > RR_COUNT_MAX) return NULL; /* protect against integer overflow */ - vq->chase_reply->rrsets = regional_alloc_init(qstate->region, - vq->orig_msg->rep->rrsets, sizeof(struct ub_packed_rrset_key*) - * vq->orig_msg->rep->rrset_count); + /* Over allocate (+an_numrrsets) in case we need to put extra DNAME + * records for unsigned CNAME repetitions */ + vq->chase_reply->rrsets = regional_alloc(qstate->region, + sizeof(struct ub_packed_rrset_key*) * + (vq->orig_msg->rep->rrset_count + + vq->orig_msg->rep->an_numrrsets)); if(!vq->chase_reply->rrsets) return NULL; + memmove(vq->chase_reply->rrsets, vq->orig_msg->rep->rrsets, + sizeof(struct ub_packed_rrset_key*) * + vq->orig_msg->rep->rrset_count); vq->rrset_skip = 0; return vq; } @@ -640,6 +647,7 @@ validate_msg_signatures(struct module_qstate* qstate, struct val_qstate* vq, struct ub_packed_rrset_key* s; enum sec_status sec; int num_verifies = 0, verified, have_state = 0; + char reasonbuf[256]; char* reason = NULL; sldns_ede_code reason_bogus = LDNS_EDE_DNSSEC_BOGUS; *suspend = 0; @@ -675,7 +683,8 @@ validate_msg_signatures(struct module_qstate* qstate, struct val_qstate* vq, /* Verify the answer rrset */ sec = val_verify_rrset_entry(env, ve, s, key_entry, &reason, - &reason_bogus, LDNS_SECTION_ANSWER, qstate, &verified); + &reason_bogus, LDNS_SECTION_ANSWER, qstate, &verified, + reasonbuf, sizeof(reasonbuf)); /* If the (answer) rrset failed to validate, then this * message is BAD. */ if(sec != sec_status_secure) { @@ -720,7 +729,7 @@ validate_msg_signatures(struct module_qstate* qstate, struct val_qstate* vq, s = chase_reply->rrsets[i]; sec = val_verify_rrset_entry(env, ve, s, key_entry, &reason, &reason_bogus, LDNS_SECTION_AUTHORITY, qstate, - &verified); + &verified, reasonbuf, sizeof(reasonbuf)); /* If anything in the authority section fails to be secure, * we have a bad message. */ if(sec != sec_status_secure) { @@ -766,7 +775,7 @@ validate_msg_signatures(struct module_qstate* qstate, struct val_qstate* vq, if(sname && query_dname_compare(sname, key_entry->name)==0) (void)val_verify_rrset_entry(env, ve, s, key_entry, &reason, NULL, LDNS_SECTION_ADDITIONAL, qstate, - &verified); + &verified, reasonbuf, sizeof(reasonbuf)); /* the additional section can fail to be secure, * it is optional, check signature in case we need * to clean the additional section later. */ @@ -2060,7 +2069,7 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id) verbose(VERB_ALGO, "Process suspended sub DS response"); msg = vq->sub_ds_msg; process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR, - msg, &msg->qinfo, NULL, &suspend); + msg, &msg->qinfo, NULL, &suspend, NULL); if(suspend) { /* we'll come back here later to continue */ if(!validate_suspend_setup_timer(qstate, vq, @@ -2076,7 +2085,7 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id) vq->key_entry->name)) ) { verbose(VERB_ALGO, "Process cached DS response"); process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR, - msg, &msg->qinfo, NULL, &suspend); + msg, &msg->qinfo, NULL, &suspend, NULL); if(suspend) { /* we'll come back here later to continue */ if(!validate_suspend_setup_timer(qstate, vq, @@ -2658,6 +2667,8 @@ val_operate(struct module_qstate* qstate, enum module_ev event, int id, * @param ta: trust anchor. * @param qstate: qstate that needs key. * @param id: module id. + * @param sub_qstate: the sub query state, that is the lookup that fetched + * the trust anchor data, it contains error information for the answer. * @return new key entry or NULL on allocation failure. * The key entry will either contain a validated DNSKEY rrset, or * represent a Null key (query failed, but validation did not), or a @@ -2665,31 +2676,38 @@ val_operate(struct module_qstate* qstate, enum module_ev event, int id, */ static struct key_entry_key* primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, - struct trust_anchor* ta, struct module_qstate* qstate, int id) + struct trust_anchor* ta, struct module_qstate* qstate, int id, + struct module_qstate* sub_qstate) { struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; struct key_entry_key* kkey = NULL; enum sec_status sec = sec_status_unchecked; + char reasonbuf[256]; char* reason = NULL; sldns_ede_code reason_bogus = LDNS_EDE_DNSSEC_BOGUS; int downprot = qstate->env->cfg->harden_algo_downgrade; if(!dnskey_rrset) { + char* err = errinf_to_str_misc(sub_qstate); + char rstr[1024]; log_nametypeclass(VERB_OPS, "failed to prime trust anchor -- " "could not fetch DNSKEY rrset", ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); reason_bogus = LDNS_EDE_DNSKEY_MISSING; - reason = "no DNSKEY rrset"; + if(!err) { + snprintf(rstr, sizeof(rstr), "no DNSKEY rrset"); + } else { + snprintf(rstr, sizeof(rstr), "no DNSKEY rrset " + "[%s]", err); + } if(qstate->env->cfg->harden_dnssec_stripped) { - errinf_ede(qstate, reason, reason_bogus); + errinf_ede(qstate, rstr, reason_bogus); kkey = key_entry_create_bad(qstate->region, ta->name, ta->namelen, ta->dclass, BOGUS_KEY_TTL, - reason_bogus, reason, - *qstate->env->now); + reason_bogus, rstr, *qstate->env->now); } else kkey = key_entry_create_null(qstate->region, ta->name, ta->namelen, ta->dclass, NULL_KEY_TTL, - reason_bogus, reason, - *qstate->env->now); + reason_bogus, rstr, *qstate->env->now); if(!kkey) { log_err("out of memory: allocate fail prime key"); return NULL; @@ -2699,7 +2717,7 @@ primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, /* attempt to verify with trust anchor DS and DNSKEY */ kkey = val_verify_new_DNSKEYs_with_ta(qstate->region, qstate->env, ve, dnskey_rrset, ta->ds_rrset, ta->dnskey_rrset, downprot, - &reason, &reason_bogus, qstate); + &reason, &reason_bogus, qstate, reasonbuf, sizeof(reasonbuf)); if(!kkey) { log_err("out of memory: verifying prime TA"); return NULL; @@ -2754,6 +2772,9 @@ primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, * DS response indicated an end to secure space, is_good if the DS * validated. It returns ke=NULL if the DS response indicated that the * request wasn't a delegation point. + * @param sub_qstate: the sub query state, that is the lookup that fetched + * the trust anchor data, it contains error information for the answer. + * Can be NULL. * @return * 0 on success, * 1 on servfail error (malloc failure), @@ -2762,9 +2783,10 @@ primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, static int ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, int id, int rcode, struct dns_msg* msg, struct query_info* qinfo, - struct key_entry_key** ke) + struct key_entry_key** ke, struct module_qstate* sub_qstate) { struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; + char reasonbuf[256]; char* reason = NULL; sldns_ede_code reason_bogus = LDNS_EDE_DNSSEC_BOGUS; enum val_classification subtype; @@ -2777,6 +2799,14 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, verbose(VERB_DETAIL, "DS response was error, thus bogus"); errinf(qstate, rc); reason = "no DS"; + if(sub_qstate) { + char* err = errinf_to_str_misc(sub_qstate); + if(err) { + char buf[1024]; + snprintf(buf, sizeof(buf), "[%s]", err); + errinf(qstate, buf); + } + } reason_bogus = LDNS_EDE_NETWORK_ERROR; errinf_ede(qstate, reason, reason_bogus); goto return_bogus; @@ -2799,7 +2829,9 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, /* Verify only returns BOGUS or SECURE. If the rrset is * bogus, then we are done. */ sec = val_verify_rrset_entry(qstate->env, ve, ds, - vq->key_entry, &reason, &reason_bogus, LDNS_SECTION_ANSWER, qstate, &verified); + vq->key_entry, &reason, &reason_bogus, + LDNS_SECTION_ANSWER, qstate, &verified, reasonbuf, + sizeof(reasonbuf)); if(sec != sec_status_secure) { verbose(VERB_DETAIL, "DS rrset in DS response did " "not verify"); @@ -2849,7 +2881,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, /* Try to prove absence of the DS with NSEC */ sec = val_nsec_prove_nodata_dsreply( qstate->env, ve, qinfo, msg->rep, vq->key_entry, - &proof_ttl, &reason, &reason_bogus, qstate); + &proof_ttl, &reason, &reason_bogus, qstate, + reasonbuf, sizeof(reasonbuf)); switch(sec) { case sec_status_secure: verbose(VERB_DETAIL, "NSEC RRset for the " @@ -2886,7 +2919,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, sec = nsec3_prove_nods(qstate->env, ve, msg->rep->rrsets + msg->rep->an_numrrsets, msg->rep->ns_numrrsets, qinfo, vq->key_entry, &reason, - &reason_bogus, qstate, &vq->nsec3_cache_table); + &reason_bogus, qstate, &vq->nsec3_cache_table, + reasonbuf, sizeof(reasonbuf)); switch(sec) { case sec_status_insecure: /* case insecure also continues to unsigned @@ -2953,7 +2987,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, } sec = val_verify_rrset_entry(qstate->env, ve, cname, vq->key_entry, &reason, &reason_bogus, - LDNS_SECTION_ANSWER, qstate, &verified); + LDNS_SECTION_ANSWER, qstate, &verified, reasonbuf, + sizeof(reasonbuf)); if(sec == sec_status_secure) { verbose(VERB_ALGO, "CNAME validated, " "proof that DS does not exist"); @@ -3002,11 +3037,15 @@ return_bogus: * @param origin: the origin of msg. * @param suspend: returned true if the task takes too long and needs to * suspend to continue the effort later. + * @param sub_qstate: the sub query state, that is the lookup that fetched + * the trust anchor data, it contains error information for the answer. + * Can be NULL. */ static void process_ds_response(struct module_qstate* qstate, struct val_qstate* vq, int id, int rcode, struct dns_msg* msg, struct query_info* qinfo, - struct sock_list* origin, int* suspend) + struct sock_list* origin, int* suspend, + struct module_qstate* sub_qstate) { struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; struct key_entry_key* dske = NULL; @@ -3014,7 +3053,8 @@ process_ds_response(struct module_qstate* qstate, struct val_qstate* vq, int ret; *suspend = 0; vq->empty_DS_name = NULL; - ret = ds_response_to_ke(qstate, vq, id, rcode, msg, qinfo, &dske); + ret = ds_response_to_ke(qstate, vq, id, rcode, msg, qinfo, &dske, + sub_qstate); if(ret != 0) { switch(ret) { case 1: @@ -3090,16 +3130,19 @@ process_ds_response(struct module_qstate* qstate, struct val_qstate* vq, * @param msg: result message (if rcode is OK). * @param qinfo: from the sub query state, query info. * @param origin: the origin of msg. + * @param sub_qstate: the sub query state, that is the lookup that fetched + * the trust anchor data, it contains error information for the answer. */ static void process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, int id, int rcode, struct dns_msg* msg, struct query_info* qinfo, - struct sock_list* origin) + struct sock_list* origin, struct module_qstate* sub_qstate) { struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; struct key_entry_key* old = vq->key_entry; struct ub_packed_rrset_key* dnskey = NULL; int downprot; + char reasonbuf[256]; char* reason = NULL; sldns_ede_code reason_bogus = LDNS_EDE_DNSSEC_BOGUS; @@ -3107,6 +3150,8 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, dnskey = reply_find_answer_rrset(qinfo, msg->rep); if(dnskey == NULL) { + char* err; + char rstr[1024]; /* bad response */ verbose(VERB_DETAIL, "Missing DNSKEY RRset in response to " "DNSKEY query."); @@ -3118,17 +3163,22 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, vq->restart_count++; return; } - reason = "No DNSKEY record"; + err = errinf_to_str_misc(sub_qstate); + if(!err) { + snprintf(rstr, sizeof(rstr), "No DNSKEY record"); + } else { + snprintf(rstr, sizeof(rstr), "No DNSKEY record " + "[%s]", err); + } reason_bogus = LDNS_EDE_DNSKEY_MISSING; vq->key_entry = key_entry_create_bad(qstate->region, qinfo->qname, qinfo->qname_len, qinfo->qclass, - BOGUS_KEY_TTL, reason_bogus, reason, - *qstate->env->now); + BOGUS_KEY_TTL, reason_bogus, rstr, *qstate->env->now); if(!vq->key_entry) { log_err("alloc failure in missing dnskey response"); /* key_entry is NULL for failure in Validate */ } - errinf_ede(qstate, reason, reason_bogus); + errinf_ede(qstate, rstr, reason_bogus); errinf_origin(qstate, origin); errinf_dname(qstate, "for key", qinfo->qname); vq->state = VAL_VALIDATE_STATE; @@ -3142,7 +3192,8 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, } downprot = qstate->env->cfg->harden_algo_downgrade; vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env, - ve, dnskey, vq->ds_rrset, downprot, &reason, &reason_bogus, qstate); + ve, dnskey, vq->ds_rrset, downprot, &reason, &reason_bogus, + qstate, reasonbuf, sizeof(reasonbuf)); if(!vq->key_entry) { log_err("out of memory in verify new DNSKEYs"); @@ -3192,10 +3243,13 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, * @param rcode: rcode result value. * @param msg: result message (if rcode is OK). * @param origin: the origin of msg. + * @param sub_qstate: the sub query state, that is the lookup that fetched + * the trust anchor data, it contains error information for the answer. */ static void process_prime_response(struct module_qstate* qstate, struct val_qstate* vq, - int id, int rcode, struct dns_msg* msg, struct sock_list* origin) + int id, int rcode, struct dns_msg* msg, struct sock_list* origin, + struct module_qstate* sub_qstate) { struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; struct ub_packed_rrset_key* dnskey_rrset = NULL; @@ -3227,7 +3281,8 @@ process_prime_response(struct module_qstate* qstate, struct val_qstate* vq, return; } } - vq->key_entry = primeResponseToKE(dnskey_rrset, ta, qstate, id); + vq->key_entry = primeResponseToKE(dnskey_rrset, ta, qstate, id, + sub_qstate); lock_basic_unlock(&ta->lock); if(vq->key_entry) { if(key_entry_isbad(vq->key_entry) @@ -3278,14 +3333,14 @@ val_inform_super(struct module_qstate* qstate, int id, if(vq->wait_prime_ta) { vq->wait_prime_ta = 0; process_prime_response(super, vq, id, qstate->return_rcode, - qstate->return_msg, qstate->reply_origin); + qstate->return_msg, qstate->reply_origin, qstate); return; } if(qstate->qinfo.qtype == LDNS_RR_TYPE_DS) { int suspend; process_ds_response(super, vq, id, qstate->return_rcode, qstate->return_msg, &qstate->qinfo, - qstate->reply_origin, &suspend); + qstate->reply_origin, &suspend, qstate); /* If NSEC3 was needed during validation, NULL the NSEC3 cache; * it will be re-initiated if needed later on. * Validation (and the cache table) are happening/allocated in @@ -3306,7 +3361,7 @@ val_inform_super(struct module_qstate* qstate, int id, } else if(qstate->qinfo.qtype == LDNS_RR_TYPE_DNSKEY) { process_dnskey_response(super, vq, id, qstate->return_rcode, qstate->return_msg, &qstate->qinfo, - qstate->reply_origin); + qstate->reply_origin, qstate); return; } log_err("internal error in validator: no inform_supers possible"); @@ -3344,8 +3399,8 @@ val_get_mem(struct module_env* env, int id) */ static struct module_func_block val_block = { "validator", - &val_init, &val_deinit, &val_operate, &val_inform_super, &val_clear, - &val_get_mem + NULL, NULL, &val_init, &val_deinit, &val_operate, &val_inform_super, + &val_clear, &val_get_mem }; struct module_func_block*