From 5c6f03632613aaa3b29972844b16ff0b11f8f8d8 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Thu, 21 Jul 2016 20:25:31 +0200
Subject: [PATCH 001/249] Further updates

---
 project-doc/release-procedure.txt | 139 +++++++++++++-----------------
 1 file changed, 61 insertions(+), 78 deletions(-)

diff --git a/project-doc/release-procedure.txt b/project-doc/release-procedure.txt
index 6438a4cf..3222a85b 100644
--- a/project-doc/release-procedure.txt
+++ b/project-doc/release-procedure.txt
@@ -1,61 +1,52 @@
-High level release procedure that we follow to make a formal release for the
-getdns API project.  This is a recipe - if you have a better way to do it then
-update this document and share it with us.
+High level release procedure for formal release for the getdns API project.  
 
-- code freeze
-    confirm with core team that all commits are in, from this point forward
-    only bug fixes should be committed to the release branch, once the release
-    is cut nothing should be committed to the release branch (make a new release)
+1) Git branching for a release
+    -- Confirm with core team (preferably via email) that all commits to be included
+    in the release are in the develop branch. Development for the next release can
+    continue on develop.
+    -- Create a release branch. We use the pattern "release/v1.0.0-b3" for naming
+    release branches. This branch is used for testing
+ 	and bug fixing while preparing the release (which can take several days
+    if there are un-foreseen issues). Note that from this point forward _only_ 
+    bug fixes for this release should be committed to the release branch. 
+    -- Once the release is published there should be no further commits on that
+       release branch.
 
-- create a release branch
-    in git repository named for the release, e.g. "release/v1.0.0-b3"
-    we do this because folks may want to continue to work in the develop branch
-    and be free to commit changes without injuring the release process.  Since
-    building and testing binaries for a release takes a few days we don't want to
-    force changes to queue up.
-
-    One might argue that a release can be cut more quickly, however there are 
-    inevitably little tweaks that need to be made that get uncovered as a result
-    of the binary builds - these tweaks need to be included in the souces for
-    this release so building the source tarball can't be done until all of the
-    binaries have been built and tested.
-
-- clone repo release branch to a clean local repo
-    this should be a brand spanking new directory - don't try to shortcut it and
-    use a working directory with lots of cruft - crap will find its way into the
-    release and embarass you:
+2) Prepare the release
+	-- Clone the upstream to a _new_ local  directory. (Do NOT re-use and 
+	existing working copy as this can lead to issues).
 
     # git clone -b v1.0.0-b3 https://github.com/getdnsapi/getdns.git getdns-1.0.0-b3
 
-- update files to reflect release number/date
-    ./README.md
-    ./ChangeLog 
-    ./configure.ac 
-      - Watch for and change values:
-        - AC_INIT
-        - RELEASE_CANDIDATE
-        - GETDNS_NUMERIC_VERSION
-	- API_VERSION and API_NUMERUC_VERSION
-	- read section "Library version" and
-	  update GETDNS_LIBVERSION carefully!
+    -- Update several files to reflect release number/date
+	    ./README.md
+	    ./ChangeLog 
+	    ./configure.ac 
+	      - Check and change the values for:
+	        - AC_INIT
+	        - RELEASE_CANDIDATE
+	        - GETDNS_NUMERIC_VERSION
+		- API_VERSION and API_NUMERUC_VERSION
+		- read the section "Library version" and update GETDNS_LIBVERSION carefully!
 
-    # autoreconf -fi
+	    # autoreconf -fi
 
-    commit these changes to the release branch
+	    Commit these changes to the release branch
 
-    # git commit -a -m "release number and date updates"
-    # git push
+	    # git commit -a -m "release number and date updates"
+	    # git push
 
-- Do the unit tests on as many different systems as you can.  They must all
-  be able to fulfill all requirements.  So they have libidn, libev, libuv, libevent,
-  latest libunbound, latest openssl (at least 1.0.2) lastest clang compiler
-  (for static analysis), latest valigrind.  Then run:
+3) Test
+	The unit and tpkg tests should be run on all the supported platforms.  They must all
+	be able to fulfil all requirements. So they must have libidn, libev, libuv, libevent,
+	latest libunbound, latest openssl (at least 1.0.2) latest clang compiler
+	(for static analysis), latest valgrind.  The tests can be run using:
 
-    # ${GETDNS_SRCDIR}/src/test/tpkg/run-all.sh
+	# ${GETDNS_SRCDIR}/src/test/tpkg/run-all.sh
 
-  and evaluate the results.
+	and evaluating the results.
 
-- build and sign source distribution tarball:
+4) Build and sign source distribution tarball
     # rm -fr *
     # git reset --hard
     # git submodule update --init
@@ -64,47 +55,39 @@ update this document and share it with us.
     # ./configure
     # make pub
 
-    - test the resulting tar by building it and running the regression tests
-      on as many different systems as you can.
+    The resulting tarball must be built, installed and tested on all the supported
+	platforms. Be sure to use a user that was NOT used for the build, this will uncover 
+    any issues related to absolute paths in the build
 
-- install on each target platform
-    - make sure and use a user that was NOT used for the build, this will uncover 
-      any silliness related to absolute paths in the build
+5) Fix any problems
+	-- If a build breaks or an install fails then commit fixes to the release branch.
+	Then re-run steps 3 and 4 for all supported platforms using the new code.
 
-- if a build breaks or an install fails then commit fixes to the relase branch
-  - rebuild EVERY binary using the changed release branch
+6) Merge branch changes back into master/develop
+	-- If this is a production release - then the release branch must be merged into master
+	Sign the merge tag if possible. 
+	-- Now the release is ready, all the relevant commits on the release branch
+	should also be merged back into develop. 
 
-- merge branch changes back into master
+7) Create the tarball
+	# make clean
+	# make pub
+	This generates getdns-1.0.0-b3.tar.gz + checksums + signatures.
 
-- once all binaries are built and tested clean, create source tar ball
+8) Upload source tarball and checksums and signatures to the getdnsapi.net site
 
-  you may need to run this as root to permit the chown
-  # make clean
-  # make pub
-  generates getdns-1.0.0-b3.tar.gz + checksums + signatures
+  	# scp getdns-1.0.0-b3.tar.gz* getdnsapi.net:/usr/local/www/apache24/data/dist
 
-- upload source tarball and checsums and signatures to the getdnsapi.net site
+9) Create and push signed tags to github
 
-  # scp getdns-1.0.0-b3.tar.gz* getdnsapi.net:/usr/local/www/apache24/data/dist
+  	# git -s v1.0.0-b3
+  	# git push --tags
 
-- Create and push signed tags to github
+10) Update getdnsapi.net web site 
+	- Create an entry the the 'Checksum' page using the content of ChangeLog
+	- Create a new 'News' entry
 
-  # git -s v1.0.0-b3
-  # git push --tags
-
-- update getdnsapi.net web site 
-    -  create a getdns-1.0.0-b3.tar.gz.changelog and
-       getdns-1.0.0-b3.tar.gz.html in
-        /usr/local/www/apache24/data/dist
-       with the content of ChangeLog
-       and the release announcement respectively.
-    - Edit /usr/local/www/apache24/build_site.py.
-      Change latest entry and create a new news_item entry.
-    - rebuild website
-        # cd /usr/local/www/apache24
-        # ./build_site.py
-
-- announce message to
+11) Announce the release to the lists (make sure to sign the emails)
     users@getdnsapi.net, spec@getdnsapi.net and maintainers@nlnetlabs.nl
 
 

From 0432fe37c45ac4f0ca31d150a2759cfe63c1bce7 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Thu, 21 Jul 2016 19:24:18 +0200
Subject: [PATCH 002/249] Tinker with upstream keepalive

---
 src/context.c |  2 ++
 src/context.h |  1 +
 src/stub.c    | 15 +++++++++++++--
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/context.c b/src/context.c
index 847fb041..5439a7a9 100644
--- a/src/context.c
+++ b/src/context.c
@@ -711,6 +711,7 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	upstream->responses_received = 0;
 	upstream->responses_timeouts = 0;
 	upstream->keepalive_timeout = 0;
+	upstream->keepalive_shutdown = 0;
 
 	/* Now TLS stuff*/
 	upstream->tls_auth_state = GETDNS_AUTH_NONE;
@@ -836,6 +837,7 @@ upstream_init(getdns_upstream *upstream,
 	upstream->queries_sent = 0;
 	upstream->responses_received = 0;
 	upstream->responses_timeouts = 0;
+	upstream->keepalive_shutdown = 0;
 	upstream->keepalive_timeout = 0;
 	upstream->to_retry =  2;
 	upstream->back_off =  1;
diff --git a/src/context.h b/src/context.h
index 84a2c40c..c2e91f3d 100644
--- a/src/context.h
+++ b/src/context.h
@@ -148,6 +148,7 @@ typedef struct getdns_upstream {
 	size_t                   queries_sent;
 	size_t                   responses_received;
 	size_t                   responses_timeouts;
+	size_t                   keepalive_shutdown;
 	uint64_t                 keepalive_timeout;
 
 	/* Management of outstanding requests on stateful transports */
diff --git a/src/stub.c b/src/stub.c
index 2b6f9c36..54fb4b76 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -342,9 +342,17 @@ process_keepalive(
 	/* Use server sent value unless the client specified a shorter one.
 	   Convert to ms first (wire value has units of 100ms) */
 	uint64_t server_keepalive = ((uint64_t)gldns_read_uint16(position))*100;
+	DEBUG_STUB("%s %-35s: FD:  %d Server Keepalive recived: %d ms\n",
+           STUB_DEBUG_READ, __FUNCTION__, upstream->fd, 
+           (int)server_keepalive);
 	if (netreq->owner->context->idle_timeout < server_keepalive)
 		upstream->keepalive_timeout = netreq->owner->context->idle_timeout;
 	else {
+		if (server_keepalive == 0) {
+			/* This means the server wants us to shut the connection (sending no
+			   more queries). */
+			upstream->keepalive_shutdown = 1;
+		}
 		upstream->keepalive_timeout = server_keepalive;
 		DEBUG_STUB("%s %-35s: FD:  %d Server Keepalive used: %d ms\n",
 		           STUB_DEBUG_READ, __FUNCTION__, upstream->fd, 
@@ -1551,8 +1559,11 @@ upstream_working_ok(getdns_upstream *upstream)
 static int
 upstream_active(getdns_upstream *upstream) 
 {
-	return ((upstream->conn_state == GETDNS_CONN_SETUP || 
-	         upstream->conn_state == GETDNS_CONN_OPEN) ? 1 : 0);
+	if ((upstream->conn_state == GETDNS_CONN_SETUP || 
+	     upstream->conn_state == GETDNS_CONN_OPEN) &&
+	     upstream->keepalive_shutdown == 0)
+		return 1;
+	return 0;
 }
 
 static int

From a1461d51eceedbd6cfa7567fa1659be4724ed876 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 5 Aug 2016 14:10:55 +0100
Subject: [PATCH 003/249] Add abbreviated logging mode for daemon

---
 configure.ac         |  9 +++++++++
 src/context.c        | 37 ++++++++++++++++++++++++-------------
 src/context.h        |  3 +++
 src/debug.h          |  8 ++++++++
 src/stub.c           | 15 ++++++++++++---
 src/types-internal.h | 11 +++++++++++
 6 files changed, 67 insertions(+), 16 deletions(-)

diff --git a/configure.ac b/configure.ac
index 73150114..efcf7ce0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -144,6 +144,7 @@ ACX_ARG_RPATH
 
 AC_ARG_ENABLE(debug-sched, AC_HELP_STRING([--enable-debug-sched], [Enable scheduling debugging messages]))
 AC_ARG_ENABLE(debug-stub, AC_HELP_STRING([--enable-debug-stub], [Enable stub debugging messages]))
+AC_ARG_ENABLE(debug-daemon, AC_HELP_STRING([--enable-debug-daemon], [Enable daemon debugging messages]))
 AC_ARG_ENABLE(debug-sec, AC_HELP_STRING([--enable-debug-sec], [Enable dnssec debugging messages]))
 AC_ARG_ENABLE(debug-server, AC_HELP_STRING([--enable-debug-server], [Enable server debugging messages]))
 AC_ARG_ENABLE(all-debugging, AC_HELP_STRING([--enable-all-debugging], [Enable scheduling, stub and dnssec debugging]))
@@ -151,6 +152,7 @@ case "$enable_all_debugging" in
 	yes)
 		enable_debug_sched=yes
 		enable_debug_stub=yes
+		enable_debug_daemon=yes
 		enable_debug_sec=yes
 		enable_debug_server=yes
 		;;
@@ -171,6 +173,13 @@ case "$enable_debug_stub" in
 	no|*)
 		;;
 esac
+case "$enable_debug_daemon" in
+	yes)
+		AC_DEFINE_UNQUOTED([DAEMON_DEBUG], [1], [Define this to enable printing of daemon debugging messages.])
+		;;
+	no|*)
+		;;
+esac
 case "$enable_debug_sec" in
 	yes)
 		AC_DEFINE_UNQUOTED([SEC_DEBUG], [1], [Define this to enable printing of dnssec debugging messages.])
diff --git a/src/context.c b/src/context.c
index 5439a7a9..1c851e64 100644
--- a/src/context.c
+++ b/src/context.c
@@ -224,6 +224,14 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 }
 #endif
 
+static uint8_t*
+upstream_addr(getdns_upstream *upstream)
+{
+	return upstream->addr.ss_family == AF_INET
+	    ? (void *)&((struct sockaddr_in*)&upstream->addr)->sin_addr
+	    : (void *)&((struct sockaddr_in6*)&upstream->addr)->sin6_addr;
+}
+
 static void destroy_local_host(_getdns_rbnode_t * node, void *arg)
 {
 	getdns_context *context = (getdns_context *)arg;
@@ -683,11 +691,17 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	if (upstream->tls_auth_state != GETDNS_AUTH_NONE)
 		upstream->past_tls_auth_state = upstream->tls_auth_state;
 
-	DEBUG_STUB("%s %-35s: FD:  %d Upstream Stats: Resp=%d,Timeouts=%d,Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Auth=%d\n",
-	           STUB_DEBUG_CLEANUP, __FUNCTION__, upstream->fd, 
-	           (int)upstream->total_responses, (int)upstream->total_timeouts,
-	           (int)upstream->conn_completed, (int)upstream->conn_setup_failed, 
-	           (int)upstream->conn_shutdowns, upstream->past_tls_auth_state);
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+	DEBUG_DAEMON("%s Upstream %s : Connection closed: Connection stats - Resp=%d,Timeouts=%d,Keepalive(ms)=%d,Auth=%s\n",
+	             STUB_DEBUG_DAEMON, upstream->addr_str,
+	             (int)upstream->responses_received, (int)upstream->responses_timeouts,
+	             (int)upstream->keepalive_timeout, getdns_auth_str_array[upstream->tls_auth_state]);
+	DEBUG_DAEMON("%s Upstream %s : Connection closed: Upstream stats   - Resp=%d,Timeouts=%d,Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Auth=%s\n",
+	             STUB_DEBUG_DAEMON, upstream->addr_str,
+	             (int)upstream->total_responses, (int)upstream->total_timeouts,
+	             (int)upstream->conn_completed, (int)upstream->conn_setup_failed, 
+	             (int)upstream->conn_shutdowns, getdns_auth_str_array[upstream->tls_auth_state]);
+#endif
 
 	/* Back off connections that never got up service at all (probably no
 	   TCP service or incompatible TLS version/cipher). 
@@ -829,6 +843,10 @@ upstream_init(getdns_upstream *upstream,
 
 	upstream->addr_len = ai->ai_addrlen;
 	(void) memcpy(&upstream->addr, ai->ai_addr, ai->ai_addrlen);
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+	inet_ntop(upstream->addr.ss_family, upstream_addr(upstream), 
+	          upstream->addr_str, INET6_ADDRSTRLEN);
+#endif
 
 	/* How is this upstream doing? */
 	upstream->conn_setup_failed = 0;
@@ -2831,15 +2849,8 @@ getdns_cancel_callback(getdns_context *context,
 	return r;
 } /* getdns_cancel_callback */
 
-#ifndef STUB_NATIVE_DNSSEC
-static uint8_t*
-upstream_addr(getdns_upstream *upstream)
-{
-	return upstream->addr.ss_family == AF_INET
-	    ? (void *)&((struct sockaddr_in*)&upstream->addr)->sin_addr
-	    : (void *)&((struct sockaddr_in6*)&upstream->addr)->sin6_addr;
-}
 
+#ifndef STUB_NATIVE_DNSSEC
 static in_port_t
 upstream_port(getdns_upstream *upstream)
 {
diff --git a/src/context.h b/src/context.h
index c2e91f3d..9caf458d 100644
--- a/src/context.h
+++ b/src/context.h
@@ -124,6 +124,9 @@ typedef struct getdns_upstream {
 
 	socklen_t                addr_len;
 	struct sockaddr_storage  addr;
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+	char                     addr_str[INET6_ADDRSTRLEN];
+#endif
 
 	/* How is this upstream doing over UDP? */
 	int                      to_retry;
diff --git a/src/debug.h b/src/debug.h
index 91051435..643b198d 100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -45,6 +45,7 @@
 #define STUB_DEBUG_READ      "------- READ:   "
 #define STUB_DEBUG_WRITE     "------- WRITE:  "
 #define STUB_DEBUG_CLEANUP   "--- CLEANUP:    "
+#define STUB_DEBUG_DAEMON    "GETDNS_DAEMON:  "
 
 #define DEBUG_ON(...) do { \
 		struct timeval tv; \
@@ -88,6 +89,13 @@
 #define DEBUG_STUB(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+#include <time.h>
+#define DEBUG_DAEMON(...) DEBUG_ON(__VA_ARGS__)
+#else
+#define DEBUG_DAEMON(...) DEBUG_OFF(__VA_ARGS__)
+#endif
+
 #if defined(SEC_DEBUG) && SEC_DEBUG
 #include <time.h>
 #define DEBUG_SEC(...) DEBUG_ON(__VA_ARGS__)
diff --git a/src/stub.c b/src/stub.c
index 54fb4b76..74f25d39 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -522,9 +522,14 @@ upstream_failed(getdns_upstream *upstream, int during_setup)
 	if (during_setup) {
 		/* Reset timeout on setup failure to trigger fallback handling.*/
 		GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
-		GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd, TIMEOUT_FOREVER,
-		    getdns_eventloop_event_init(&upstream->event, upstream,
-		     NULL, upstream_write_cb, NULL));
+		/* Need this check because if the setup failed because the interface is
+		   not up we get -1 and then a seg fault. Found when using IPv6 address
+		   but IPv6 interface not enabled.*/
+		if (upstream->fd != -1) {
+			GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd, TIMEOUT_FOREVER,
+			    getdns_eventloop_event_init(&upstream->event, upstream,
+			     NULL, upstream_write_cb, NULL));
+		}
 		/* Special case if failure was due to authentication issues since this
 		   upstream could be used oppotunistically with no problem.*/
 		if (!(upstream->transport == GETDNS_TRANSPORT_TLS &&
@@ -1739,6 +1744,10 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 		return -1;
 		/* Nothing to do*/
 	}
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+	DEBUG_DAEMON("%s Upstream %s : Connection initialised\n",
+                  STUB_DEBUG_DAEMON, upstream->addr_str);
+#endif
 	return fd;
 }
 
diff --git a/src/types-internal.h b/src/types-internal.h
index f6c3cf5b..5f67f7cd 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -63,6 +63,17 @@ typedef enum getdns_auth_state {
 	GETDNS_AUTH_OK,        /* Tried and worked (Strict) */
 } getdns_auth_state_t;
 
+#define GETDNS_STR_AUTH_NONE "N/A"
+#define GETDNS_STR_AUTH_FAILED "Failed or not tried"
+#define GETDNS_STR_AUTH_OK "Success"
+
+static char*
+getdns_auth_str_array[] = {
+	GETDNS_STR_AUTH_NONE,
+	GETDNS_STR_AUTH_FAILED,
+	GETDNS_STR_AUTH_OK
+};
+
 struct getdns_context;
 struct getdns_upstreams;
 struct getdns_upstream;

From fdbefa17ecc10aa735776a87b02d1e6ac9013865 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 5 Aug 2016 17:25:27 +0100
Subject: [PATCH 004/249] Add timer for back off on upstream (use 1 hr). Reset
 as new upstream when re-instated.

---
 src/context.c        | 38 ++++++++++++++++++++++++++++----------
 src/context.h        |  2 ++
 src/stub.c           | 14 +++++++++++---
 src/types-internal.h |  4 ++--
 4 files changed, 43 insertions(+), 15 deletions(-)

diff --git a/src/context.c b/src/context.c
index 1c851e64..5e120317 100644
--- a/src/context.c
+++ b/src/context.c
@@ -84,6 +84,9 @@ typedef unsigned short in_port_t;
 #define GETDNS_STR_PORT_ZERO "0"
 #define GETDNS_STR_PORT_DNS "53"
 #define GETDNS_STR_PORT_DNS_OVER_TLS "853"
+/* How long to wait in seconds before re-trying a connection based backed-off 
+   upstream. Using 1 hour for all transports - based on RFC7858 value for for TLS.*/
+#define BACKOFF_RETRY 3600
 
 void *plain_mem_funcs_user_arg = MF_PLAIN;
 
@@ -692,15 +695,16 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 		upstream->past_tls_auth_state = upstream->tls_auth_state;
 
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-	DEBUG_DAEMON("%s Upstream %s : Connection closed: Connection stats - Resp=%d,Timeouts=%d,Keepalive(ms)=%d,Auth=%s\n",
+	DEBUG_DAEMON("%s %s : Conn closed: Conn stats     - Resp=%d,Timeouts=%d,Auth=%s,Keepalive(ms)=%d\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (int)upstream->responses_received, (int)upstream->responses_timeouts,
-	             (int)upstream->keepalive_timeout, getdns_auth_str_array[upstream->tls_auth_state]);
-	DEBUG_DAEMON("%s Upstream %s : Connection closed: Upstream stats   - Resp=%d,Timeouts=%d,Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Auth=%s\n",
+	             getdns_auth_str_array[upstream->tls_auth_state], (int)upstream->keepalive_timeout);
+	DEBUG_DAEMON("%s %s :              Upstream stats - Resp=%d,Timeouts=%d,Auth=%s,Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (int)upstream->total_responses, (int)upstream->total_timeouts,
-	             (int)upstream->conn_completed, (int)upstream->conn_setup_failed, 
-	             (int)upstream->conn_shutdowns, getdns_auth_str_array[upstream->tls_auth_state]);
+	             getdns_auth_str_array[upstream->tls_auth_state], 
+	             (int)upstream->conn_completed, (int)upstream->conn_setup_failed,
+	             (int)upstream->conn_shutdowns, (int)upstream->conn_backoffs);
 #endif
 
 	/* Back off connections that never got up service at all (probably no
@@ -716,10 +720,18 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	    (upstream->conn_completed >= GETDNS_CONN_ATTEMPTS &&
 	     upstream->total_responses == 0 && 
 	     upstream->total_timeouts > GETDNS_TRANSPORT_FAIL_MULT)) {
-		DEBUG_STUB("%s %-35s: FD:  %d BACKING OFF THIS UPSTREAM! \n", 
-		            STUB_DEBUG_CLEANUP, __FUNCTION__, upstream->fd);
 		upstream->conn_state = GETDNS_CONN_BACKOFF;
-		}
+		upstream->conn_retry_time = time(NULL) + BACKOFF_RETRY;
+		upstream->total_responses = 0;
+		upstream->total_timeouts = 0;
+		upstream->conn_completed = 0;
+		upstream->conn_setup_failed = 0;
+		upstream->conn_shutdowns = 0;
+		upstream->conn_backoffs++;
+		DEBUG_DAEMON("%s %s : !Backing off this upstream  - will retry as new upstream at %s\n",
+		            STUB_DEBUG_DAEMON, upstream->addr_str,
+		            asctime(gmtime(&upstream->conn_retry_time)));
+	}
 	// Reset per connection counters
 	upstream->queries_sent = 0;
 	upstream->responses_received = 0;
@@ -848,15 +860,21 @@ upstream_init(getdns_upstream *upstream,
 	          upstream->addr_str, INET6_ADDRSTRLEN);
 #endif
 
-	/* How is this upstream doing? */
-	upstream->conn_setup_failed = 0;
+	/* How is this upstream doing on connections? */
+	upstream->conn_completed = 0;
 	upstream->conn_shutdowns = 0;
+	upstream->conn_setup_failed = 0;
+	upstream->conn_retry_time = 0;
+	upstream->conn_backoffs = 0;
+	upstream->total_responses = 0;
+	upstream->total_timeouts = 0;
 	upstream->conn_state = GETDNS_CONN_CLOSED;
 	upstream->queries_sent = 0;
 	upstream->responses_received = 0;
 	upstream->responses_timeouts = 0;
 	upstream->keepalive_shutdown = 0;
 	upstream->keepalive_timeout = 0;
+	/* How is this upstream doing on UDP? */
 	upstream->to_retry =  2;
 	upstream->back_off =  1;
 
diff --git a/src/context.h b/src/context.h
index 9caf458d..8d192d39 100644
--- a/src/context.h
+++ b/src/context.h
@@ -143,6 +143,8 @@ typedef struct getdns_upstream {
 	size_t                   conn_completed;
 	size_t                   conn_shutdowns;
 	size_t                   conn_setup_failed;
+	time_t                   conn_retry_time;
+	size_t                   conn_backoffs;
 	size_t                   total_responses;
 	size_t                   total_timeouts;
 	getdns_auth_state_t      past_tls_auth_state;
diff --git a/src/stub.c b/src/stub.c
index 74f25d39..5fd5e9d4 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1626,12 +1626,20 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 	getdns_upstream *upstream = NULL;
 	getdns_upstreams *upstreams = netreq->owner->upstreams;
 	size_t i;
+	time_t now = time(NULL);
 	
 	if (!upstreams->count)
 		return NULL;
 
-	/* [TLS1]TODO: Add check to re-instate backed-off upstreams after X amount 
-	   of time*/
+	/* A check to re-instate backed-off upstreams after X amount of time*/
+	for (i = 0; i < upstreams->count; i++) {
+		if (upstreams->upstreams[i].conn_state == GETDNS_CONN_BACKOFF &&
+		    upstreams->upstreams[i].conn_retry_time < now) {
+			upstreams->upstreams[i].conn_state = GETDNS_CONN_CLOSED;
+			DEBUG_DAEMON("%s %s : Re-instating upstream\n",
+		            STUB_DEBUG_DAEMON, upstreams->upstreams[i].addr_str);
+		}
+	}
 
 	/* First find if an open upstream has the correct properties and use that*/
 	for (i = 0; i < upstreams->count; i++) {
@@ -1745,7 +1753,7 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 		/* Nothing to do*/
 	}
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-	DEBUG_DAEMON("%s Upstream %s : Connection initialised\n",
+	DEBUG_DAEMON("%s %s : Conn init\n",
                   STUB_DEBUG_DAEMON, upstream->addr_str);
 #endif
 	return fd;
diff --git a/src/types-internal.h b/src/types-internal.h
index 5f67f7cd..bd1f993c 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -63,8 +63,8 @@ typedef enum getdns_auth_state {
 	GETDNS_AUTH_OK,        /* Tried and worked (Strict) */
 } getdns_auth_state_t;
 
-#define GETDNS_STR_AUTH_NONE "N/A"
-#define GETDNS_STR_AUTH_FAILED "Failed or not tried"
+#define GETDNS_STR_AUTH_NONE "None"
+#define GETDNS_STR_AUTH_FAILED "Failed"
 #define GETDNS_STR_AUTH_OK "Success"
 
 static char*

From 6f9bfffe9f3461287889f4e97f8e08e4201830c1 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Mon, 8 Aug 2016 16:12:33 +0100
Subject: [PATCH 005/249] Catch another error path for failed connections

---
 src/stub.c | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index 5fd5e9d4..bef5bf9d 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1764,21 +1764,28 @@ upstream_find_for_transport(getdns_network_req *netreq,
                             getdns_transport_list_t transport,
                             int *fd)
 {
-	/* [TLS1]TODO: Don't currently loop over upstreams here as UDP will timeout
-	   and stateful will fallback. But there is a case where connect returns -1 
-	   that we need to deal with!!!! so add a while loop to test fd*/
 	getdns_upstream *upstream = NULL;
+
+	/*  UDP always returns an upstream, the only reason this will fail is if
+	    no socket is available, in which case that is an error.*/
 	if (transport == GETDNS_TRANSPORT_UDP) {
 		upstream = upstream_select(netreq);
+		*fd = upstream_connect(upstream, transport, netreq->owner);
+		return upstream;
 	}
-	else 
-		upstream = upstream_select_stateful(netreq, transport);
-	if (!upstream)
-		return NULL;
-	*fd = upstream_connect(upstream, transport, netreq->owner);
-	DEBUG_STUB("%s %-35s: FD:  %d Connecting to upstream: %p   No: %d\n", 
+	else {
+		/* For stateful transport we should keep trying until all our transports
+		   are exhausted/backed-off (no upstream)*/
+		do {
+			upstream = upstream_select_stateful(netreq, transport);
+			if (!upstream)
+				return NULL;
+			*fd = upstream_connect(upstream, transport, netreq->owner);
+		} while (*fd == -1);
+		DEBUG_STUB("%s %-35s: FD:  %d Connecting to upstream: %p   No: %d\n", 
 	           STUB_DEBUG_SETUP, __FUNCTION__, *fd, upstream,
 	           (int)(upstream - netreq->owner->context->upstreams->upstreams));
+	}
 	return upstream;
 }
 

From f156f2f24ae1140ce875a0a4b262a463057cc151 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Mon, 8 Aug 2016 17:07:46 +0100
Subject: [PATCH 006/249] Had to change some preprocessor checks to get all the
 options to compile

---
 src/context.c | 28 +++++++++++++---------------
 src/dnssec.c  |  2 ++
 src/stub.c    |  4 +++-
 3 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/src/context.c b/src/context.c
index 5e120317..58abcd77 100644
--- a/src/context.c
+++ b/src/context.c
@@ -227,6 +227,7 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 }
 #endif
 
+#if !defined(STUB_NATIVE_DNSSEC) || (defined(DAEMON_DEBUG) && DAEMON_DEBUG)
 static uint8_t*
 upstream_addr(getdns_upstream *upstream)
 {
@@ -234,6 +235,16 @@ upstream_addr(getdns_upstream *upstream)
 	    ? (void *)&((struct sockaddr_in*)&upstream->addr)->sin_addr
 	    : (void *)&((struct sockaddr_in6*)&upstream->addr)->sin6_addr;
 }
+#endif
+
+
+static in_port_t
+upstream_port(getdns_upstream *upstream)
+{
+	return ntohs(upstream->addr.ss_family == AF_INET
+	     ? ((struct sockaddr_in *)&upstream->addr)->sin_port
+	     : ((struct sockaddr_in6*)&upstream->addr)->sin6_port);
+}
 
 static void destroy_local_host(_getdns_rbnode_t * node, void *arg)
 {
@@ -728,9 +739,11 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 		upstream->conn_setup_failed = 0;
 		upstream->conn_shutdowns = 0;
 		upstream->conn_backoffs++;
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 		DEBUG_DAEMON("%s %s : !Backing off this upstream  - will retry as new upstream at %s\n",
 		            STUB_DEBUG_DAEMON, upstream->addr_str,
 		            asctime(gmtime(&upstream->conn_retry_time)));
+#endif
 	}
 	// Reset per connection counters
 	upstream->queries_sent = 0;
@@ -2869,13 +2882,6 @@ getdns_cancel_callback(getdns_context *context,
 
 
 #ifndef STUB_NATIVE_DNSSEC
-static in_port_t
-upstream_port(getdns_upstream *upstream)
-{
-	return ntohs(upstream->addr.ss_family == AF_INET
-	    ? ((struct sockaddr_in *)&upstream->addr)->sin_port
-	    : ((struct sockaddr_in6*)&upstream->addr)->sin6_port);
-}
 
 static uint32_t *
 upstream_scope_id(getdns_upstream *upstream)
@@ -3371,14 +3377,6 @@ getdns_context_get_eventloop(getdns_context *context, getdns_eventloop **loop)
 	return GETDNS_RETURN_GOOD;
 }
 
-static in_port_t
-upstream_port(getdns_upstream *upstream)
-{
-	return ntohs(upstream->addr.ss_family == AF_INET
-	     ? ((struct sockaddr_in *)&upstream->addr)->sin_port
-	     : ((struct sockaddr_in6*)&upstream->addr)->sin6_port);
-}
-
 static getdns_dict*
 _get_context_settings(getdns_context* context)
 {
diff --git a/src/dnssec.c b/src/dnssec.c
index f567b96b..6152782a 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -2687,6 +2687,7 @@ static int chain_head_validate(struct mem_funcs *mf, time_t now, uint32_t skew,
  * evaluated by processing each head in turn.  The worst outcome per network request
  * is the dnssec status for that network request.
  */
+#ifdef STUB_NATIVE_DNSSEC
 static void chain_set_netreq_dnssec_status(chain_head *chain, _getdns_rrset_iter *tas)
 {
 	chain_head *head;
@@ -2723,6 +2724,7 @@ static void chain_set_netreq_dnssec_status(chain_head *chain, _getdns_rrset_iter
 		}
 	}
 }
+#endif
 
 /* The DNSSEC status of all heads for a chain structure is evaluated by 
  * processing each head in turn.  The worst outcome is the dnssec status for
diff --git a/src/stub.c b/src/stub.c
index bef5bf9d..e496d61d 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -342,7 +342,7 @@ process_keepalive(
 	/* Use server sent value unless the client specified a shorter one.
 	   Convert to ms first (wire value has units of 100ms) */
 	uint64_t server_keepalive = ((uint64_t)gldns_read_uint16(position))*100;
-	DEBUG_STUB("%s %-35s: FD:  %d Server Keepalive recived: %d ms\n",
+	DEBUG_STUB("%s %-35s: FD:  %d Server Keepalive recieved: %d ms\n",
            STUB_DEBUG_READ, __FUNCTION__, upstream->fd, 
            (int)server_keepalive);
 	if (netreq->owner->context->idle_timeout < server_keepalive)
@@ -1636,8 +1636,10 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 		if (upstreams->upstreams[i].conn_state == GETDNS_CONN_BACKOFF &&
 		    upstreams->upstreams[i].conn_retry_time < now) {
 			upstreams->upstreams[i].conn_state = GETDNS_CONN_CLOSED;
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 			DEBUG_DAEMON("%s %s : Re-instating upstream\n",
 		            STUB_DEBUG_DAEMON, upstreams->upstreams[i].addr_str);
+#endif
 		}
 	}
 

From c84ff93e4f7337069a4c0f50bc78f93543a924f6 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 25 Aug 2016 12:40:02 +0200
Subject: [PATCH 007/249] Anticipate Mac OS X glibtoolize

---
 src/test/tpkg/setup-env.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/tpkg/setup-env.sh b/src/test/tpkg/setup-env.sh
index ad43c879..18cdfbeb 100755
--- a/src/test/tpkg/setup-env.sh
+++ b/src/test/tpkg/setup-env.sh
@@ -13,7 +13,7 @@ then
 fi
 if [ ! -f "${SRCROOT}/libtool" ]
 then
-	(cd "${SRCROOT}"; libtoolize -fic)
+	(cd "${SRCROOT}"; (glibtoolize -fic || libtoolize -fic))
 fi
 if [ ! -f "${SRCROOT}/configure" ]
 then

From 47e718eeb88a1cef6f732c9df3009f1cd071d341 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 13 Oct 2016 23:04:50 +0200
Subject: [PATCH 008/249] OpenSSL 1.1 support

---
 configure.ac           |  1 +
 src/context.c          |  9 +++++++++
 src/gldns/keyraw.c     | 39 +++++++++++++++++++++++++++++++++++++++
 src/gldns/rrdef.h      |  2 +-
 src/gldns/wire2str.h   | 18 +++++++++---------
 src/pubkey-pinning.c   | 12 ++++++++----
 src/types-internal.h   |  7 -------
 src/util/val_secalgo.c | 10 ++++++----
 8 files changed, 73 insertions(+), 25 deletions(-)

diff --git a/configure.ac b/configure.ac
index efcf7ce0..031c618e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -255,6 +255,7 @@ else
 fi
 AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS([openssl/bn.h openssl/rsa.h openssl/dsa.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method])
 AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
 AC_INCLUDES_DEFAULT
diff --git a/src/context.c b/src/context.c
index 58abcd77..ff172499 100644
--- a/src/context.c
+++ b/src/context.c
@@ -693,6 +693,15 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
 	GETDNS_FREE(upstreams->mf, upstreams);
 }
 
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+static char*
+getdns_auth_str_array[] = {
+	GETDNS_STR_AUTH_NONE,
+	GETDNS_STR_AUTH_FAILED,
+	GETDNS_STR_AUTH_OK
+};
+#endif
+
 void
 _getdns_upstream_shutdown(getdns_upstream *upstream)
 {
diff --git a/src/gldns/keyraw.c b/src/gldns/keyraw.c
index 7a27e7f0..9e6adcb2 100644
--- a/src/gldns/keyraw.c
+++ b/src/gldns/keyraw.c
@@ -23,6 +23,15 @@
 #ifdef HAVE_OPENSSL_ENGINE_H
 #  include <openssl/engine.h>
 #endif
+#ifdef HAVE_OPENSSL_BN_H
+#include <openssl/bn.h>
+#endif
+#ifdef HAVE_OPENSSL_RSA_H
+#include <openssl/rsa.h>
+#endif
+#ifdef HAVE_OPENSSL_DSA_H
+#include <openssl/dsa.h>
+#endif
 #endif /* HAVE_SSL */
 
 size_t
@@ -215,6 +224,7 @@ gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
 		BN_free(Y);
 		return NULL;
 	}
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 #ifndef S_SPLINT_S
 	dsa->p = P;
 	dsa->q = Q;
@@ -222,6 +232,25 @@ gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
 	dsa->pub_key = Y;
 #endif /* splint */
 
+#else /* OPENSSL_VERSION_NUMBER */
+	if (!DSA_set0_pqg(dsa, P, Q, G)) {
+		/* QPG not yet attached, need to free */
+		BN_free(Q);
+		BN_free(P);
+		BN_free(G);
+
+		DSA_free(dsa);
+		BN_free(Y);
+		return NULL;
+	}
+	if (!DSA_set0_key(dsa, Y, NULL)) {
+		/* QPG attached, cleaned up by DSA_fre() */
+		DSA_free(dsa);
+		BN_free(Y);
+		return NULL;
+	}
+#endif
+
 	return dsa;
 }
 
@@ -273,11 +302,21 @@ gldns_key_buf2rsa_raw(unsigned char* key, size_t len)
 		BN_free(modulus);
 		return NULL;
 	}
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 #ifndef S_SPLINT_S
 	rsa->n = modulus;
 	rsa->e = exponent;
 #endif /* splint */
 
+#else /* OPENSSL_VERSION_NUMBER */
+	if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
+		BN_free(exponent);
+		BN_free(modulus);
+		RSA_free(rsa);
+		return NULL;
+	}
+#endif
+
 	return rsa;
 }
 
diff --git a/src/gldns/rrdef.h b/src/gldns/rrdef.h
index b13580ea..f00fa33c 100644
--- a/src/gldns/rrdef.h
+++ b/src/gldns/rrdef.h
@@ -195,7 +195,7 @@ enum gldns_enum_rr_type
         GLDNS_RR_TYPE_TALINK = 58,
 	GLDNS_RR_TYPE_CDS = 59, /** RFC 7344 */
 	GLDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */
-	GLDNS_RR_TYPE_OPENPGPKEY = 61, /* draft-ietf-dane-openpgpkey */
+	GLDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
 	GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
 
 	GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
diff --git a/src/gldns/wire2str.h b/src/gldns/wire2str.h
index 050fb8e7..a4409991 100644
--- a/src/gldns/wire2str.h
+++ b/src/gldns/wire2str.h
@@ -118,7 +118,7 @@ int gldns_str_print(char** str, size_t* slen, const char* format, ...)
  * @param str_len: the size of the string buffer.  If more is needed, it'll
  * 	silently truncate the output to fit in the buffer.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_pkt_buf(uint8_t* data, size_t data_len, char* str,
 	size_t str_len);
@@ -351,7 +351,7 @@ int gldns_wire2str_edns_option_code_print(char** str, size_t* str_len,
  * @param str_len: the size of the string buffer.  If more is needed, it'll
  * 	silently truncate the output to fit in the buffer.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str,
 	size_t str_len);
@@ -369,7 +369,7 @@ int gldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str,
  * @param str_len: the size of the string buffer.  If more is needed, it'll
  * 	silently truncate the output to fit in the buffer.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_rr_unknown_buf(uint8_t* rr, size_t rr_len, char* str,
 	size_t str_len);
@@ -389,7 +389,7 @@ int gldns_wire2str_rr_unknown_buf(uint8_t* rr, size_t rr_len, char* str,
  * @param str_len: the size of the string buffer.  If more is needed, it'll
  * 	silently truncate the output to fit in the buffer.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rr_len, size_t dname_len,
 	char* str, size_t str_len);
@@ -406,7 +406,7 @@ int gldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rr_len, size_t dname_len,
  * 	silently truncate the output to fit in the buffer.
  * @param rrtype: rr type of the data
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str,
 	size_t str_len, uint16_t rrtype);
@@ -417,7 +417,7 @@ int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str,
  * @param str: the string to write to.
  * @param len: length of str.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_type_buf(uint16_t rrtype, char* str, size_t len);
 
@@ -427,7 +427,7 @@ int gldns_wire2str_type_buf(uint16_t rrtype, char* str, size_t len);
  * @param str: the string to write to.
  * @param len: length of str.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len);
 
@@ -437,7 +437,7 @@ int gldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len);
  * @param str: the string to write to.
  * @param len: length of str.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_rcode_buf(int rcode, char* str, size_t len);
 
@@ -448,7 +448,7 @@ int gldns_wire2str_rcode_buf(int rcode, char* str, size_t len);
  * @param str: the string to write to.
  * @param len: length of string.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str,
 	size_t len);
diff --git a/src/pubkey-pinning.c b/src/pubkey-pinning.c
index 8a2250d8..32497608 100644
--- a/src/pubkey-pinning.c
+++ b/src/pubkey-pinning.c
@@ -56,6 +56,10 @@
 #include "context.h"
 #include "util-internal.h"
 
+#ifndef X509_STORE_CTX_get0_untrusted
+#define X509_STORE_CTX_get0_untrusted(store) store->untrusted
+#endif
+
 /* we only support sha256 at the moment.  adding support for another
    digest is more complex than just adding another entry here. in
    particular, you'll probably need a match for a particular cert
@@ -314,11 +318,11 @@ _get_ssl_getdns_upstream_idx()
 {
 	static volatile int idx = -1;
 	if (idx < 0) {
-		CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+		/* CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); */
 		if (idx < 0)
 			idx = SSL_get_ex_new_index(0, "associated getdns upstream",
 						   NULL,NULL,NULL);
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+		/* CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); */
 	}
 	return idx;
 }
@@ -383,7 +387,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 
 	/* TODO: how do we handle raw public keys? */
 
-	for (i = 0; i < sk_X509_num(store->untrusted); i++) {
+	for (i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++) {
 		if (i > 0) {
 		/* TODO: how do we ensure that the certificates in
 		 * each stage appropriately sign the previous one?
@@ -392,7 +396,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 			return GETDNS_RETURN_GENERIC_ERROR;
 		}
 
-		x = sk_X509_value(store->untrusted, i);
+		x = sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i);
 #if defined(STUB_DEBUG) && STUB_DEBUG
 		DEBUG_STUB("%s %-35s: Name of cert: %d ",
 		           STUB_DEBUG_SETUP_TLS, __FUNCTION__, i);
diff --git a/src/types-internal.h b/src/types-internal.h
index bd1f993c..b9d229e6 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -67,13 +67,6 @@ typedef enum getdns_auth_state {
 #define GETDNS_STR_AUTH_FAILED "Failed"
 #define GETDNS_STR_AUTH_OK "Success"
 
-static char*
-getdns_auth_str_array[] = {
-	GETDNS_STR_AUTH_NONE,
-	GETDNS_STR_AUTH_FAILED,
-	GETDNS_STR_AUTH_OK
-};
-
 struct getdns_context;
 struct getdns_upstreams;
 struct getdns_upstream;
diff --git a/src/util/val_secalgo.c b/src/util/val_secalgo.c
index edbf538b..a27e7807 100644
--- a/src/util/val_secalgo.c
+++ b/src/util/val_secalgo.c
@@ -590,7 +590,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 		log_err("EVP_MD_CTX_new: malloc failure");
 		EVP_PKEY_free(evp_key);
 		if(dofree) free(sigblock);
-		else if(docrypto_free) CRYPTO_free(sigblock);
+		else if(docrypto_free) OPENSSL_free(sigblock);
 		return 0;
 	}
 	if(EVP_VerifyInit(ctx, digest_type) == 0) {
@@ -598,7 +598,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 		EVP_MD_CTX_destroy(ctx);
 		EVP_PKEY_free(evp_key);
 		if(dofree) free(sigblock);
-		else if(docrypto_free) CRYPTO_free(sigblock);
+		else if(docrypto_free) OPENSSL_free(sigblock);
 		return 0;
 	}
 	if(EVP_VerifyUpdate(ctx, (unsigned char*)gldns_buffer_begin(buf), 
@@ -607,7 +607,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 		EVP_MD_CTX_destroy(ctx);
 		EVP_PKEY_free(evp_key);
 		if(dofree) free(sigblock);
-		else if(docrypto_free) CRYPTO_free(sigblock);
+		else if(docrypto_free) OPENSSL_free(sigblock);
 		return 0;
 	}
 
@@ -621,7 +621,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 	EVP_PKEY_free(evp_key);
 
 	if(dofree) free(sigblock);
-	else if(docrypto_free) CRYPTO_free(sigblock);
+	else if(docrypto_free) OPENSSL_free(sigblock);
 
 	if(res == 1) {
 		return 1;
@@ -1359,6 +1359,7 @@ _getdns_dnskey_algo_id_is_supported(int id)
 	}
 }
 
+#ifdef USE_DSA
 static char *
 _verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock,
 	unsigned int sigblock_len, unsigned char* key, unsigned int keylen)
@@ -1446,6 +1447,7 @@ _verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock,
 	else
 		return NULL;
 }
+#endif /* USE_DSA */
 
 static char *
 _verify_nettle_rsa(gldns_buffer* buf, unsigned int digest_size, char* sigblock,

From 3f965e68c021d3e6bbf17053c4a1af87a744a9c1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 14 Oct 2016 12:02:23 +0200
Subject: [PATCH 009/249] Stubby is getdns_query with a different name

---
 Makefile.in           | 19 ++++++++++++++-----
 configure.ac          | 24 ++++++++++++++++++++----
 src/Makefile.in       |  3 +++
 src/tools/Makefile.in | 14 ++++++++++++--
 4 files changed, 49 insertions(+), 11 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index b0a478a2..2ccf05b5 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -44,7 +44,7 @@ libdir = @libdir@
 srcdir = @srcdir@
 INSTALL = @INSTALL@
 
-all : default @GETDNS_QUERY@ 
+all : default @GETDNS_QUERY@ @STUBBY@
 
 everything: default
 	cd src/test && $(MAKE)
@@ -52,7 +52,7 @@ everything: default
 default:
 	cd src && $(MAKE) $@
 
-install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@
+install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_STUBBY@
 	$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/AUTHORS $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(docdir)
@@ -87,7 +87,7 @@ install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@
 	@echo "***  at package installation time from the post-install script."
 	@echo "***"
 
-uninstall: @UNINSTALL_GETDNS_QUERY@
+uninstall: @UNINSTALL_GETDNS_QUERY@ @UNINSTALL_STUBBY@
 	rm -rf $(DESTDIR)$(docdir)
 	cd doc && $(MAKE) $@
 	cd src && $(MAKE) $@
@@ -104,6 +104,9 @@ test:
 getdns_query:
 	cd src && $(MAKE) $@
 
+stubby:
+	cd src && $(MAKE) $@
+
 scratchpad:
 	cd src && $(MAKE) $@
 
@@ -111,10 +114,16 @@ pad: scratchpad
 	src/test/scratchpad || ./libtool exec gdb src/test/scratchpad
 
 install-getdns_query:
-	cd src/tools && $(MAKE) install
+	cd src/tools && $(MAKE) $@
 
 uninstall-getdns_query:
-	cd src/tools && $(MAKE) uninstall
+	cd src/tools && $(MAKE) $@
+
+install-stubby:
+	cd src/tools && $(MAKE) $@
+
+uninstall-stubby:
+	cd src/tools && $(MAKE) $@
 
 clean:
 	cd src && $(MAKE) $@
diff --git a/configure.ac b/configure.ac
index 031c618e..1cfca246 100644
--- a/configure.ac
+++ b/configure.ac
@@ -913,6 +913,26 @@ else
 	INSTALL_GETDNS_QUERY="install-getdns_query"
 	UNINSTALL_GETDNS_QUERY="uninstall-getdns_query"
 fi
+AC_SUBST(GETDNS_QUERY)
+AC_SUBST(INSTALL_GETDNS_QUERY)
+AC_SUBST(UNINSTALL_GETDNS_QUERY)
+
+AC_ARG_WITH(stubby, AS_HELP_STRING([--without-stubby],
+	[Do not compile and install stubby, the (stub) resolver daemon]),
+	[], [withval="yes"])
+if test x_$withval = x_no; then
+	STUBBY=""
+	INSTALL_STUBBY=""
+	UNINSTALL_STUBBY=""
+else
+	STUBBY="stubby"
+	INSTALL_STUBBY="install-stubby"
+	UNINSTALL_STUBBY="uninstall-stubby"
+fi
+AC_SUBST(STUBBY)
+AC_SUBST(INSTALL_STUBBY)
+AC_SUBST(UNINSTALL_STUBBY)
+
 AC_ARG_WITH(fd-setsize, AS_HELP_STRING([--with-fd-setsize=size],
 	[Set maximum file descriptor number that can be used by select]),
 	[], [withval="no"])
@@ -925,10 +945,6 @@ case "$withval" in
 		;;
 esac
 
-AC_SUBST(GETDNS_QUERY)
-AC_SUBST(INSTALL_GETDNS_QUERY)
-AC_SUBST(UNINSTALL_GETDNS_QUERY)
-
 AC_CONFIG_FILES([Makefile src/Makefile src/version.c src/getdns/getdns.h src/getdns/getdns_extra.h spec/example/Makefile src/test/Makefile src/tools/Makefile doc/Makefile getdns.pc getdns_ext_event.pc])
 if [ test -n "$DOXYGEN" ]
     then AC_CONFIG_FILES([src/Doxyfile])
diff --git a/src/Makefile.in b/src/Makefile.in
index ecfcf082..763e22da 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -159,6 +159,9 @@ test:	all
 getdns_query:	all
 	cd tools && $(MAKE) $@
 
+stubby:	all
+	cd tools && $(MAKE) $@
+
 scratchpad:	all
 	cd test && $(MAKE) $@
 
diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index ae2c6080..9f1bb75f 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -67,13 +67,23 @@ $(ALL_OBJS):
 getdns_query: getdns_query.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS)
 
-install: getdns_query
+stubby: getdns_query
+	ln -s getdns_query stubby
+
+install-getdns_query: getdns_query
 	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
 	$(LIBTOOL) --mode=install cp getdns_query $(DESTDIR)$(bindir)
 
-uninstall:
+uninstall-getdns_query:
 	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/getdns_query
 
+install-stubby: getdns_query
+	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
+	$(LIBTOOL) --mode=install cp getdns_query $(DESTDIR)$(bindir)/stubby
+
+uninstall-stubby:
+	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
+
 clean:
 	rm -f *.o *.lo $(PROGRAMS)
 	rm -rf .libs

From 58b5ead67aa44fe25535fa9073fcadc1f5ff0056 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 14 Oct 2016 08:24:25 -0500
Subject: [PATCH 010/249] Make stubby act as stubby

---
 src/tools/getdns_query.c | 153 +++++++++++++++++++++++++++------------
 1 file changed, 107 insertions(+), 46 deletions(-)

diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 7acc77d9..abd91471 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -48,6 +48,12 @@ typedef unsigned short in_port_t;
 
 #define EXAMPLE_PIN "pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""
 
+static int i_am_stubby = 0;
+static const char *default_stubby_config =
+"{ resolution_type: GETDNS_RESOLUTION_STUB"
+", listen_addresses: [ { 127.0.0.1:53 } ]"
+"}";
+static int clear_listen_list_on_arg = 0;
 static int quiet = 0;
 static int batch_mode = 0;
 static char *query_file = NULL;
@@ -469,6 +475,48 @@ static void parse_config(const char *config_str)
 	}
 }
 
+int parse_config_file(const char *fn, int report_open_failure)
+{
+	FILE *fh;
+	char *config_file = NULL;
+	long config_file_sz;
+
+	if (!(fh = fopen(fn, "r"))) {
+		if (report_open_failure)
+			fprintf( stderr, "Could not open \"%s\": %s\n"
+			       , fn, strerror(errno));
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}
+	if (fseek(fh, 0,SEEK_END) == -1) {
+		perror("fseek");
+		fclose(fh);
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}
+	config_file_sz = ftell(fh);
+	if (config_file_sz <= 0) {
+		/* Empty config is no config */
+		fclose(fh);
+		return GETDNS_RETURN_GOOD;
+	}
+	if (!(config_file = malloc(config_file_sz + 1))){
+		fclose(fh);
+		fprintf(stderr, "Could not allocate memory for \"%s\"\n", fn);
+		return GETDNS_RETURN_MEMORY_ERROR;
+	}
+	rewind(fh);
+	if (fread(config_file, 1, config_file_sz, fh) != config_file_sz) {
+		fprintf( stderr, "An error occurred while reading \"%s\": %s\n"
+		       , fn, strerror(errno));
+		fclose(fh);
+		return GETDNS_RETURN_MEMORY_ERROR;
+	}
+	config_file[config_file_sz] = 0;
+	fclose(fh);
+	parse_config(config_file);
+	free(config_file);
+	return GETDNS_RETURN_GOOD;
+}
+
 getdns_return_t parse_args(int argc, char **argv)
 {
 	getdns_return_t r = GETDNS_RETURN_GOOD;
@@ -483,8 +531,6 @@ getdns_return_t parse_args(int argc, char **argv)
 	getdns_bindata bindata;
 	size_t upstream_count = 0;
 	FILE *fh;
-	char *config_file = NULL;
-	long config_file_sz;
 
 	for (i = 1; i < argc; i++) {
 		arg = argv[i];
@@ -595,42 +641,7 @@ getdns_return_t parse_args(int argc, char **argv)
 					    "after -C\n");
 					return GETDNS_RETURN_GENERIC_ERROR;
 				}
-				if (!(fh = fopen(argv[i], "r"))) {
-					fprintf(stderr, "Could not open \"%s\""
-					    ": %s\n",argv[i], strerror(errno));
-					return GETDNS_RETURN_GENERIC_ERROR;
-				}
-				if (fseek(fh, 0,SEEK_END) == -1) {
-					perror("fseek");
-					fclose(fh);
-					return GETDNS_RETURN_GENERIC_ERROR;
-				}
-				config_file_sz = ftell(fh);
-				if (config_file_sz <= 0) {
-					/* Empty config is no config */
-					fclose(fh);
-					break;
-				}
-				if (!(config_file=malloc(config_file_sz + 1))){
-					fclose(fh);
-					fprintf(stderr, "Could not allocate me"
-					    "mory for \"%s\"\n", argv[i]);
-					return GETDNS_RETURN_MEMORY_ERROR;
-				}
-				rewind(fh);
-				if (fread(config_file, 1, config_file_sz, fh)
-				    != config_file_sz) {
-					fprintf(stderr, "An error occurred whil"
-					    "e reading \"%s\": %s\n",argv[i],
-					    strerror(errno));
-					fclose(fh);
-					return GETDNS_RETURN_MEMORY_ERROR;
-				}
-				config_file[config_file_sz] = 0;
-				fclose(fh);
-				parse_config(config_file);
-				free(config_file);
-				config_file = NULL;
+				(void) parse_config_file(argv[i], 1);
 				break;
 			case 'D':
 				(void) getdns_context_set_edns_do_bit(context, 1);
@@ -927,17 +938,23 @@ getdns_return_t parse_args(int argc, char **argv)
 					                "expected after -z\n");
 					return GETDNS_RETURN_GENERIC_ERROR;
 				}
-				if (argv[i][0] == '-' && argv[i][1] == '\0') {
+				if (clear_listen_list_on_arg ||
+				    (argv[i][0] == '-' && argv[i][1] == '\0')) {
 					if (listen_list && !listen_dict)
 						getdns_list_destroy(
 						    listen_list);
 					listen_list = NULL;
 					listen_count = 0;
-					touched_listen_list = 1;
-					DEBUG_SERVER("Clear listen list\n");
-					break;
+					if (!clear_listen_list_on_arg) {
+						touched_listen_list = 1;
+						DEBUG_SERVER("Clear listen list\n");
+						break;
+					} else if (listen_dict) {
+						getdns_dict_destroy(listen_dict);
+						listen_dict = NULL;
+					}
+					clear_listen_list_on_arg = 0;
 				}
-
 				if ((r = getdns_str2dict(argv[i], &downstream)))
 					fprintf(stderr, "Could not convert \"%s\" to "
 					    "an IP dict: %s\n", argv[i],
@@ -1002,7 +1019,24 @@ next:		;
 	if (print_api_info) {
 		getdns_dict *api_information = 
 		    getdns_context_get_api_information(context);
-		char *api_information_str =
+		char *api_information_str;
+	       
+		if (listen_dict && !getdns_dict_get_list(
+		    listen_dict, "listen_list", &listen_list)) {
+
+			(void) getdns_dict_set_list(api_information,
+			    "listen_addresses", listen_list);
+		} else if (listen_list) {
+			(void) getdns_dict_set_list(api_information,
+			    "listen_addresses", listen_list);
+
+		} else if ((listen_list = getdns_list_create())) {
+			(void) getdns_dict_set_list(api_information,
+			    "listen_addresses", listen_list);
+			getdns_list_destroy(listen_list);
+			listen_list = NULL;
+		}
+		api_information_str =
 		    getdns_pretty_print_dict(api_information);
 		fprintf(stdout, "%s\n", api_information_str);
 		free(api_information_str);
@@ -1531,7 +1565,17 @@ error:
 int
 main(int argc, char **argv)
 {
+	char home_stubby_conf_fn[1024];
 	getdns_return_t r;
+#ifndef USE_WINSOCK
+	char *prg_name = strrchr(argv[0], '/');
+#else
+	char *prg_name = strrchr(argv[0], '\\');
+#endif
+	prg_name = prg_name ? prg_name + 1 : argv[0];
+
+	i_am_stubby = strcasecmp(prg_name, "stubby") == 0
+	           || strcasecmp(prg_name, "lt-stubby") == 0;
 
 	name = the_root;
 	if ((r = getdns_context_create(&context, 1))) {
@@ -1546,8 +1590,20 @@ main(int argc, char **argv)
 		r = GETDNS_RETURN_MEMORY_ERROR;
 		goto done_destroy_context;
 	}
+	if (i_am_stubby) {
+		(void) parse_config(default_stubby_config);
+		(void) parse_config_file("/etc/stubby.conf", 0);
+		if (snprintf( home_stubby_conf_fn, sizeof(home_stubby_conf_fn)
+		            , "%s/.stubby.conf", getenv("HOME")
+			    ) < sizeof(home_stubby_conf_fn)) {
+
+			(void) parse_config_file(home_stubby_conf_fn, 0);
+		}
+		clear_listen_list_on_arg = 1;
+	}
 	if ((r = parse_args(argc, argv)))
 		goto done_destroy_context;
+	clear_listen_list_on_arg = 0;
 
 	if (query_file) {
 		fp = fopen(query_file, "rt");
@@ -1564,8 +1620,10 @@ main(int argc, char **argv)
 		assert(loop);
 	}
 	if (listen_count && (r = getdns_context_set_listen_addresses(
-	    context, incoming_request_handler, listen_list)))
+	    context, incoming_request_handler, listen_list))) {
+		perror("error: Could not bind on given addresses");
 		goto done_destroy_context;
+	}
 
 	/* Make the call */
 	if (interactive) {
@@ -1606,7 +1664,10 @@ done_destroy_context:
 		return 0;
 	else if (r == CONTINUE_ERROR)
 		return 1;
-	fprintf(stdout, "\nAll done.\n");
+
+	if (!i_am_stubby || !r) {
+		fprintf(stdout, "\nAll done.\n");
+	}
 	return r;
 }
 

From 3d356bd35e2a218be95b5e328779db6b27046045 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 14 Oct 2016 09:51:17 -0500
Subject: [PATCH 011/249] Stubby runs in background by default

---
 src/tools/getdns_query.c | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index abd91471..665c9ee1 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -54,6 +54,7 @@ static const char *default_stubby_config =
 ", listen_addresses: [ { 127.0.0.1:53 } ]"
 "}";
 static int clear_listen_list_on_arg = 0;
+static int run_in_foreground = 0;
 static int quiet = 0;
 static int batch_mode = 0;
 static char *query_file = NULL;
@@ -203,6 +204,8 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t-e <idle_timeout>\tSet idle timeout in miliseconds\n");
 	fprintf(out, "\t-F <filename>\tread the queries from the specified file\n");
 	fprintf(out, "\t-f <filename>\tRead DNSSEC trust anchors from <filename>\n");
+	if (i_am_stubby)
+		fprintf(out, "\t-g\tRun stubby in foreground\n");
 	fprintf(out, "\t-G\tgeneral lookup\n");
 	fprintf(out, "\t-H\thostname lookup. (<name> must be an IP address; <type> is ignored)\n");
 	fprintf(out, "\t-h\tPrint this help\n");
@@ -983,6 +986,10 @@ getdns_return_t parse_args(int argc, char **argv)
 				}
 				break;
 			default:
+				if (i_am_stubby && *c == 'g') {
+					run_in_foreground = 1;
+					break;
+				}
 				fprintf(stderr, "Unknown option "
 				    "\"%c\"\n", *c);
 				for (i = 0; i < argc; i++)
@@ -1642,7 +1649,25 @@ main(int argc, char **argv)
 	}
 	else if (listen_count) {
 		assert(loop);
-		loop->vmt->run(loop);
+		if (i_am_stubby && !run_in_foreground) {
+			pid_t pid = fork();
+			if (pid == -1) {
+				perror("Could not fork of stubby daemon\n");
+				r = GETDNS_RETURN_GENERIC_ERROR;
+
+			} else if (pid) {
+				FILE *fh = fopen("/var/rub/stubby.pid", "w");
+				if (! fh)
+					fh = fopen("/tmp/stubby.pid", "w");
+				if (fh) {
+					fprintf(fh, "%d", (int)pid);
+					fclose(fh);
+					batch_mode = 0;
+				}
+			} else
+				loop->vmt->run(loop);
+		} else
+			loop->vmt->run(loop);
 	} else
 		r = do_the_call();
 
@@ -1665,10 +1690,8 @@ done_destroy_context:
 	else if (r == CONTINUE_ERROR)
 		return 1;
 
-	if (!i_am_stubby || !r) {
+	if (!i_am_stubby)
 		fprintf(stdout, "\nAll done.\n");
-	}
+
 	return r;
 }
-
-

From ec04dc21ee02a289f85be75f25080a069d5c5a83 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 14 Oct 2016 10:14:38 -0500
Subject: [PATCH 012/249] Stubby defaults in help text

---
 src/tools/getdns_query.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 665c9ee1..51da2d94 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -199,13 +199,17 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t\tRead settings from config file <filename>\n");
 	fprintf(out, "\t\tThe getdns context will be configured with these settings\n");
 	fprintf(out, "\t\tThe file must be in json dict format.\n");
+	if (i_am_stubby) {
+		fprintf(out, "\t\tBy default, configuration is first read from");
+		fprintf(out, "\t\t\"/etc/stubby.conf\" and then from \"$HOME/.stubby.conf\"");
+	}
 	fprintf(out, "\t-D\tSet edns0 do bit\n");
 	fprintf(out, "\t-d\tclear edns0 do bit\n");
 	fprintf(out, "\t-e <idle_timeout>\tSet idle timeout in miliseconds\n");
 	fprintf(out, "\t-F <filename>\tread the queries from the specified file\n");
 	fprintf(out, "\t-f <filename>\tRead DNSSEC trust anchors from <filename>\n");
 	if (i_am_stubby)
-		fprintf(out, "\t-g\tRun stubby in foreground\n");
+		fprintf(out, "\t-g\tRun stubby in foreground (default is background)\n");
 	fprintf(out, "\t-G\tgeneral lookup\n");
 	fprintf(out, "\t-H\thostname lookup. (<name> must be an IP address; <type> is ignored)\n");
 	fprintf(out, "\t-h\tPrint this help\n");
@@ -221,9 +225,11 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t-p\tPretty print response dict\n");
 	fprintf(out, "\t-P <blocksize>\tPad TLS queries to a multiple of blocksize\n");
 	fprintf(out, "\t-q\tQuiet mode - don't print response\n");
-	fprintf(out, "\t-r\tSet recursing resolution type\n");
+	fprintf( out, "\t-r\tSet recursing resolution type%s\n"
+	       , i_am_stubby ? "(default = stub)" : "");
 	fprintf(out, "\t-R <filename>\tRead root hints from <filename>\n");
-	fprintf(out, "\t-s\tSet stub resolution type (default = recursing)\n");
+	fprintf(out, "\t-s\tSet stub resolution type%s\n"
+	       , i_am_stubby ? "" : "(default = recursing)" );
 	fprintf(out, "\t-S\tservice lookup (<type> is ignored)\n");
 	fprintf(out, "\t-t <timeout>\tSet timeout in miliseconds\n");
 	fprintf(out, "\t-x\tDo not follow redirects\n");
@@ -248,6 +254,8 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t\tListen for DNS requests on the given IP address\n");
 	fprintf(out, "\t\t<listen address> is in the same format as upstreams.\n");
 	fprintf(out, "\t\tThis option can be given more than once.\n");
+	if (i_am_stubby)
+		fprintf(out, "\t\t(default is to listen on 127.0.0.1:53)\n");
 }
 
 static getdns_return_t validate_chain(getdns_dict *response)

From 0fa8152bb6f186ccf47212645619503e6e97a63e Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 15 Oct 2016 06:07:33 -0500
Subject: [PATCH 013/249] Bump version to alpha 2

-a2 (with dash) to be semver format compliant
---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 1cfca246..e6f8f1ab 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,7 +37,7 @@ sinclude(./m4/ax_check_compile_flag.m4)
 sinclude(./m4/pkg.m4)
 
 AC_INIT([getdns], [1.1.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
-AC_SUBST(RELEASE_CANDIDATE, [a1])
+AC_SUBST(RELEASE_CANDIDATE, [-a2])
 
 # Set current date from system if not set
 AC_ARG_WITH([current-date],

From 838375fe66e707e584b991132cd7d15904f31b2e Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sun, 16 Oct 2016 05:32:05 -0500
Subject: [PATCH 014/249] Run stubby in foreground by default

---
 src/tools/getdns_query.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 51da2d94..9ec3beb4 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -54,7 +54,7 @@ static const char *default_stubby_config =
 ", listen_addresses: [ { 127.0.0.1:53 } ]"
 "}";
 static int clear_listen_list_on_arg = 0;
-static int run_in_foreground = 0;
+static int run_in_foreground = 1;
 static int quiet = 0;
 static int batch_mode = 0;
 static char *query_file = NULL;
@@ -209,7 +209,7 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t-F <filename>\tread the queries from the specified file\n");
 	fprintf(out, "\t-f <filename>\tRead DNSSEC trust anchors from <filename>\n");
 	if (i_am_stubby)
-		fprintf(out, "\t-g\tRun stubby in foreground (default is background)\n");
+		fprintf(out, "\t-g\tRun stubby in background (default is foreground)\n");
 	fprintf(out, "\t-G\tgeneral lookup\n");
 	fprintf(out, "\t-H\thostname lookup. (<name> must be an IP address; <type> is ignored)\n");
 	fprintf(out, "\t-h\tPrint this help\n");
@@ -995,7 +995,7 @@ getdns_return_t parse_args(int argc, char **argv)
 				break;
 			default:
 				if (i_am_stubby && *c == 'g') {
-					run_in_foreground = 1;
+					run_in_foreground = 0;
 					break;
 				}
 				fprintf(stderr, "Unknown option "

From 05fb6edfcb6a5d5470bc92038941640f5337322c Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sun, 16 Oct 2016 05:39:04 -0500
Subject: [PATCH 015/249] Linking to allow running stubby from src/tools

---
 src/tools/Makefile.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index 9f1bb75f..b1a25720 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -67,8 +67,8 @@ $(ALL_OBJS):
 getdns_query: getdns_query.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS)
 
-stubby: getdns_query
-	ln -s getdns_query stubby
+stubby: getdns_query.lo
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS)
 
 install-getdns_query: getdns_query
 	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)

From 732844eeaa1e3a82b7cb200b333567e81034f7ab Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sun, 16 Oct 2016 09:46:02 -0500
Subject: [PATCH 016/249] Correct default config

---
 src/tools/getdns_query.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 9ec3beb4..dc148e35 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -51,7 +51,7 @@ typedef unsigned short in_port_t;
 static int i_am_stubby = 0;
 static const char *default_stubby_config =
 "{ resolution_type: GETDNS_RESOLUTION_STUB"
-", listen_addresses: [ { 127.0.0.1:53 } ]"
+", listen_addresses: [ 127.0.0.1@53, 0::1@53 ]"
 "}";
 static int clear_listen_list_on_arg = 0;
 static int run_in_foreground = 1;

From bc70b2941673173379612797b7108d892f14192b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 19 Oct 2016 07:30:31 -0500
Subject: [PATCH 017/249] Stubby release

---
 ChangeLog                |  7 +++++++
 src/convert.c            |  1 -
 src/tools/getdns_query.c | 17 +++++++++++++++--
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1adfe0b6..c7397ee2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+* 2016-10-19: Version 1.1.0-a2
+  * Improved TLS connection management
+  * OpenSSL 1.1 support
+  * Stubby, Server version of getdns_query that by default listens
+    on 127.0.0.1 and ::1 and reads config from /etc/stubby.conf
+    and $HOME/.stubby.conf
+
 * 2016-07-14: Version 1.1.0a1
   * Conversion functions from text strings to getdns native types:
     getdns_str2dict(), getdns_str2list(), getdns_str2bindata() and
diff --git a/src/convert.c b/src/convert.c
index f0b4251d..24dbbf03 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -830,7 +830,6 @@ _getdns_reply_dict2wire(
 		}
 	}
 	remove_dnssec = !getdns_dict_get_int(reply, "/header/do", &n) && n == 0;
-	DEBUG_SERVER("remove_dnssec: %d\n", remove_dnssec);
 
 	if (!getdns_dict_get_list(reply, "answer", &section)) {
 		for ( n = 0, i = 0
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index dc148e35..48a4d721 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -51,6 +51,7 @@ typedef unsigned short in_port_t;
 static int i_am_stubby = 0;
 static const char *default_stubby_config =
 "{ resolution_type: GETDNS_RESOLUTION_STUB"
+", idle_timeout: 10000"
 ", listen_addresses: [ 127.0.0.1@53, 0::1@53 ]"
 "}";
 static int clear_listen_list_on_arg = 0;
@@ -1328,9 +1329,21 @@ static void request_cb(
 	getdns_return_t r = GETDNS_RETURN_GOOD;
 	uint32_t n, rcode, dnssec_status;
 
+#if defined(SERVER_DEBUG) && SERVER_DEBUG
+	getdns_bindata *qname;
+	char *qname_str, *unknown_qname = "<unknown_qname>";
+
+	if (getdns_dict_get_bindata(msg->request, "/question/qname", &qname)
+	||  getdns_convert_dns_name_to_fqdn(qname, &qname_str))
+		qname_str = unknown_qname;
+
 	DEBUG_SERVER("reply for: %p %"PRIu64" %d (edns0: %d, do: %d, ad: %d,"
-	    " cd: %d)\n", msg, transaction_id, (int)callback_type,
-	    msg->has_edns0, msg->do_bit, msg->ad_bit, msg->cd_bit);
+	    " cd: %d, qname: %s)\n", msg, transaction_id, (int)callback_type,
+	    msg->has_edns0, msg->do_bit, msg->ad_bit, msg->cd_bit, qname_str);
+
+	if (qname_str != unknown_qname)
+		free(qname_str);
+#endif
 	assert(msg);
 
 #if 0

From a0ae9130cc815dd8b82362de6ff5a89330aa5c39 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 21 Oct 2016 14:18:24 +0100
Subject: [PATCH 018/249] Fix issue with session re-use making authentication
 appear to fail

---
 src/context.c | 15 +++++++++------
 src/context.h |  3 ++-
 src/stub.c    | 25 ++++++++++++++++++++-----
 3 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/src/context.c b/src/context.c
index ff172499..9adcc8f5 100644
--- a/src/context.c
+++ b/src/context.c
@@ -710,19 +710,20 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	/* Update total stats for the upstream.*/
 	upstream->total_responses+=upstream->responses_received;
 	upstream->total_timeouts+=upstream->responses_timeouts;
-	/* Pick up the auth state if it is of interest*/
-	if (upstream->tls_auth_state != GETDNS_AUTH_NONE)
-		upstream->past_tls_auth_state = upstream->tls_auth_state;
-
+	/* Need the last auth state when using session resumption*/
+	upstream->last_tls_auth_state = upstream->tls_auth_state;
+	/* Keep track of the best auth state this upstream has had*/
+	if (upstream->tls_auth_state > upstream->best_tls_auth_state)
+		upstream->best_tls_auth_state = upstream->tls_auth_state;
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 	DEBUG_DAEMON("%s %s : Conn closed: Conn stats     - Resp=%d,Timeouts=%d,Auth=%s,Keepalive(ms)=%d\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (int)upstream->responses_received, (int)upstream->responses_timeouts,
 	             getdns_auth_str_array[upstream->tls_auth_state], (int)upstream->keepalive_timeout);
-	DEBUG_DAEMON("%s %s :              Upstream stats - Resp=%d,Timeouts=%d,Auth=%s,Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
+	DEBUG_DAEMON("%s %s :              Upstream stats - Resp=%d,Timeouts=%d,Best_auth=%s,Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (int)upstream->total_responses, (int)upstream->total_timeouts,
-	             getdns_auth_str_array[upstream->tls_auth_state], 
+	             getdns_auth_str_array[upstream->best_tls_auth_state], 
 	             (int)upstream->conn_completed, (int)upstream->conn_setup_failed,
 	             (int)upstream->conn_shutdowns, (int)upstream->conn_backoffs);
 #endif
@@ -908,6 +909,8 @@ upstream_init(getdns_upstream *upstream,
 	upstream->tls_hs_state = GETDNS_HS_NONE;
 	upstream->tls_auth_name[0] = '\0';
 	upstream->tls_auth_state = GETDNS_AUTH_NONE;
+	upstream->last_tls_auth_state = GETDNS_AUTH_NONE;
+	upstream->best_tls_auth_state = GETDNS_AUTH_NONE;
 	upstream->tls_pubkey_pinset = NULL;
 	upstream->loop = NULL;
 	(void) getdns_eventloop_event_init(
diff --git a/src/context.h b/src/context.h
index 8d192d39..41e7a830 100644
--- a/src/context.h
+++ b/src/context.h
@@ -147,7 +147,8 @@ typedef struct getdns_upstream {
 	size_t                   conn_backoffs;
 	size_t                   total_responses;
 	size_t                   total_timeouts;
-	getdns_auth_state_t      past_tls_auth_state;
+	getdns_auth_state_t      best_tls_auth_state;
+	getdns_auth_state_t      last_tls_auth_state;
 	/* These are per connection. */
 	getdns_conn_state_t      conn_state;
 	size_t                   queries_sent;
diff --git a/src/stub.c b/src/stub.c
index e496d61d..bb18f68b 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -954,6 +954,20 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
 
 	SSL_set_connect_state(ssl);
 	(void) SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+	/* Session resumption. There are trade-offs here. Want to do it when
+	   possible only if we have the right type of connection. Note a change
+	   to the upstream auth info creates a new upstream so never re-uses.*/
+	if (upstream->tls_session != NULL) {
+		if ((upstream->tls_fallback_ok == 0 &&
+		     upstream->last_tls_auth_state == GETDNS_AUTH_OK) ||
+		     upstream->tls_fallback_ok == 1) {
+			SSL_set_session(ssl, upstream->tls_session);
+			DEBUG_STUB("%s %-35s: Attempting session re-use\n", STUB_DEBUG_SETUP_TLS, 
+			            __FUNCTION__);
+			}
+	}
+
 	return ssl;
 }
 
@@ -995,6 +1009,9 @@ tls_do_handshake(getdns_upstream *upstream)
 	upstream->tls_hs_state = GETDNS_HS_DONE;
 	upstream->conn_state = GETDNS_CONN_OPEN;
 	upstream->conn_completed++;
+	/* A re-used session is not verified so need to fix up state in that case */
+	if (SSL_session_reused(upstream->tls_obj))
+		upstream->tls_auth_state = upstream->last_tls_auth_state;
 	DEBUG_STUB("%s %-35s: FD:  %d Handshake succeeded with auth state %d. Session is %s.\n", 
 		         STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd, upstream->tls_auth_state,
 		         SSL_session_reused(upstream->tls_obj) ?"re-used":"new");
@@ -1598,8 +1615,8 @@ upstream_valid(getdns_upstream *upstream,
 	/* We need to check past authentication history to see if this is usable for TLS.*/
 	if (netreq->tls_auth_min != GETDNS_AUTHENTICATION_REQUIRED)
 		return 1;
-	return ((upstream->past_tls_auth_state == GETDNS_AUTH_OK ||
-	         upstream->past_tls_auth_state == GETDNS_AUTH_NONE) ? 1 : 0);
+	return ((upstream->best_tls_auth_state == GETDNS_AUTH_OK ||
+	         upstream->best_tls_auth_state == GETDNS_AUTH_NONE) ? 1 : 0);
 }
 
 static int
@@ -1654,7 +1671,7 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 	   upstreams we may have no valid upstream at all (in contrast to UDP). This
 	   will be better communicated to the user when we have better error codes*/
 	for (i = 0; i < upstreams->count; i++) {
-		DEBUG_STUB("%s %-35s: Testing  %d %d\n", STUB_DEBUG_SETUP, 
+		DEBUG_STUB("%s %-35s: Testing upstreams  %d %d\n", STUB_DEBUG_SETUP, 
 	           __FUNCTION__, (int)i, (int)upstreams->upstreams[i].conn_state);
 		if (upstream_valid(&upstreams->upstreams[i], transport, netreq)) {
 			upstream = &upstreams->upstreams[i];
@@ -1744,8 +1761,6 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 				close(fd);
 				return -1;
 			}
-			if (upstream->tls_session != NULL) 
-			    SSL_set_session(upstream->tls_obj, upstream->tls_session);
 			upstream->tls_hs_state = GETDNS_HS_WRITE;
 		}
 		upstream->conn_state = GETDNS_CONN_SETUP;

From cbe451274ba798284a3bef53751fe17b37327140 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 25 Oct 2016 11:09:37 +0200
Subject: [PATCH 019/249] Bump version

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index e6f8f1ab..cbee6fa7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,7 +37,7 @@ sinclude(./m4/ax_check_compile_flag.m4)
 sinclude(./m4/pkg.m4)
 
 AC_INIT([getdns], [1.1.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
-AC_SUBST(RELEASE_CANDIDATE, [-a2])
+AC_SUBST(RELEASE_CANDIDATE, [-alpha3])
 
 # Set current date from system if not set
 AC_ARG_WITH([current-date],

From 4ea4f68467572810494a608ca678d475636d4d85 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 26 Oct 2016 15:29:07 +0200
Subject: [PATCH 020/249] Get_suffix, no '\0' in returned strings

Resolves issue #203
---
 src/context.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/context.c b/src/context.c
index a93e6f14..8186bf21 100644
--- a/src/context.c
+++ b/src/context.c
@@ -3698,8 +3698,7 @@ getdns_context_get_suffix(getdns_context *context, getdns_list **value)
 			r = GETDNS_RETURN_GENERIC_ERROR;
 			break;
 		}
-		if ((r = _getdns_list_append_const_bindata(
-		    list, strlen(name) + 1, name)))
+		if ((r = _getdns_list_append_string(list, name)))
 			break;
 		dname += dname_len;
 		dname_len = *dname++;

From 3fa34dcfcad984a9d4a287a31b20b00a7ca80d4b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 26 Oct 2016 15:52:22 +0200
Subject: [PATCH 021/249] Mention the actual missing dependencies

---
 configure.ac | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index b2c066a2..d6b396f9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -552,10 +552,16 @@ fi
 
 # Checks for libraries.
 found_all_libs=1
+MISSING_DEPS=""
+MISSING_SEP=""
 if test $my_with_libidn = 1
 then
 	AC_MSG_NOTICE([Checking for dependency libidn])
-	AC_CHECK_LIB([idn], [idna_to_ascii_8z], [], [found_all_libs=0])
+	AC_CHECK_LIB([idn], [idna_to_ascii_8z], [], [
+		MISSING_DEPS="${MISSING_DEPS}${MISSING_SEP}libidn"
+		MISSING_SEP=", "
+		found_all_libs=0
+	])
 fi
 
 AC_ARG_ENABLE(unbound-event-api, AC_HELP_STRING([--disable-unbound-event-api], [Disable usage of libunbounds event API]))
@@ -584,12 +590,16 @@ then
 			])
 		fi
 		AC_CHECK_FUNCS([ub_ctx_set_stub])
-	], [found_all_libs=0])
+	], [
+		MISSING_DEPS="${MISSING_DEPS}${MISSING_SEP}libunbound"
+		MISSING_SEP=", "
+		found_all_libs=0
+	])
 fi
 
 if test $found_all_libs = 0
 then
-    AC_MSG_ERROR([One more dependencies is missing])
+    AC_MSG_ERROR([Missing dependencies: $MISSING_DEPS])
 fi
 
 AC_PATH_PROG([DOXYGEN], [doxygen])

From 393b24fe894312605801141718b3e6f5195cf1bd Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Wed, 26 Oct 2016 14:32:35 +0000
Subject: [PATCH 022/249] pthread-based locking for arc4random

---
 configure.ac           |  2 +-
 src/compat/arc4_lock.c | 19 ++++++++++++++++++-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index b2c066a2..90a27d04 100644
--- a/configure.ac
+++ b/configure.ac
@@ -644,7 +644,7 @@ CHECK_CFLAGS=""
 PKG_CHECK_MODULES([CHECK],[check >= 0.9.6],[CHECK_GETDNS="check_getdns"],[
 AC_SEARCH_LIBS([floor], [m])
 AC_SEARCH_LIBS([timer_create], [rt])
-AC_SEARCH_LIBS([pthread_create], [pthread])
+AC_SEARCH_LIBS([pthread_create], [pthread], [AC_DEFINE([HAVE_PTHREADS], [1], [Define if pthreads exist.])])
 AC_SEARCH_LIBS([srunner_create],[check check_pic],[
 CHECK_GETDNS="check_getdns"
 CHECK_LIBS="$LIBS"],[
diff --git a/src/compat/arc4_lock.c b/src/compat/arc4_lock.c
index 44662841..facf9575 100644
--- a/src/compat/arc4_lock.c
+++ b/src/compat/arc4_lock.c
@@ -34,6 +34,23 @@
 #include "config.h"
 #define LOCKRET(func) func
 
+#ifdef HAVE_PTHREADS
+#include "pthread.h"
+
+static pthread_mutex_t arc_lock = PTHREAD_MUTEX_INITIALIZER;
+
+void _ARC4_LOCK(void)
+{
+    pthread_mutex_lock(&arc_lock);
+}
+
+void _ARC4_UNLOCK(void)
+{
+    pthread_mutex_unlock(&arc_lock);
+}
+
+#else
+/* XXX - add windows-(or at least non pthread) specific lock routines here */
 void _ARC4_LOCK(void)
 {
 }
@@ -41,4 +58,4 @@ void _ARC4_LOCK(void)
 void _ARC4_UNLOCK(void)
 {
 }
-
+#endif

From db6cee94fa537bff05f6a01a92b3cbb322adc4dc Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Wed, 26 Oct 2016 15:47:44 +0000
Subject: [PATCH 023/249] Fix HAVE_PTHREADS define in configure.ac

---
 configure.ac | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 90a27d04..e8a1650b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -644,7 +644,7 @@ CHECK_CFLAGS=""
 PKG_CHECK_MODULES([CHECK],[check >= 0.9.6],[CHECK_GETDNS="check_getdns"],[
 AC_SEARCH_LIBS([floor], [m])
 AC_SEARCH_LIBS([timer_create], [rt])
-AC_SEARCH_LIBS([pthread_create], [pthread], [AC_DEFINE([HAVE_PTHREADS], [1], [Define if pthreads exist.])])
+AC_SEARCH_LIBS([pthread_create], [pthread])
 AC_SEARCH_LIBS([srunner_create],[check check_pic],[
 CHECK_GETDNS="check_getdns"
 CHECK_LIBS="$LIBS"],[
@@ -924,6 +924,10 @@ if [ test -n "$DOXYGEN" ]
 fi
 
 
+#---- check for pthreads library
+AC_SEARCH_LIBS([pthread_mutex_init],[pthread],[AC_DEFINE([HAVE_PTHREADS], [1], [Have pthreads library])], [AC_MSG_WARN([pthreads not available])])
+
+
 dnl -----
 dnl ----- Start of "Things needed for gldns" section
 dnl -----

From bb3d741f7a4513458d5f110a2748ee5f24e1b6de Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 13 Oct 2016 23:04:50 +0200
Subject: [PATCH 024/249] OpenSSL 1.1 support

---
 configure.ac           |  1 +
 src/context.c          |  9 +++++++++
 src/gldns/keyraw.c     | 39 +++++++++++++++++++++++++++++++++++++++
 src/gldns/rrdef.h      |  2 +-
 src/gldns/wire2str.h   | 18 +++++++++---------
 src/pubkey-pinning.c   | 12 ++++++++----
 src/util/val_secalgo.c | 10 ++++++----
 7 files changed, 73 insertions(+), 18 deletions(-)

diff --git a/configure.ac b/configure.ac
index d6b396f9..aa39c47c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -245,6 +245,7 @@ else
 fi
 AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS([openssl/bn.h openssl/rsa.h openssl/dsa.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method])
 AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
 AC_INCLUDES_DEFAULT
diff --git a/src/context.c b/src/context.c
index 8186bf21..8893191e 100644
--- a/src/context.c
+++ b/src/context.c
@@ -672,6 +672,15 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
 	GETDNS_FREE(upstreams->mf, upstreams);
 }
 
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+static char*
+getdns_auth_str_array[] = {
+	GETDNS_STR_AUTH_NONE,
+	GETDNS_STR_AUTH_FAILED,
+	GETDNS_STR_AUTH_OK
+};
+#endif
+
 void
 _getdns_upstream_shutdown(getdns_upstream *upstream)
 {
diff --git a/src/gldns/keyraw.c b/src/gldns/keyraw.c
index 7a27e7f0..9e6adcb2 100644
--- a/src/gldns/keyraw.c
+++ b/src/gldns/keyraw.c
@@ -23,6 +23,15 @@
 #ifdef HAVE_OPENSSL_ENGINE_H
 #  include <openssl/engine.h>
 #endif
+#ifdef HAVE_OPENSSL_BN_H
+#include <openssl/bn.h>
+#endif
+#ifdef HAVE_OPENSSL_RSA_H
+#include <openssl/rsa.h>
+#endif
+#ifdef HAVE_OPENSSL_DSA_H
+#include <openssl/dsa.h>
+#endif
 #endif /* HAVE_SSL */
 
 size_t
@@ -215,6 +224,7 @@ gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
 		BN_free(Y);
 		return NULL;
 	}
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 #ifndef S_SPLINT_S
 	dsa->p = P;
 	dsa->q = Q;
@@ -222,6 +232,25 @@ gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
 	dsa->pub_key = Y;
 #endif /* splint */
 
+#else /* OPENSSL_VERSION_NUMBER */
+	if (!DSA_set0_pqg(dsa, P, Q, G)) {
+		/* QPG not yet attached, need to free */
+		BN_free(Q);
+		BN_free(P);
+		BN_free(G);
+
+		DSA_free(dsa);
+		BN_free(Y);
+		return NULL;
+	}
+	if (!DSA_set0_key(dsa, Y, NULL)) {
+		/* QPG attached, cleaned up by DSA_fre() */
+		DSA_free(dsa);
+		BN_free(Y);
+		return NULL;
+	}
+#endif
+
 	return dsa;
 }
 
@@ -273,11 +302,21 @@ gldns_key_buf2rsa_raw(unsigned char* key, size_t len)
 		BN_free(modulus);
 		return NULL;
 	}
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 #ifndef S_SPLINT_S
 	rsa->n = modulus;
 	rsa->e = exponent;
 #endif /* splint */
 
+#else /* OPENSSL_VERSION_NUMBER */
+	if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
+		BN_free(exponent);
+		BN_free(modulus);
+		RSA_free(rsa);
+		return NULL;
+	}
+#endif
+
 	return rsa;
 }
 
diff --git a/src/gldns/rrdef.h b/src/gldns/rrdef.h
index b13580ea..f00fa33c 100644
--- a/src/gldns/rrdef.h
+++ b/src/gldns/rrdef.h
@@ -195,7 +195,7 @@ enum gldns_enum_rr_type
         GLDNS_RR_TYPE_TALINK = 58,
 	GLDNS_RR_TYPE_CDS = 59, /** RFC 7344 */
 	GLDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */
-	GLDNS_RR_TYPE_OPENPGPKEY = 61, /* draft-ietf-dane-openpgpkey */
+	GLDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
 	GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
 
 	GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
diff --git a/src/gldns/wire2str.h b/src/gldns/wire2str.h
index 050fb8e7..a4409991 100644
--- a/src/gldns/wire2str.h
+++ b/src/gldns/wire2str.h
@@ -118,7 +118,7 @@ int gldns_str_print(char** str, size_t* slen, const char* format, ...)
  * @param str_len: the size of the string buffer.  If more is needed, it'll
  * 	silently truncate the output to fit in the buffer.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_pkt_buf(uint8_t* data, size_t data_len, char* str,
 	size_t str_len);
@@ -351,7 +351,7 @@ int gldns_wire2str_edns_option_code_print(char** str, size_t* str_len,
  * @param str_len: the size of the string buffer.  If more is needed, it'll
  * 	silently truncate the output to fit in the buffer.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str,
 	size_t str_len);
@@ -369,7 +369,7 @@ int gldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str,
  * @param str_len: the size of the string buffer.  If more is needed, it'll
  * 	silently truncate the output to fit in the buffer.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_rr_unknown_buf(uint8_t* rr, size_t rr_len, char* str,
 	size_t str_len);
@@ -389,7 +389,7 @@ int gldns_wire2str_rr_unknown_buf(uint8_t* rr, size_t rr_len, char* str,
  * @param str_len: the size of the string buffer.  If more is needed, it'll
  * 	silently truncate the output to fit in the buffer.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rr_len, size_t dname_len,
 	char* str, size_t str_len);
@@ -406,7 +406,7 @@ int gldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rr_len, size_t dname_len,
  * 	silently truncate the output to fit in the buffer.
  * @param rrtype: rr type of the data
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str,
 	size_t str_len, uint16_t rrtype);
@@ -417,7 +417,7 @@ int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str,
  * @param str: the string to write to.
  * @param len: length of str.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_type_buf(uint16_t rrtype, char* str, size_t len);
 
@@ -427,7 +427,7 @@ int gldns_wire2str_type_buf(uint16_t rrtype, char* str, size_t len);
  * @param str: the string to write to.
  * @param len: length of str.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len);
 
@@ -437,7 +437,7 @@ int gldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len);
  * @param str: the string to write to.
  * @param len: length of str.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_rcode_buf(int rcode, char* str, size_t len);
 
@@ -448,7 +448,7 @@ int gldns_wire2str_rcode_buf(int rcode, char* str, size_t len);
  * @param str: the string to write to.
  * @param len: length of string.
  * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger than str_len if output was truncated.
+ * 	Is larger or equal than str_len if output was truncated.
  */
 int gldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str,
 	size_t len);
diff --git a/src/pubkey-pinning.c b/src/pubkey-pinning.c
index 8a2250d8..32497608 100644
--- a/src/pubkey-pinning.c
+++ b/src/pubkey-pinning.c
@@ -56,6 +56,10 @@
 #include "context.h"
 #include "util-internal.h"
 
+#ifndef X509_STORE_CTX_get0_untrusted
+#define X509_STORE_CTX_get0_untrusted(store) store->untrusted
+#endif
+
 /* we only support sha256 at the moment.  adding support for another
    digest is more complex than just adding another entry here. in
    particular, you'll probably need a match for a particular cert
@@ -314,11 +318,11 @@ _get_ssl_getdns_upstream_idx()
 {
 	static volatile int idx = -1;
 	if (idx < 0) {
-		CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+		/* CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); */
 		if (idx < 0)
 			idx = SSL_get_ex_new_index(0, "associated getdns upstream",
 						   NULL,NULL,NULL);
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+		/* CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); */
 	}
 	return idx;
 }
@@ -383,7 +387,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 
 	/* TODO: how do we handle raw public keys? */
 
-	for (i = 0; i < sk_X509_num(store->untrusted); i++) {
+	for (i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++) {
 		if (i > 0) {
 		/* TODO: how do we ensure that the certificates in
 		 * each stage appropriately sign the previous one?
@@ -392,7 +396,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 			return GETDNS_RETURN_GENERIC_ERROR;
 		}
 
-		x = sk_X509_value(store->untrusted, i);
+		x = sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i);
 #if defined(STUB_DEBUG) && STUB_DEBUG
 		DEBUG_STUB("%s %-35s: Name of cert: %d ",
 		           STUB_DEBUG_SETUP_TLS, __FUNCTION__, i);
diff --git a/src/util/val_secalgo.c b/src/util/val_secalgo.c
index edbf538b..a27e7807 100644
--- a/src/util/val_secalgo.c
+++ b/src/util/val_secalgo.c
@@ -590,7 +590,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 		log_err("EVP_MD_CTX_new: malloc failure");
 		EVP_PKEY_free(evp_key);
 		if(dofree) free(sigblock);
-		else if(docrypto_free) CRYPTO_free(sigblock);
+		else if(docrypto_free) OPENSSL_free(sigblock);
 		return 0;
 	}
 	if(EVP_VerifyInit(ctx, digest_type) == 0) {
@@ -598,7 +598,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 		EVP_MD_CTX_destroy(ctx);
 		EVP_PKEY_free(evp_key);
 		if(dofree) free(sigblock);
-		else if(docrypto_free) CRYPTO_free(sigblock);
+		else if(docrypto_free) OPENSSL_free(sigblock);
 		return 0;
 	}
 	if(EVP_VerifyUpdate(ctx, (unsigned char*)gldns_buffer_begin(buf), 
@@ -607,7 +607,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 		EVP_MD_CTX_destroy(ctx);
 		EVP_PKEY_free(evp_key);
 		if(dofree) free(sigblock);
-		else if(docrypto_free) CRYPTO_free(sigblock);
+		else if(docrypto_free) OPENSSL_free(sigblock);
 		return 0;
 	}
 
@@ -621,7 +621,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 	EVP_PKEY_free(evp_key);
 
 	if(dofree) free(sigblock);
-	else if(docrypto_free) CRYPTO_free(sigblock);
+	else if(docrypto_free) OPENSSL_free(sigblock);
 
 	if(res == 1) {
 		return 1;
@@ -1359,6 +1359,7 @@ _getdns_dnskey_algo_id_is_supported(int id)
 	}
 }
 
+#ifdef USE_DSA
 static char *
 _verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock,
 	unsigned int sigblock_len, unsigned char* key, unsigned int keylen)
@@ -1446,6 +1447,7 @@ _verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock,
 	else
 		return NULL;
 }
+#endif /* USE_DSA */
 
 static char *
 _verify_nettle_rsa(gldns_buffer* buf, unsigned int digest_size, char* sigblock,

From 72788cb172624a96c2849481d61852940af8dc12 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 31 Oct 2016 11:04:36 +0100
Subject: [PATCH 025/249] OpenSSL 1.1.0 version of CRYPTO_w_lock in pinning

Thanks volkommenheit
---
 src/pubkey-pinning.c | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/src/pubkey-pinning.c b/src/pubkey-pinning.c
index 32497608..7d286691 100644
--- a/src/pubkey-pinning.c
+++ b/src/pubkey-pinning.c
@@ -56,7 +56,7 @@
 #include "context.h"
 #include "util-internal.h"
 
-#ifndef X509_STORE_CTX_get0_untrusted
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 #define X509_STORE_CTX_get0_untrusted(store) store->untrusted
 #endif
 
@@ -314,15 +314,27 @@ _getdns_get_pubkey_pinset_list(getdns_context *ctx,
    see doc/HOWTO/proxy_certificates.txt as an example
 */
 static int
-_get_ssl_getdns_upstream_idx()
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+_get_ssl_getdns_upstream_idx(void)
+#else
+_get_ssl_getdns_upstream_idx(X509_STORE *store)
+#endif
 {
 	static volatile int idx = -1;
 	if (idx < 0) {
-		/* CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); */
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+		CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+#else
+		X509_STORE_lock(store);
+#endif
 		if (idx < 0)
 			idx = SSL_get_ex_new_index(0, "associated getdns upstream",
 						   NULL,NULL,NULL);
-		/* CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); */
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+		CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+#else
+		X509_STORE_unlock(store);
+#endif
 	}
 	return idx;
 }
@@ -330,7 +342,11 @@ _get_ssl_getdns_upstream_idx()
 getdns_upstream*
 _getdns_upstream_from_x509_store(X509_STORE_CTX *store)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 	int uidx = _get_ssl_getdns_upstream_idx();
+#else
+	int uidx = _get_ssl_getdns_upstream_idx(X509_STORE_CTX_get0_store(store));
+#endif
 	int sslidx = SSL_get_ex_data_X509_STORE_CTX_idx();
 	const SSL *ssl;
 
@@ -348,7 +364,11 @@ getdns_return_t
 _getdns_associate_upstream_with_SSL(SSL *ssl,
 				    getdns_upstream *upstream)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 	int uidx = _get_ssl_getdns_upstream_idx();
+#else
+	int uidx = _get_ssl_getdns_upstream_idx(SSL_CTX_get_cert_store(SSL_get_SSL_CTX(ssl)));
+#endif
 	if (SSL_set_ex_data(ssl, uidx, upstream))
 		return GETDNS_RETURN_GOOD;
 	else

From f66bb6a81273d29915b9a779d1778434fb071e7d Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 31 Oct 2016 11:22:16 +0100
Subject: [PATCH 026/249] Ignore stubby ;)

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 0f4482ef..7bbbdebd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -39,6 +39,7 @@ src/test/check_getdns_ev
 src/test/scratchpad
 src/test/scratchpad.c
 src/tools/getdns_query
+src/tools/stubby
 doc/*.3
 src/getdns/getdns.h
 *.log

From 6e5b62c5554cd39f3316f3344e5a2b6112929689 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 31 Oct 2016 13:36:05 +0100
Subject: [PATCH 027/249] Allow conventional IPv6 address/port parsing

from getdns_query
---
 src/test/getdns_str2dict.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/test/getdns_str2dict.c b/src/test/getdns_str2dict.c
index 28323d9d..f80df99e 100644
--- a/src/test/getdns_str2dict.c
+++ b/src/test/getdns_str2dict.c
@@ -33,6 +33,7 @@
 #include "list.h"		/* For _getdns_list_create_from_mf() */
 #include "dict.h"		/* For _getdns_dict_create_from_mf() */
 #include <stdlib.h>		/* For bsearch */
+#include <ctype.h>              /* For isspace */
 
 static struct mem_funcs _getdns_plain_mem_funcs = {
 	MF_PLAIN, .mf.pln = { malloc, realloc, free }
@@ -102,7 +103,7 @@ static int _gldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
 }
 
 static getdns_dict *
-_getdns_ipaddr_dict_mf(struct mem_funcs *mf, char *ipstr)
+_getdns_ipaddr_dict_mf(struct mem_funcs *mf, const char *ipstr)
 {
 	getdns_dict *r = _getdns_dict_create_with_mf(mf);
 	char *s = strchr(ipstr, '%'), *scope_id_str = "";
@@ -645,6 +646,17 @@ getdns_str2dict(const char *str, getdns_dict **dict)
 	getdns_item item;
 	getdns_return_t r;
 
+	while (*str && isspace(*str))
+		str++;
+
+	if (*str != '{') {
+		getdns_dict *dict_r = _getdns_ipaddr_dict_mf(
+		    &_getdns_plain_mem_funcs, str);
+		if (dict_r) {
+			*dict = dict_r;
+			return GETDNS_RETURN_GOOD;
+		}
+	}
 	if ((r = _getdns_str2item_mf(&_getdns_plain_mem_funcs, str, &item)))
 		return r;
 

From bc9ebd5ae21c03290e8b6764f047363901e644e7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 31 Oct 2016 13:47:22 +0100
Subject: [PATCH 028/249] RFC3986 IPv6 address/port parsing for str2dict

Resolves issue #215, but does not deal with RFC3986 formatted IPv6 addresses in config files yet.
---
 src/convert.c | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/convert.c b/src/convert.c
index 24dbbf03..28e5e30f 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -1065,7 +1065,7 @@ getdns_msg_dict2str_scan(
 }
 
 static getdns_dict *
-_getdns_ipaddr_dict_mf(struct mem_funcs *mf, char *ipstr)
+_getdns_ipaddr_dict_mf(struct mem_funcs *mf, const char *ipstr)
 {
 	getdns_dict *r = _getdns_dict_create_with_mf(mf);
 	char *s = strchr(ipstr, '%'), *scope_id_str = "";
@@ -1606,6 +1606,21 @@ getdns_str2dict(const char *str, getdns_dict **dict)
 	getdns_item item;
 	getdns_return_t r;
 
+	if (!str || !dict)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	while (*str && isspace(*str))
+		str++;
+
+	if (*str != '{') {
+		getdns_dict *dict_r = _getdns_ipaddr_dict_mf(
+		    &_getdns_plain_mem_funcs, str);
+
+		if (dict_r) {
+			*dict = dict_r;
+			return GETDNS_RETURN_GOOD;
+		}
+	}
 	if ((r = _getdns_str2item_mf(&_getdns_plain_mem_funcs, str, &item)))
 		return r;
 
@@ -1663,6 +1678,9 @@ getdns_str2list(const char *str, getdns_list **list)
 	getdns_item item;
 	getdns_return_t r;
 
+	if (!str || !list)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
 	if ((r = _getdns_str2item_mf(&_getdns_plain_mem_funcs, str, &item)))
 		return r;
 
@@ -1680,6 +1698,9 @@ getdns_str2bindata(const char *str, getdns_bindata **bindata)
 	getdns_item item;
 	getdns_return_t r;
 
+	if (!str || !bindata)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
 	if ((r = _getdns_str2item_mf(&_getdns_plain_mem_funcs, str, &item)))
 		return r;
 
@@ -1697,6 +1718,9 @@ getdns_str2int(const char *str, uint32_t *value)
 	getdns_item item;
 	getdns_return_t r;
 
+	if (!str || !value)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
 	if ((r = _getdns_str2item_mf(&_getdns_plain_mem_funcs, str, &item)))
 		return r;
 

From 4bf93de12b3628eadb1a6fe3e898f0f35e82c1f0 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 2 Nov 2016 13:40:02 +0100
Subject: [PATCH 029/249] More conventional function prototypes for servers

---
 src/context.c                |  2 +-
 src/getdns/getdns_extra.h.in | 27 ++++++++++++++++-----------
 src/server.c                 | 25 +++++++++++++++++++------
 src/tools/getdns_query.c     | 23 ++++++++++++++---------
 4 files changed, 50 insertions(+), 27 deletions(-)

diff --git a/src/context.c b/src/context.c
index e849dbd8..b8492380 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1487,7 +1487,7 @@ getdns_context_destroy(struct getdns_context *context)
 	cancel_outstanding_requests(context, 1);
 
 	/* Destroy listening addresses */
-	(void) getdns_context_set_listen_addresses(context, NULL, NULL);
+	(void) getdns_context_set_listen_addresses(context, NULL, NULL, NULL);
 
 	/* This needs to be done before cleaning the extension, because there
 	 * might be an idle_timeout schedules, which will not get unscheduled
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 9c973a5e..5abf39e7 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -1030,9 +1030,11 @@ getdns_context_config(getdns_context *context, const getdns_dict *config_dict);
  * The user defined request handler that will be called on incoming requests.
  */
 typedef void (*getdns_request_handler_t)(
-	getdns_context      *context,
-	getdns_dict         *request,
-	getdns_transaction_t request_id
+	getdns_context        *context,
+	getdns_callback_type_t callback_type,
+	getdns_dict           *request,
+	void                  *userarg,
+	getdns_transaction_t   request_id
 );
 
 /**
@@ -1041,6 +1043,11 @@ typedef void (*getdns_request_handler_t)(
  *
  * @param context The context managing the eventloop that needs to be run to
  *                start serving.
+ * @param listen_addresses  A list of address dicts or bindatas that will be
+ *                          listened on for DNS requests.  Both UDP and TCP
+ *                          transports will be used.
+ * @param userarg A user defined argument that will be passed to the handler
+ *                untouched.
  * @param handler The user defined request handler that will be called with the
  *                request received in reply dict format.  To reply to this request
  *                the function has to construct a response (or modify the request)
@@ -1050,9 +1057,6 @@ typedef void (*getdns_request_handler_t)(
  *                not answered by the function, by not calling getdns_reply() this
  *                will cause a memory leak.  The user most use getdns_reply()
  *                with NULL as the response to not answer/cancel a request.
- * @param listen_addresses  A list of address dicts or bindatas that will be
- *                          listened on for DNS requests.  Both UDP and TCP
- *                          transports will be used.
  * @return GETDNS_RETURN_GOOD on success or an error code on failure.
  * On failure, the current set of listening addresses is left in place.
  * Also, if there is overlap in listening_addresses between the active set
@@ -1061,8 +1065,9 @@ typedef void (*getdns_request_handler_t)(
  * DNS transactions will remain.
  */
 getdns_return_t
-getdns_context_set_listen_addresses(getdns_context *context,
-    getdns_request_handler_t handler, const getdns_list *listen_addresses);
+getdns_context_set_listen_addresses(
+    getdns_context *context, const getdns_list *listen_addresses,
+    void *userarg, getdns_request_handler_t handler);
 
 /**
  * Answer the request associated with a request_id that is received by a
@@ -1070,11 +1075,11 @@ getdns_context_set_listen_addresses(getdns_context *context,
  *
  * @param context The context managing the eventloop that needs to be run to
  *                listen for and answer requests.
- * @param request_id The identifier that links this response with the
- *                   received request.
  * @param reply The answer in getdns reply dict or response dict format.
  *              When NULL is given as reply, the request is not answered
  *              but all associated state is deleted.
+ * @param request_id The identifier that links this response with the
+ *                   received request.
  * @return GETDNS_RETURN_GOOD on success or an error code on failure.
  * On fatal failure (no retry strategy possible) the user still needs to
  * cancel the request by recalling getdns_reply() but with NULL as response,
@@ -1082,7 +1087,7 @@ getdns_context_set_listen_addresses(getdns_context *context,
  */
 getdns_return_t
 getdns_reply(getdns_context *context,
-    getdns_transaction_t request_id, getdns_dict *reply);
+    getdns_dict *reply, getdns_transaction_t request_id);
 
 
 /** @}
diff --git a/src/server.c b/src/server.c
index 9e4caa76..d8fb83cb 100644
--- a/src/server.c
+++ b/src/server.c
@@ -65,6 +65,7 @@ struct listener {
  */
 struct listen_set {
 	getdns_context           *context;
+	void                     *userarg;
 	getdns_request_handler_t  handler;
 
 	_getdns_rbtree_t          connections_set;
@@ -231,7 +232,7 @@ _getdns_cancel_reply(getdns_context *context, connection *conn)
 
 getdns_return_t
 getdns_reply(
-    getdns_context *context, getdns_transaction_t request_id, getdns_dict *reply)
+    getdns_context *context, getdns_dict *reply, getdns_transaction_t request_id)
 {
 	/* TODO: Check request_id at context->outbound_requests */
 	connection *conn = (connection *)(intptr_t)request_id;
@@ -400,9 +401,14 @@ static void tcp_read_cb(void *userarg)
 	else {
 		conn->to_answer++;
 
+		/* TODO: wish list item:
+		 * (void) getdns_dict_set_int64(
+		 *     request_dict, "request_id", intptr_t)conn);
+		 */
 		/* Call request handler */
 		conn->super.l->set->handler(
-		    conn->super.l->set->context, request_dict, (intptr_t)conn);
+		    conn->super.l->set->context, GETDNS_CALLBACK_COMPLETE,
+		    request_dict, conn->super.l->set->userarg, (intptr_t)conn);
 
 		conn->read_pos = conn->read_buf;
 		conn->to_read = 2;
@@ -618,8 +624,14 @@ static void udp_read_cb(void *userarg)
 		conn->prev_next = &l->connections;
 		l->connections = conn;
 
+		/* TODO: wish list item:
+		 * (void) getdns_dict_set_int64(
+		 *     request_dict, "request_id", (intptr_t)conn);
+		 */
 		/* Call request handler */
-		l->set->handler(l->set->context, request_dict, (intptr_t)conn);
+		l->set->handler(l->set->context, GETDNS_CALLBACK_COMPLETE,
+		    request_dict, l->set->userarg, (intptr_t)conn);
+
 		return;
 	}
 	GETDNS_FREE(*mf, conn);
@@ -765,9 +777,9 @@ ptr_cmp(const void *a, const void *b)
 	return a == b ? 0 : (a < b ? -1 : 1);
 }
 
-getdns_return_t getdns_context_set_listen_addresses(getdns_context *context,
-    getdns_request_handler_t request_handler,
-    const getdns_list *listen_addresses)
+getdns_return_t getdns_context_set_listen_addresses(
+    getdns_context *context, const getdns_list *listen_addresses,
+    void *userarg, getdns_request_handler_t request_handler)
 {
 	static const getdns_transport_list_t listen_transports[]
 		= { GETDNS_TRANSPORT_UDP, GETDNS_TRANSPORT_TCP };
@@ -830,6 +842,7 @@ getdns_return_t getdns_context_set_listen_addresses(getdns_context *context,
 
 	new_set->context = context;
 	new_set->handler = request_handler;
+	new_set->userarg = userarg;
 	new_set->count = new_set_count * n_transports;
 	(void) memset(new_set->items, 0,
 	    sizeof(listener) * new_set_count * n_transports);
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 48a4d721..fe93b544 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -1182,7 +1182,8 @@ getdns_return_t do_the_call(void)
 getdns_eventloop *loop = NULL;
 FILE *fp;
 static void incoming_request_handler(getdns_context *context,
-    getdns_dict *request, getdns_transaction_t request_id);
+    getdns_callback_type_t callback_type, getdns_dict *request,
+    void *userarg, getdns_transaction_t request_id);
 
 
 void read_line_cb(void *userarg)
@@ -1199,7 +1200,7 @@ void read_line_cb(void *userarg)
 		loop->vmt->clear(loop, read_line_ev);
 		if (listen_count)
 			(void) getdns_context_set_listen_addresses(
-			    context, NULL, NULL);
+			    context, NULL, NULL, NULL);
 		return;
 	}
 	if (query_file)
@@ -1229,7 +1230,7 @@ void read_line_cb(void *userarg)
 	r = parse_args(linec, linev);
 	if (!r && touched_listen_list) {
 		r = getdns_context_set_listen_addresses(
-		    context, incoming_request_handler, listen_list);
+		    context, listen_list, NULL, incoming_request_handler);
 	}
 	if ((r || (r = do_the_call())) &&
 	    (r != CONTINUE && r != CONTINUE_ERROR))
@@ -1406,11 +1407,11 @@ static void request_cb(
 	else if (n == 0)
 		SERVFAIL("Recursion not available", 0, msg, &response);
 
-	if ((r = getdns_reply(context, msg->request_id, response))) {
+	if ((r = getdns_reply(context, response, msg->request_id))) {
 		fprintf(stderr, "Could not reply: %s\n",
 		    getdns_get_errorstr_by_id(r));
 		/* Cancel reply */
-		(void) getdns_reply(context, msg->request_id, NULL);
+		(void) getdns_reply(context, NULL, msg->request_id);
 	}
 	if (msg) {
 		getdns_dict_destroy(msg->request);
@@ -1421,7 +1422,8 @@ static void request_cb(
 }	
 
 static void incoming_request_handler(getdns_context *context,
-    getdns_dict *request, getdns_transaction_t request_id)
+    getdns_callback_type_t callback_type, getdns_dict *request,
+    void *userarg, getdns_transaction_t request_id)
 {
 	getdns_bindata *qname;
 	char *qname_str = NULL;
@@ -1440,6 +1442,9 @@ static void incoming_request_handler(getdns_context *context,
 	getdns_dict *rr;
 	uint32_t rr_type;
 
+	(void)callback_type;
+	(void)userarg;
+
 	if (!query_extensions_spc &&
 	    !(query_extensions_spc = getdns_dict_create()))
 		fprintf(stderr, "Could not create query extensions space\n");
@@ -1567,11 +1572,11 @@ error:
 		free(request_str);
 	} while(0);
 #endif
-	if ((r = getdns_reply(context, request_id, response))) {
+	if ((r = getdns_reply(context, response, request_id))) {
 		fprintf(stderr, "Could not reply: %s\n",
 		    getdns_get_errorstr_by_id(r));
 		/* Cancel reply */
-		getdns_reply(context, request_id, NULL);
+		getdns_reply(context, NULL, request_id);
 	}
 	if (msg) {
 		if (msg->request)
@@ -1648,7 +1653,7 @@ main(int argc, char **argv)
 		assert(loop);
 	}
 	if (listen_count && (r = getdns_context_set_listen_addresses(
-	    context, incoming_request_handler, listen_list))) {
+	    context, listen_list, NULL, incoming_request_handler))) {
 		perror("error: Could not bind on given addresses");
 		goto done_destroy_context;
 	}

From c54a22d95b9ca3ee1cffc19204029b8072997fb4 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 2 Nov 2016 13:43:09 +0100
Subject: [PATCH 030/249] Binary API changed

---
 configure.ac | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 8a456a8c..bf442574 100644
--- a/configure.ac
+++ b/configure.ac
@@ -47,7 +47,7 @@ AC_ARG_WITH([current-date],
   [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
 
 AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
-AC_SUBST(GETDNS_NUMERIC_VERSION, [0x0100A100])
+AC_SUBST(GETDNS_NUMERIC_VERSION, [0x0100A300])
 AC_SUBST(API_VERSION, ["December 2015"])
 AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
 GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
@@ -78,9 +78,9 @@ GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRE
 # getdns-0.5.1 had libversion 4:1:3 (but should have been getdns-0.6.0)
 # getdns-0.9.0 had libversion 5:0:4
 # getdns-1.0.0 will have libversion 5:1:4
-# getdns-1.1.0 will have libversion 6:0:5
+# getdns-1.1.0 will have libversion 6:0:0
 #
-GETDNS_LIBVERSION=6:0:5
+GETDNS_LIBVERSION=6:0:0
 
 AC_SUBST(GETDNS_COMPILATION_COMMENT)
 AC_SUBST(GETDNS_LIBVERSION)

From ef80f463c2d1f4f76dc1eb5a15baca3114758aa4 Mon Sep 17 00:00:00 2001
From: wtoorop <willem@nlnetlabs.nl>
Date: Thu, 3 Nov 2016 14:19:49 +0100
Subject: [PATCH 031/249] Update README.md

Properly format MS-Windows build instructions.
Thanks Christian Huitema
---
 README.md | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 623a786f..1b5a4807 100644
--- a/README.md
+++ b/README.md
@@ -261,29 +261,30 @@ The build has been tested using the following:
 32 bit only Mingw: [Mingw(3.21.0) and Msys 1.0](http://www.mingw.org/) on Windows 8.1
 32 bit build on a 64 bit Mingw [Download latest from: http://mingw-w64.org/doku.php/download/mingw-builds and http://msys2.github.io/]. IMPORTANT: Install tested ONLY on the  "x86_64" for 64-bit installer of msys2.
 
-Dependencies: 
+#### Dependencies: 
 The following dependencies are 
-openssl-1.0.2e
-libidn
+* openssl-1.0.2j
+* libidn
 
-Instructions to build openssl-1.0.2e:
+Instructions to build openssl-1.0.2j:
 Open the mingw32_shell.bat from msys2 in order to build:
 
 If necessary, install the following using pacman:
-pacman -S pkg-config  libtool automake
-pacman -S autoconf automake-wrapper
 
- tar -xvf openssl-1.0.2e.tar 
-cd openssl-1.0.2e/
-./Configure --prefix=${LOCALDESTDIR} --openssldir=${LOCALDESTDIR}/etc/ssl --libdir=lib shared zlib-dynamic mingw
-make
-make install
+    pacman -S pkg-config  libtool automake
+    pacman -S autoconf automake-wrapper
+
+    tar -xvf openssl-1.0.2j.tar 
+    cd openssl-1.0.2j/
+    ./Configure --prefix=${LOCALDESTDIR} --openssldir=${LOCALDESTDIR}/etc/ssl --libdir=lib shared zlib-dynamic mingw
+    make
+    make install
 
 To configure:
     
     ./configure --enable-stub-only --with-trust-anchor="c:\\\MinGW\\\msys\\\1.0\\\etc\\\unbound\\\getdns-root.key" --with-ssl=<location of openssl from above> --with-getdns_query
 
- The trust anchor is also installed by unbound on c:\program Files (X86)\unbound\root.key and can be referenced from there
+ The trust anchor is also installed by unbound on `c:\program Files (X86)\unbound\root.key` and can be referenced from there
  or anywhere else that the user chooses to configure it.
 
  After configuring, do a `make` and `make install` to build getdns for Windows.

From 57e2a18f94718479d82c52f11a000bb5c9f5fcd3 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 3 Nov 2016 15:35:53 +0100
Subject: [PATCH 032/249] Minor fixes to make it compile on Windows again

---
 src/server.c             | 15 +++++++++++++--
 src/tools/getdns_query.c | 11 ++++++++++-
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/server.c b/src/server.c
index d8fb83cb..597994bf 100644
--- a/src/server.c
+++ b/src/server.c
@@ -26,7 +26,14 @@
  */
 
 #include "config.h"
+
+#ifndef USE_WINSOCK
 #include <netdb.h>
+#else
+#include <winsock2.h>
+#include <iphlpapi.h>
+#endif
+
 #include "getdns/getdns_extra.h"
 #include "context.h"
 #include "types-internal.h"
@@ -269,7 +276,7 @@ getdns_reply(
 	else if (conn->l->transport == GETDNS_TRANSPORT_UDP) {
 		listener *l = conn->l;
 
-		if (conn->l->fd >= 0 && sendto(conn->l->fd, buf, len, 0,
+		if (conn->l->fd >= 0 && sendto(conn->l->fd, (void *)buf, len, 0,
 		    (struct sockaddr *)&conn->remote_in, conn->addrlen) == -1) {
 			/* IO error, cleanup this listener */
 			loop->vmt->clear(loop, &conn->l->event);
@@ -532,7 +539,7 @@ static void udp_read_cb(void *userarg)
 
 	conn->l = l;
 	conn->addrlen = sizeof(conn->remote_in);
-	if ((len = recvfrom(l->fd, buf, sizeof(buf), 0,
+	if ((len = recvfrom(l->fd, (void *)buf, sizeof(buf), 0,
 	    (struct sockaddr *)&conn->remote_in, &conn->addrlen)) == -1) {
 		/* IO error, cleanup this listener. */
 		loop->vmt->clear(loop, &l->event);
@@ -704,7 +711,11 @@ static void remove_listeners(listen_set *set)
 
 static getdns_return_t add_listeners(listen_set *set)
 {
+#ifdef USE_WINSOCK
+	static const char enable = 1;
+#else
 	static const int  enable = 1;
+#endif
 
 	struct mem_funcs *mf;
 	getdns_eventloop *loop;
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index fe93b544..92a27337 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -55,7 +55,9 @@ static const char *default_stubby_config =
 ", listen_addresses: [ 127.0.0.1@53, 0::1@53 ]"
 "}";
 static int clear_listen_list_on_arg = 0;
+#ifndef GETDNS_ON_WINDOWS
 static int run_in_foreground = 1;
+#endif
 static int quiet = 0;
 static int batch_mode = 0;
 static char *query_file = NULL;
@@ -209,8 +211,10 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t-e <idle_timeout>\tSet idle timeout in miliseconds\n");
 	fprintf(out, "\t-F <filename>\tread the queries from the specified file\n");
 	fprintf(out, "\t-f <filename>\tRead DNSSEC trust anchors from <filename>\n");
+#ifndef GETDNS_ON_WINDOWS
 	if (i_am_stubby)
 		fprintf(out, "\t-g\tRun stubby in background (default is foreground)\n");
+#endif
 	fprintf(out, "\t-G\tgeneral lookup\n");
 	fprintf(out, "\t-H\thostname lookup. (<name> must be an IP address; <type> is ignored)\n");
 	fprintf(out, "\t-h\tPrint this help\n");
@@ -995,10 +999,12 @@ getdns_return_t parse_args(int argc, char **argv)
 				}
 				break;
 			default:
+#ifndef GETDNS_ON_WINDOWS
 				if (i_am_stubby && *c == 'g') {
 					run_in_foreground = 0;
 					break;
 				}
+#endif
 				fprintf(stderr, "Unknown option "
 				    "\"%c\"\n", *c);
 				for (i = 0; i < argc; i++)
@@ -1608,7 +1614,8 @@ main(int argc, char **argv)
 	prg_name = prg_name ? prg_name + 1 : argv[0];
 
 	i_am_stubby = strcasecmp(prg_name, "stubby") == 0
-	           || strcasecmp(prg_name, "lt-stubby") == 0;
+	           || strcasecmp(prg_name, "lt-stubby") == 0
+	           || strcasecmp(prg_name, "stubby.exe") == 0;
 
 	name = the_root;
 	if ((r = getdns_context_create(&context, 1))) {
@@ -1675,6 +1682,7 @@ main(int argc, char **argv)
 	}
 	else if (listen_count) {
 		assert(loop);
+#ifndef GETDNS_ON_WINDOWS
 		if (i_am_stubby && !run_in_foreground) {
 			pid_t pid = fork();
 			if (pid == -1) {
@@ -1693,6 +1701,7 @@ main(int argc, char **argv)
 			} else
 				loop->vmt->run(loop);
 		} else
+#endif
 			loop->vmt->run(loop);
 	} else
 		r = do_the_call();

From b857e3d7f1b3b2b7089890fdac6563a51d26bb0c Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Tue, 8 Nov 2016 11:46:29 +0000
Subject: [PATCH 033/249] call SSL_library_init() just once and lock with
 mutexes

---
 src/context.c | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/context.c b/src/context.c
index 8893191e..27ef5114 100644
--- a/src/context.c
+++ b/src/context.c
@@ -62,6 +62,11 @@ typedef unsigned short in_port_t;
 #include <assert.h>
 #include <ctype.h>
 
+#ifdef HAVE_PTHREADS
+#include <pthread.h>
+#endif
+#include <stdbool.h>
+
 #include "config.h"
 #ifdef HAVE_LIBUNBOUND
 #include <unbound.h>
@@ -85,6 +90,11 @@ typedef unsigned short in_port_t;
 #define GETDNS_STR_PORT_DNS "53"
 #define GETDNS_STR_PORT_DNS_OVER_TLS "853"
 
+#ifdef HAVE_PTHREADS
+static pthread_mutex_t ssl_init_lock = PTHREAD_MUTEX_INITIALIZER;
+#endif
+static bool ssl_init=false;
+
 void *plain_mem_funcs_user_arg = MF_PLAIN;
 
 typedef struct host_name_addrs {
@@ -1306,8 +1316,21 @@ getdns_context_create_with_extended_memory_functions(
 	/* Unbound needs SSL to be init'ed this early when TLS is used. However we
 	 * don't know that till later so we will have to do this every time. */
 
-	if ((set_from_os & 2) == 0)
+#ifdef HAVE_PTHREADS
+	pthread_mutex_lock(&ssl_init_lock);
+#else
+	/* XXX implement Windows-style lock here */
+#endif
+	/* Only initialise SSL once and ideally in a thread-safe manner */
+	if (ssl_init == false) {
 		SSL_library_init();
+		ssl_init = true;
+	}
+#ifdef HAVE_PTHREADS
+	pthread_mutex_unlock(&ssl_init_lock);
+#else
+	/* XXX implement Windows-style unlock here */
+#endif
 
 #ifdef HAVE_LIBUNBOUND
 	result->unbound_ctx = NULL;

From 1593129b8577481d0706f98a0ea2477b1a4ef89f Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Wed, 9 Nov 2016 16:41:40 +0000
Subject: [PATCH 034/249] Fix mishandling of auth state for name mismatch

---
 src/stub.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index bb18f68b..d73798f4 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -830,6 +830,8 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	getdns_upstream *upstream;
 	getdns_return_t pinset_ret = GETDNS_RETURN_GOOD;
 	upstream = _getdns_upstream_from_x509_store(ctx);
+	if (!upstream)
+		return 0;
 
 #if defined(STUB_DEBUG) && STUB_DEBUG || defined(X509_V_ERR_HOSTNAME_MISMATCH)
 	int     err = X509_STORE_CTX_get_error(ctx);
@@ -841,10 +843,11 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 
 #ifdef X509_V_ERR_HOSTNAME_MISMATCH
 	/*Report if error is hostname mismatch*/
-	if (upstream && upstream->tls_fallback_ok && err == X509_V_ERR_HOSTNAME_MISMATCH) {
-		DEBUG_STUB("%s %-35s: FD:  %d WARNING: Proceeding even though hostname validation failed!\n",
-		           STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd);
+	if (err == X509_V_ERR_HOSTNAME_MISMATCH) {
 		upstream->tls_auth_state = GETDNS_AUTH_FAILED;
+		if (upstream->tls_fallback_ok) 
+			DEBUG_STUB("%s %-35s: FD:  %d WARNING: Proceeding even though hostname validation failed!\n",
+			           STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd);
 	}
 #else
 	/* if we weren't built against OpenSSL with hostname matching we
@@ -853,7 +856,7 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	if (upstream->tls_auth_name[0])
 		upstream->tls_auth_state = GETDNS_AUTH_FAILED;
 #endif
-	if (upstream && upstream->tls_pubkey_pinset)
+	if (upstream->tls_pubkey_pinset)
 		pinset_ret = _getdns_verify_pinset_match(upstream->tls_pubkey_pinset, ctx);
 
 	if (pinset_ret != GETDNS_RETURN_GOOD) {
@@ -871,7 +874,7 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 		upstream->tls_auth_state = GETDNS_AUTH_OK;
 	/* If fallback is allowed, proceed regardless of what the auth error is
 	   (might not be hostname or pinset related) */
-	return (upstream && upstream->tls_fallback_ok) ? 1 : preverify_ok;
+	return (upstream->tls_fallback_ok) ? 1 : preverify_ok;
 }
 
 static SSL*

From c2bcd1ca729cc32baf0922f18e0648a672f8844a Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 12 Nov 2016 14:31:27 +0900
Subject: [PATCH 035/249] Line up OPT rdata names with add_opt_parameters

---
 src/request-internal.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/request-internal.c b/src/request-internal.c
index 141f977a..180d0633 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -755,17 +755,26 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 		edns_do_bit = context->edns_do_bit;
 
 		if (have_add_opt_parameters) {
-			if (!getdns_dict_get_int(add_opt_parameters,
+			if (getdns_dict_get_int(add_opt_parameters,
 			    "maximum_udp_payload_size",
-			    &get_edns_maximum_udp_payload_size))
+			    &get_edns_maximum_udp_payload_size)) {
+				if (!getdns_dict_get_int(
+				    add_opt_parameters, "udp_payload_size",
+				    &get_edns_maximum_udp_payload_size))
+					edns_maximum_udp_payload_size =
+					    get_edns_maximum_udp_payload_size;
+			} else
 				edns_maximum_udp_payload_size =
 				    get_edns_maximum_udp_payload_size;
+
 			(void) getdns_dict_get_int(add_opt_parameters,
 			    "extended_rcode", &edns_extended_rcode);
 			(void) getdns_dict_get_int(add_opt_parameters,
 			    "version", &edns_version);
-			(void) getdns_dict_get_int(add_opt_parameters,
-			    "do_bit", &edns_do_bit);
+			if (getdns_dict_get_int(add_opt_parameters,
+			    "do_bit", &edns_do_bit))
+				(void) getdns_dict_get_int(
+				    add_opt_parameters, "do", &edns_do_bit);
 		}
 	}
 	if (have_add_opt_parameters && getdns_dict_get_list(

From 73165b235fb42f1e0ea0482ab5760a68768b4f05 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sat, 12 Nov 2016 16:53:21 +0900
Subject: [PATCH 036/249] Allow public key pins higher in the chain than the EE
 cert

This resolves an old TODO; we'd never tested pinning any certs higher
than the end-entity cert before.
---
 src/pubkey-pinning.c | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/src/pubkey-pinning.c b/src/pubkey-pinning.c
index 7d286691..25966a63 100644
--- a/src/pubkey-pinning.c
+++ b/src/pubkey-pinning.c
@@ -382,10 +382,10 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 			    X509_STORE_CTX *store)
 {
 	getdns_return_t ret = GETDNS_RETURN_GENERIC_ERROR;
-	X509 *x;
+	X509 *x, *prev;
 	int i, len;
 	unsigned char raw[4096];
-	unsigned char *next = raw;
+	unsigned char *next;
 	unsigned char buf[sizeof(pinset->pin)];
 	const sha256_pin_t *p;
 
@@ -408,13 +408,6 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 	/* TODO: how do we handle raw public keys? */
 
 	for (i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++) {
-		if (i > 0) {
-		/* TODO: how do we ensure that the certificates in
-		 * each stage appropriately sign the previous one?
-		 * for now, to be safe, we only examine the end-entity
-		 * cert: */
-			return GETDNS_RETURN_GENERIC_ERROR;
-		}
 
 		x = sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i);
 #if defined(STUB_DEBUG) && STUB_DEBUG
@@ -423,6 +416,24 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 		X509_NAME_print_ex_fp(stderr, X509_get_subject_name(x), 1, XN_FLAG_ONELINE);
 		fprintf(stderr, "\n");
 #endif
+		if (i > 0) {
+		/* we ensure that "prev" is signed by "x" */
+			EVP_PKEY *pkey = X509_get_pubkey(x);
+			int verified;
+			if (!pkey) {
+				DEBUG_STUB("%s %-35s: Could not get pubkey from cert %d (%p)\n",
+					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, x);
+				return GETDNS_RETURN_GENERIC_ERROR;
+			}
+			verified = X509_verify(prev, pkey);
+			EVP_PKEY_free(pkey);
+			if (!verified) {
+				DEBUG_STUB("%s %-35s: cert %d (%p) was not signed by cert %d\n",
+					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i-1, prev, i);
+				return GETDNS_RETURN_GENERIC_ERROR;
+			}
+		}
+
 		/* digest the cert with sha256 */
 		len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), NULL);
 		if (len > sizeof(raw)) {
@@ -430,6 +441,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 			           STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, sizeof(raw));
 			continue;
 		}
+		next = raw;
 		i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &next);
 		if (next - raw != len) {
 			DEBUG_STUB("%s %-35s: Pubkey %d claimed it needed %d octets, really needed "PRIsz"\n",
@@ -447,6 +459,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 			} else
 				DEBUG_STUB("%s %-35s: Pubkey %d did not match pin %p\n",
 					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, p);
+		prev = x;
 	}
 
 	return ret;

From b0e5f87984fc827d7ea93957862fb366a3ddbb19 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Sun, 13 Nov 2016 13:14:03 +0900
Subject: [PATCH 037/249] Minor logging updates

---
 src/context.c | 8 ++++++--
 src/stub.c    | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/context.c b/src/context.c
index b8492380..121c536a 100644
--- a/src/context.c
+++ b/src/context.c
@@ -720,12 +720,16 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (int)upstream->responses_received, (int)upstream->responses_timeouts,
 	             getdns_auth_str_array[upstream->tls_auth_state], (int)upstream->keepalive_timeout);
-	DEBUG_DAEMON("%s %s :              Upstream stats - Resp=%d,Timeouts=%d,Best_auth=%s,Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
+	DEBUG_DAEMON("%s %s :              Upstream stats - Resp=%d,Timeouts=%d,Best_auth=%s,Conns=%d\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (int)upstream->total_responses, (int)upstream->total_timeouts,
 	             getdns_auth_str_array[upstream->best_tls_auth_state], 
-	             (int)upstream->conn_completed, (int)upstream->conn_setup_failed,
+	             (int)upstream->conn_completed);
+	DEBUG_DAEMON("%s %s :              Upstream stats - Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
+	             STUB_DEBUG_DAEMON, upstream->addr_str,
+	             (int)upstream->conn_setup_failed,
 	             (int)upstream->conn_shutdowns, (int)upstream->conn_backoffs);
+
 #endif
 
 	/* Back off connections that never got up service at all (probably no
diff --git a/src/stub.c b/src/stub.c
index d73798f4..2527ed61 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1523,7 +1523,7 @@ upstream_write_cb(void *userarg)
 		/* Fall through */
 	case STUB_SETUP_ERROR:
 		/* Could not complete the set up. Need to fallback.*/
-		DEBUG_STUB("%s %-35s: MSG: %p ERROR = %d\n", STUB_DEBUG_WRITE,
+		DEBUG_STUB("%s %-35s: Upstream: %p ERROR = %d\n", STUB_DEBUG_WRITE,
 		             __FUNCTION__, ((getdns_network_req *)userarg), q);
 		upstream_failed(upstream, (q == STUB_TCP_ERROR ? 0:1));
 		/* Fall through */

From 1ba2e5bf4de515c7f02c679cce692fe5364b117a Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Sun, 20 Nov 2016 11:19:08 +0000
Subject: [PATCH 038/249] Add stubby to readme. Add transport to stubby log.

---
 README.md     | 21 +++++++++++++++++++--
 src/context.c | 11 +++++------
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 1b5a4807..c1a8bae4 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,8 @@ Traditional access to DNS data from applications has several limitations:
 
 * Sophisticated uses of the DNS (things like IDNA and DNSSEC validation) require considerable application work, possibly by application developers with little experience with the vagaries of DNS.
 
+getdns also provides a prototype DNS Privacy enabled client called 'stubby' - see below for more details.
+
 ## Motivation for providing the API
 
 The developers are of the opinion that DNSSEC offers a unique global infrastructure for establishing and enhancing cryptographic trust relations.  With the development of this API we intend to offer application developers a modern and flexible interface that enables end-to-end trust in the DNS architecture, and which will inspire application developers to implement innovative security solutions in their applications.
@@ -73,9 +75,13 @@ If you want to make use of the configuration files that utilise a JSON-like form
 
 before building. 
 
-If you want to use the getdns_query command line wrapper script for testing or to enable getdns as a daemon then you must build it using
+As well as building the getdns library 2 other tools are installed by default by the above process:
+
+* getdns_query: a command line test script wrapper for getdns
+* stubby: a DNS Privacy enabled client
+
+Note: If you only want to build stubby, then use the `--enable-stub-only` and `--without-libidn` options when running 'configure'.
 
-    # make getdns_query
 
 ## Minimizing dependencies
 
@@ -91,6 +97,17 @@ The implementation works with a variety of event loops, each built as a separate
 * [libuv](https://github.com/joyent/libuv)
 * [libev](http://software.schmorp.de/pkg/libev.html)
 
+## Stubby
+
+* Stubby is a prototype implementation of a DNS Privacy enabled stub resolver. Feedback is welcome!
+* A default configuration file is available here uses a 'Strict' privacy usage profile using some of the available test DNS Privacy servers to resolve queries. Note these servers are test servers that offer no service guarantees. An alternative file can be specified with the '-C' flag
+* If you would like minimal logging output from Stubby (which servers are used and connection level statistics) then also use the '--enable-debug-daemon' flag when running 'configure'.
+
+To use stubby
+* Start stubby from the command line
+* Test it by doing, for example, 'dig @127.0.0.1 www.example.com'
+* Alter the default DNS resolvers on your system to point at localhost (127.0.0.1, ::1)
+
 ## Regression Tests
 
 A suite of regression tests are included with the library, if you make changes or just
diff --git a/src/context.c b/src/context.c
index 121c536a..1d9a046b 100644
--- a/src/context.c
+++ b/src/context.c
@@ -720,16 +720,15 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (int)upstream->responses_received, (int)upstream->responses_timeouts,
 	             getdns_auth_str_array[upstream->tls_auth_state], (int)upstream->keepalive_timeout);
-	DEBUG_DAEMON("%s %s :              Upstream stats - Resp=%d,Timeouts=%d,Best_auth=%s,Conns=%d\n",
+	DEBUG_DAEMON("%s %s :              Upstream stats - Resp=%d,Timeouts=%d,Transport=%s,Best_auth=%s\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (int)upstream->total_responses, (int)upstream->total_timeouts,
-	             getdns_auth_str_array[upstream->best_tls_auth_state], 
-	             (int)upstream->conn_completed);
-	DEBUG_DAEMON("%s %s :              Upstream stats - Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
+	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "UDP/TCP"),
+	             getdns_auth_str_array[upstream->best_tls_auth_state]);
+	DEBUG_DAEMON("%s %s :              Upstream stats - Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
-	             (int)upstream->conn_setup_failed,
+	             (int)upstream->conn_completed, (int)upstream->conn_setup_failed,
 	             (int)upstream->conn_shutdowns, (int)upstream->conn_backoffs);
-
 #endif
 
 	/* Back off connections that never got up service at all (probably no

From 0d13ae6d72e59e42b6905f98b57089e31817e7fd Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Sun, 4 Dec 2016 17:26:38 -0800
Subject: [PATCH 039/249] Fixing several issues in function
 set_os_defaults_windows that prevent working on Windows.

---
 src/context.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/context.c b/src/context.c
index 8893191e..010b1685 100644
--- a/src/context.c
+++ b/src/context.c
@@ -929,6 +929,7 @@ set_os_defaults_windows(struct getdns_context *context)
     getdns_upstream *upstream;
     size_t length;
     int s;
+	uint32_t info_err = 0;
 
     if (context->fchg_resolvconf == NULL) {
 		context->fchg_resolvconf =
@@ -961,15 +962,16 @@ set_os_defaults_windows(struct getdns_context *context)
     if (info == NULL)
 		return GETDNS_RETURN_GENERIC_ERROR;
 
-    if (GetNetworkParams(info, &buflen) == ERROR_BUFFER_OVERFLOW) {
+	if ((info_err = GetNetworkParams(info, &buflen)) == ERROR_BUFFER_OVERFLOW) {
 		free(info);
 		info = (FIXED_INFO *)malloc(buflen);
 		if (info == NULL)
 			return GETDNS_RETURN_GENERIC_ERROR;
+		info_err = GetNetworkParams(info, &buflen);
 	}
 
-	if (GetNetworkParams(info, &buflen) == NO_ERROR) {
-		ptr = info->DnsServerList.Next; 
+	if (info_err == NO_ERROR) {
+		ptr = &info->DnsServerList;
 		*domain = 0;
 		while (ptr) {
 			for (size_t i = 0; i < GETDNS_UPSTREAM_TRANSPORTS; i++) {
@@ -986,11 +988,12 @@ set_os_defaults_windows(struct getdns_context *context)
 				freeaddrinfo(result);
 			}
 			ptr = ptr->Next;
-
 		}
-		free(info);
 	}
 
+	if (info != NULL)
+		free(info);
+
     suffix = getdns_list_create_with_context(context);
 
     if (get_dns_suffix_windows(suffix, domain)) {

From 576e38977f746fc5aa8af2127d37ce12e7a419db Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Mon, 5 Dec 2016 18:05:04 +0000
Subject: [PATCH 040/249] More logging changes to stubby to correctly report
 profile, transport and stats for TCP and UDP when used as fallbacks.
 Reporting UDP stats every 100 responses or timeouts to give user some
 indication UDP is being used.

---
 src/context.c | 12 ++++++++----
 src/context.h |  2 ++
 src/stub.c    | 24 ++++++++++++++++++++----
 3 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/src/context.c b/src/context.c
index 1d9a046b..8b8413f8 100644
--- a/src/context.c
+++ b/src/context.c
@@ -716,17 +716,19 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	if (upstream->tls_auth_state > upstream->best_tls_auth_state)
 		upstream->best_tls_auth_state = upstream->tls_auth_state;
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-	DEBUG_DAEMON("%s %s : Conn closed: Conn stats     - Resp=%d,Timeouts=%d,Auth=%s,Keepalive(ms)=%d\n",
+	DEBUG_DAEMON("%s %s : Conn closed   : Transport=%s - Resp=%d,Timeouts=%d,Auth=%s,Keepalive(ms)=%d\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
+	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->responses_received, (int)upstream->responses_timeouts,
 	             getdns_auth_str_array[upstream->tls_auth_state], (int)upstream->keepalive_timeout);
-	DEBUG_DAEMON("%s %s :              Upstream stats - Resp=%d,Timeouts=%d,Transport=%s,Best_auth=%s\n",
+	DEBUG_DAEMON("%s %s : Upstream stats: Transport=%s - Resp=%d,Timeouts=%d,Best_auth=%s\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
+	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->total_responses, (int)upstream->total_timeouts,
-	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "UDP/TCP"),
 	             getdns_auth_str_array[upstream->best_tls_auth_state]);
-	DEBUG_DAEMON("%s %s :              Upstream stats - Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
+	DEBUG_DAEMON("%s %s : Upstream stats: Transport=%s - Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
+	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->conn_completed, (int)upstream->conn_setup_failed,
 	             (int)upstream->conn_shutdowns, (int)upstream->conn_backoffs);
 #endif
@@ -903,6 +905,8 @@ upstream_init(getdns_upstream *upstream,
 	/* How is this upstream doing on UDP? */
 	upstream->to_retry =  2;
 	upstream->back_off =  1;
+	upstream->udp_responses = 0;
+	upstream->udp_timeouts = 0;
 
 	/* For sharing a socket to this upstream with TCP  */
 	upstream->fd       = -1;
diff --git a/src/context.h b/src/context.h
index 41e7a830..fdf8066e 100644
--- a/src/context.h
+++ b/src/context.h
@@ -131,6 +131,8 @@ typedef struct getdns_upstream {
 	/* How is this upstream doing over UDP? */
 	int                      to_retry;
 	int                      back_off;
+	size_t                   udp_responses;
+	size_t                   udp_timeouts;
 
 	/* For stateful upstreams, need to share the connection and track the
 	   activity on the connection */
diff --git a/src/stub.c b/src/stub.c
index 2527ed61..83ab992c 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -571,6 +571,13 @@ stub_timeout_cb(void *userarg)
 	/* Handle upstream*/
 	if (netreq->fd >= 0) {
 		close(netreq->fd);
+		netreq->upstream->udp_timeouts++;
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+	if (netreq->upstream->udp_timeouts % 100 == 0)
+		DEBUG_DAEMON("%s %s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
+		             STUB_DEBUG_DAEMON, netreq->upstream->addr_str,
+		             (int)netreq->upstream->udp_responses, (int)netreq->upstream->udp_timeouts);
+#endif
 		stub_next_upstream(netreq);
 	} else {
 		netreq->upstream->responses_timeouts++;
@@ -1305,6 +1312,13 @@ stub_udp_read_cb(void *userarg)
 	dnsreq->upstreams->current_udp = 0;
 	netreq->debug_end_time = _getdns_get_time_as_uintt64();
 	netreq->state = NET_REQ_FINISHED;
+	upstream->udp_responses++;
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+	if (upstream->udp_responses % 100 == 0)
+		DEBUG_DAEMON("%s %s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
+		             STUB_DEBUG_DAEMON, upstream->addr_str,
+		             (int)upstream->udp_responses, (int)upstream->udp_timeouts);
+#endif
 	_getdns_check_dns_req_complete(dnsreq);
 }
 
@@ -1767,15 +1781,16 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 			upstream->tls_hs_state = GETDNS_HS_WRITE;
 		}
 		upstream->conn_state = GETDNS_CONN_SETUP;
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+	DEBUG_DAEMON("%s %s : Conn init     : Transport= %s - Profile=%s\n", STUB_DEBUG_DAEMON, 
+	             upstream->addr_str, transport == GETDNS_TRANSPORT_TLS ? "TLS":"TCP",
+	             dnsreq->context->tls_auth_min == GETDNS_AUTHENTICATION_NONE ? "Opportunistic":"Strict");
+#endif
 		break;
 	default:
 		return -1;
 		/* Nothing to do*/
 	}
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-	DEBUG_DAEMON("%s %s : Conn init\n",
-                  STUB_DEBUG_DAEMON, upstream->addr_str);
-#endif
 	return fd;
 }
 
@@ -1841,6 +1856,7 @@ fallback_on_write(getdns_network_req *netreq)
 
 	/* Deal with UDP one day*/
 	DEBUG_STUB("%s %-35s: MSG: %p FALLING BACK \n", STUB_DEBUG_SCHEDULE, __FUNCTION__, netreq);
+	DEBUG_DAEMON("%s Falling back...\n", STUB_DEBUG_DAEMON);
 
 	/* Try to find a fallback transport*/
 	getdns_return_t result = _getdns_submit_stub_request(netreq);

From dee33f53b65e03dd3d31da781863867e9d03bb7a Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Mon, 5 Dec 2016 11:38:59 -0800
Subject: [PATCH 041/249] Reminder of changes required by the Windows port.
 This solves the issues 228, 229, 230 and 232.

---
 src/compat/arc4random.c           | 11 +++++
 src/compat/gettimeofday.c         | 73 +++++++++++++++++++++++++++++++
 src/extension/default_eventloop.c | 16 +++----
 src/stub.c                        | 41 +++++++++++++++--
 4 files changed, 129 insertions(+), 12 deletions(-)
 create mode 100644 src/compat/gettimeofday.c

diff --git a/src/compat/arc4random.c b/src/compat/arc4random.c
index 2c78818f..bd5f6e3a 100644
--- a/src/compat/arc4random.c
+++ b/src/compat/arc4random.c
@@ -38,6 +38,9 @@
 #ifndef GETDNS_ON_WINDOWS
 #include <sys/mman.h>
 #endif
+#if defined(GETDNS_ON_WINDOWS) && !defined(MAP_INHERIT_ZERO)
+#define explicit_bzero(rnd, rnd_size) memset(rnd, 0, rnd_size)
+#endif
 
 #define KEYSTREAM_ONLY
 #include "chacha_private.h"
@@ -136,7 +139,15 @@ _rs_stir_if_needed(size_t len)
 {
 #ifndef MAP_INHERIT_ZERO
 	static pid_t _rs_pid = 0;
+#ifdef GETDNS_ON_WINDOWS
+	/* 
+	 * TODO: if compiling for the Windows Runtime, use GetCurrentProcessId(),
+	 * but this requires linking with kernel32.lib
+	 */
+	pid_t pid = _getpid();
+#else
 	pid_t pid = getpid();
+#endif
 
 	/* If a system lacks MAP_INHERIT_ZERO, resort to getpid() */
 	if (_rs_pid == 0 || _rs_pid != pid) {
diff --git a/src/compat/gettimeofday.c b/src/compat/gettimeofday.c
new file mode 100644
index 00000000..d8fe91bc
--- /dev/null
+++ b/src/compat/gettimeofday.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2016 Christian Huitema <huitema@huitema.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+ /*
+  * Numerous places in the code make reference to the Unix/Linux
+  * "gettimeofday()" function, which is not available in the standard
+  * windows libraries. This code provides a compatible implementation.
+  */
+#include "config.h"
+
+#ifdef GETDNS_ON_WINDOWS
+int gettimeofday(struct timeval* tv, struct timezone* tz)
+{
+	FILETIME ft;
+	uint64_t now = 0;
+
+	/*
+	 * The GetSystemTimeAsFileTime API returns  the number
+	 * of 100-nanosecond intervals since January 1, 1601 (UTC),
+	 * in FILETIME format.
+	 */
+	GetSystemTimeAsFileTime(&ft);
+
+	/*
+	 * Convert to plain 64 bit format, without making
+	 * assumptions about the FILETIME structure alignment.
+	 */
+	now |= ft.dwHighDateTime;
+	now <<= 32;
+	now |= ft.dwLowDateTime;
+	/*
+	 * Convert units from 100ns to 1us
+	 */
+	now /= 10;
+	/*
+	 * Account for microseconds elapsed between 1601 and 1970.
+	 */
+	now -= 11644473600000000ULL;
+
+	if (tv != NULL)
+	{
+		uint64_t sec = now / 1000000;
+		uint64_t usec = now % 1000000;
+
+		tv->tv_sec = (long)sec;
+		tv->tv_usec = (long)usec;
+	}
+
+	if (tz != NULL)
+	{
+	    /*
+		 * TODO: implement a timezone retrieval function.
+		 * Not urgent, since the GetDNS code always set this parameter to NULL.
+		 */ 
+		return -1;
+	}
+
+	return 0;
+}
+#endif /* GETDNS_ON_WINDOWS */
\ No newline at end of file
diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 10efff59..2f9856dd 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -25,6 +25,8 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#include "Config.h"
+
 #include "extension/default_eventloop.h"
 #include "debug.h"
 
@@ -32,7 +34,7 @@ static uint64_t get_now_plus(uint64_t amount)
 {
 	struct timeval tv;
 	uint64_t       now;
-	
+
 	if (gettimeofday(&tv, NULL)) {
 		perror("gettimeofday() failed");
 		exit(EXIT_FAILURE);
@@ -81,8 +83,7 @@ default_eventloop_schedule(getdns_eventloop *loop,
 #endif
 		default_loop->fd_events[fd] = event;
 		default_loop->fd_timeout_times[fd] = get_now_plus(timeout);
-		event->ev = (void *) (intptr_t) fd + 1;
-
+		event->ev = (void *)(intptr_t)(fd + 1);
 		DEBUG_SCHED( "scheduled read/write at %d\n", fd);
 		return GETDNS_RETURN_GOOD;
 	}
@@ -101,9 +102,8 @@ default_eventloop_schedule(getdns_eventloop *loop,
 	for (i = 0; i < MAX_TIMEOUTS; i++) {
 		if (default_loop->timeout_events[i] == NULL) {
 			default_loop->timeout_events[i] = event;
-			default_loop->timeout_times[i] = get_now_plus(timeout);
-			event->ev = (void *) (intptr_t) i + 1;
-
+			default_loop->timeout_times[i] = get_now_plus(timeout);		
+			event->ev = (void *)(intptr_t)(i + 1);
 			DEBUG_SCHED( "scheduled timeout at %d\n", (int)i);
 			return GETDNS_RETURN_GOOD;
 		}
@@ -219,8 +219,8 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		tv.tv_sec = 0;
 		tv.tv_usec = 0;
 	} else {
-		tv.tv_sec  = (timeout - now) / 1000000;
-		tv.tv_usec = (timeout - now) % 1000000;
+		tv.tv_sec  = (long)((timeout - now) / 1000000);
+		tv.tv_usec = (long)((timeout - now) % 1000000);
 	}
 	if (select(max_fd + 1, &readfds, &writefds, NULL,
 	    (timeout == ((uint64_t)-1) ? NULL : &tv)) < 0) {
diff --git a/src/stub.c b/src/stub.c
index 4aa14dae..8232e288 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -399,7 +399,11 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport)
 	    upstream->addr_len) == -1) {
 		if (_getdns_EINPROGRESS || _getdns_EWOULDBLOCK)
 			return fd;
+#ifdef USE_WINSOCK
+		closesocket(fd);
+#else
 		close(fd);
+#endif
 		return -1;
 	}
 	return fd;
@@ -541,7 +545,13 @@ void
 _getdns_cancel_stub_request(getdns_network_req *netreq)
 {
 	stub_cleanup(netreq);
-	if (netreq->fd >= 0) close(netreq->fd);
+	if (netreq->fd >= 0) {
+#ifdef USE_WINSOCK
+		closesocket(netreq->fd);
+#else
+		close(netreq->fd);
+#endif
+	}
 }
 
 /* May be needed in future for better UDP error handling?*/
@@ -564,7 +574,12 @@ stub_timeout_cb(void *userarg)
 	           STUB_DEBUG_CLEANUP, __FUNCTION__, netreq);
 	stub_next_upstream(netreq);
 	stub_cleanup(netreq);
-	if (netreq->fd >= 0) close(netreq->fd);
+	if (netreq->fd >= 0)
+#ifdef USE_WINSOCK
+		closesocket(netreq->fd);
+#else
+		close(netreq->fd);
+#endif
 	netreq->state = NET_REQ_TIMED_OUT;
 	if (netreq->owner->user_callback) {		
 		netreq->debug_end_time = _getdns_get_time_as_uintt64();
@@ -807,8 +822,13 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 
 		/* Coming back from an earlier unfinished write or handshake.
 		 * Try to send remaining data */
+#ifdef USE_WINSOCK
+		written = send(fd, tcp->write_buf + tcp->written,
+			tcp->write_buf_len - tcp->written, 0);
+#else
 		written = write(fd, tcp->write_buf     + tcp->written,
 		                    tcp->write_buf_len - tcp->written);
+#endif
 		if (written == -1) {
 			if (_getdns_EWOULDBLOCK)
 				return STUB_TCP_WOULDBLOCK;
@@ -1257,10 +1277,10 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
 
 static uint64_t
 _getdns_get_time_as_uintt64() {
-	
+
 	struct timeval tv;
 	uint64_t       now;
-	
+
 	if (gettimeofday(&tv, NULL)) {
 		return 0;
 	}
@@ -1268,6 +1288,7 @@ _getdns_get_time_as_uintt64() {
 	return now;
 }
 
+
 /**************************/
 /* UDP callback functions */
 /**************************/
@@ -1305,7 +1326,11 @@ stub_udp_read_cb(void *userarg)
 	    upstream, netreq->response, read))
 		return; /* Client cookie didn't match? */
 
+#ifdef USE_WINSOCK
+	closesocket(netreq->fd);
+#else
 	close(netreq->fd);
+#endif
 	while (GLDNS_TC_WIRE(netreq->response)) {
 		DEBUG_STUB("%s %-35s: MSG: %p TC bit set in response \n", STUB_DEBUG_READ, 
 		             __FUNCTION__, netreq);
@@ -1369,7 +1394,11 @@ stub_udp_write_cb(void *userarg)
 	    netreq->fd, (const void *)netreq->query, pkt_len, 0,
 	    (struct sockaddr *)&netreq->upstream->addr,
 	                        netreq->upstream->addr_len)) {
+#ifdef USE_WINSOCK
+		closesocket(netreq->fd);
+#else
 		close(netreq->fd);
+#endif
 		return;
 	}
 	GETDNS_SCHEDULE_EVENT(
@@ -1706,7 +1735,11 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 		if (fd == -1) return -1;
 		upstream->tls_obj = tls_create_object(dnsreq, fd, upstream);
 		if (upstream->tls_obj == NULL) {
+#ifdef USE_WINSOCK
+			closesocket(fd);
+#else
 			close(fd);
+#endif
 			return -1;
 		}
 

From 471e8725e2611031e2a53dd30c7fda65e793f359 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Tue, 6 Dec 2016 14:44:40 +0000
Subject: [PATCH 042/249] Change the default profile for Stubby to use TLS then
 UDP/TCP   - this will only try over TLS a few times before backing off to
 clear text   - but makes the default  for Stubby opportunistic privacy
 (Willem - WDYT?) Also use padding and ECS privacy by default for Stubby. More
 debugging to help users when there are failures or fallbacks. Also remove a
 few help options from Stubby that don't apply Add -v to output version on
 getdns_query/stubby

---
 src/context.c            |  2 +-
 src/stub.c               | 11 +++++++---
 src/tools/getdns_query.c | 46 ++++++++++++++++++++++++++++------------
 3 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/src/context.c b/src/context.c
index 8b8413f8..d0fb6b39 100644
--- a/src/context.c
+++ b/src/context.c
@@ -755,7 +755,7 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 		upstream->conn_shutdowns = 0;
 		upstream->conn_backoffs++;
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-		DEBUG_DAEMON("%s %s : !Backing off this upstream  - will retry as new upstream at %s\n",
+		DEBUG_DAEMON("%s %s : !Backing off this upstream    - Will retry as new upstream at %s",
 		            STUB_DEBUG_DAEMON, upstream->addr_str,
 		            asctime(gmtime(&upstream->conn_retry_time)));
 #endif
diff --git a/src/stub.c b/src/stub.c
index 83ab992c..ef74beb8 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1314,7 +1314,8 @@ stub_udp_read_cb(void *userarg)
 	netreq->state = NET_REQ_FINISHED;
 	upstream->udp_responses++;
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-	if (upstream->udp_responses % 100 == 0)
+	if (upstream->udp_responses == 1 || 
+	    upstream->udp_responses % 100 == 0)
 		DEBUG_DAEMON("%s %s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
 		             STUB_DEBUG_DAEMON, upstream->addr_str,
 		             (int)upstream->udp_responses, (int)upstream->udp_timeouts);
@@ -1545,6 +1546,9 @@ upstream_write_cb(void *userarg)
 	case STUB_NO_AUTH:
 		/* Cleaning up after connection or auth check failure. Need to fallback. */
 		stub_cleanup(netreq);
+		DEBUG_DAEMON("%s %s : Conn closed   : Transport=%s - *Failure*\n",
+		             STUB_DEBUG_DAEMON, upstream->addr_str,
+		             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"));
 		if (fallback_on_write(netreq) == STUB_TCP_ERROR) {
 			/* TODO: Need new state to report transport unavailable*/
 			netreq->state = NET_REQ_FINISHED;
@@ -1782,7 +1786,7 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 		}
 		upstream->conn_state = GETDNS_CONN_SETUP;
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-	DEBUG_DAEMON("%s %s : Conn init     : Transport= %s - Profile=%s\n", STUB_DEBUG_DAEMON, 
+	DEBUG_DAEMON("%s %s : Conn init     : Transport=%s - Profile=%s\n", STUB_DEBUG_DAEMON, 
 	             upstream->addr_str, transport == GETDNS_TRANSPORT_TLS ? "TLS":"TCP",
 	             dnsreq->context->tls_auth_min == GETDNS_AUTHENTICATION_NONE ? "Opportunistic":"Strict");
 #endif
@@ -1843,6 +1847,8 @@ upstream_find_for_netreq(getdns_network_req *netreq)
 	}
 	/* Handle better, will give generic error*/
 	DEBUG_STUB("%s %-35s: MSG: %p No valid upstream! \n", STUB_DEBUG_SCHEDULE, __FUNCTION__, netreq);
+	DEBUG_DAEMON("%s *FAILURE* no valid transports or upstreams available!\n",
+	              STUB_DEBUG_DAEMON);
 	return -1;
 }
 
@@ -1856,7 +1862,6 @@ fallback_on_write(getdns_network_req *netreq)
 
 	/* Deal with UDP one day*/
 	DEBUG_STUB("%s %-35s: MSG: %p FALLING BACK \n", STUB_DEBUG_SCHEDULE, __FUNCTION__, netreq);
-	DEBUG_DAEMON("%s Falling back...\n", STUB_DEBUG_DAEMON);
 
 	/* Try to find a fallback transport*/
 	getdns_return_t result = _getdns_submit_stub_request(netreq);
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 92a27337..089f005e 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -51,8 +51,11 @@ typedef unsigned short in_port_t;
 static int i_am_stubby = 0;
 static const char *default_stubby_config =
 "{ resolution_type: GETDNS_RESOLUTION_STUB"
+", dns_transport_list: [ GETDNS_TRANSPORT_TLS, GETDNS_TRANSPORT_UDP, GETDNS_TRANSPORT_TCP ]"
 ", idle_timeout: 10000"
 ", listen_addresses: [ 127.0.0.1@53, 0::1@53 ]"
+", tls_query_padding_blocksize: 256"
+", edns_client_subnet_private : 1"
 "}";
 static int clear_listen_list_on_arg = 0;
 #ifndef GETDNS_ON_WINDOWS
@@ -161,13 +164,19 @@ print_usage(FILE *out, const char *progname)
 {
 	fprintf(out, "usage: %s [<option> ...] \\\n"
 	    "\t[@<upstream> ...] [+<extension> ...] [\'{ <settings> }\'] [<name>] [<type>]\n", progname);
-	fprintf(out, "\ndefault mode: "
+	if (!i_am_stubby) {
+		fprintf(out, "\ndefault mode: "
 #ifdef HAVE_LIBUNBOUND
-	    "recursive"
+	            "recursive"
 #else
-	    "stub"
+	            "stub"
 #endif
-	    ", synchronous resolution of NS record\n\t\tusing UDP with TCP fallback\n");
+	            ", synchronous resolution of NS record\n\t\tusing UDP with TCP fallback\n");
+	}
+	else {
+		fprintf(out, "\ndefault mode: "
+			    "stub, asynchronous resolution \n\t\tusing TLS with UDP then TCP fallback\n");
+	}
 	fprintf(out, "\nupstreams: @<ip>[%%<scope_id>][@<port>][#<tls port>][~<tls name>][^<tsig spec>]");
 	fprintf(out, "\n            <ip>@<port> may be given as <IPv4>:<port>");
 	fprintf(out, "\n                  or \'[\'<IPv6>[%%<scope_id>]\']\':<port> too\n");
@@ -192,10 +201,12 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t+0\t\t\tClear all extensions\n");
 	fprintf(out, "\nsettings in json dict format (like outputted by -i option).\n");
 	fprintf(out, "\noptions:\n");
-	fprintf(out, "\t-a\tPerform asynchronous resolution "
-	    "(default = synchronous)\n");
-	fprintf(out, "\t-A\taddress lookup (<type> is ignored)\n");
-	fprintf(out, "\t-B\tBatch mode. Schedule all messages before processing responses.\n");
+	if (!i_am_stubby) {
+		fprintf(out, "\t-a\tPerform asynchronous resolution "
+		    "(default = synchronous)\n");
+		fprintf(out, "\t-A\taddress lookup (<type> is ignored)\n");
+		fprintf(out, "\t-B\tBatch mode. Schedule all messages before processing responses.\n");
+	}
 	fprintf(out, "\t-b <bufsize>\tSet edns0 max_udp_payload size\n");
 	fprintf(out, "\t-c\tSend Client Subnet privacy request\n");
 	fprintf(out, "\t-C\t<filename>\n");
@@ -209,17 +220,21 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t-D\tSet edns0 do bit\n");
 	fprintf(out, "\t-d\tclear edns0 do bit\n");
 	fprintf(out, "\t-e <idle_timeout>\tSet idle timeout in miliseconds\n");
-	fprintf(out, "\t-F <filename>\tread the queries from the specified file\n");
+	if (!i_am_stubby)
+		fprintf(out, "\t-F <filename>\tread the queries from the specified file\n");
 	fprintf(out, "\t-f <filename>\tRead DNSSEC trust anchors from <filename>\n");
 #ifndef GETDNS_ON_WINDOWS
 	if (i_am_stubby)
 		fprintf(out, "\t-g\tRun stubby in background (default is foreground)\n");
 #endif
-	fprintf(out, "\t-G\tgeneral lookup\n");
-	fprintf(out, "\t-H\thostname lookup. (<name> must be an IP address; <type> is ignored)\n");
+	if (!i_am_stubby) {
+		fprintf(out, "\t-G\tgeneral lookup\n");
+		fprintf(out, "\t-H\thostname lookup. (<name> must be an IP address; <type> is ignored)\n");
+	}
 	fprintf(out, "\t-h\tPrint this help\n");
 	fprintf(out, "\t-i\tPrint api information\n");
-	fprintf(out, "\t-I\tInteractive mode (> 1 queries on same context)\n");
+	if (!i_am_stubby)
+		fprintf(out, "\t-I\tInteractive mode (> 1 queries on same context)\n");
 	fprintf(out, "\t-j\tOutput json response dict\n");
 	fprintf(out, "\t-J\tPretty print json response dict\n");
 	fprintf(out, "\t-k\tPrint root trust anchors\n");
@@ -235,8 +250,10 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t-R <filename>\tRead root hints from <filename>\n");
 	fprintf(out, "\t-s\tSet stub resolution type%s\n"
 	       , i_am_stubby ? "" : "(default = recursing)" );
-	fprintf(out, "\t-S\tservice lookup (<type> is ignored)\n");
+	if (!i_am_stubby)
+		fprintf(out, "\t-S\tservice lookup (<type> is ignored)\n");
 	fprintf(out, "\t-t <timeout>\tSet timeout in miliseconds\n");
+	fprintf(out, "\t-v\tPrint getdns release version\n");
 	fprintf(out, "\t-x\tDo not follow redirects\n");
 	fprintf(out, "\t-X\tFollow redirects (default)\n");
 
@@ -840,6 +857,9 @@ getdns_return_t parse_args(int argc, char **argv)
 				getdns_context_set_timeout(
 					context, timeout);
 				goto next;
+			case 'v':
+				fprintf(stdout, "Version %s\n", GETDNS_VERSION);
+				return CONTINUE;
 			case 'x': 
 				getdns_context_set_follow_redirects(
 				    context, GETDNS_REDIRECTS_DO_NOT_FOLLOW);

From 691d32cf802dbc6fdaee9bff0b67dad8d64b065e Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Tue, 6 Dec 2016 15:59:40 +0000
Subject: [PATCH 043/249] Improve README entry on stubby. Add a link to
 dnsprivacy.org (Willem - is this set up yet?) Add sample Strict config file
 into the source with a pointer from the README. Not sure about installing
 this yet as opportunistic seems a better default...?

---
 README.md             | 11 ++++-----
 src/stub.c            |  4 ++++
 src/tools/stubby.conf | 52 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+), 5 deletions(-)
 create mode 100644 src/tools/stubby.conf

diff --git a/README.md b/README.md
index c1a8bae4..42302b83 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ Traditional access to DNS data from applications has several limitations:
 
 * Sophisticated uses of the DNS (things like IDNA and DNSSEC validation) require considerable application work, possibly by application developers with little experience with the vagaries of DNS.
 
-getdns also provides a prototype DNS Privacy enabled client called 'stubby' - see below for more details.
+getdns also provides a experimental DNS Privacy enabled client called 'stubby' - see below for more details.
 
 ## Motivation for providing the API
 
@@ -78,7 +78,7 @@ before building.
 As well as building the getdns library 2 other tools are installed by default by the above process:
 
 * getdns_query: a command line test script wrapper for getdns
-* stubby: a DNS Privacy enabled client
+* stubby: a experimental DNS Privacy enabled client
 
 Note: If you only want to build stubby, then use the `--enable-stub-only` and `--without-libidn` options when running 'configure'.
 
@@ -99,9 +99,10 @@ The implementation works with a variety of event loops, each built as a separate
 
 ## Stubby
 
-* Stubby is a prototype implementation of a DNS Privacy enabled stub resolver. Feedback is welcome!
-* A default configuration file is available here uses a 'Strict' privacy usage profile using some of the available test DNS Privacy servers to resolve queries. Note these servers are test servers that offer no service guarantees. An alternative file can be specified with the '-C' flag
-* If you would like minimal logging output from Stubby (which servers are used and connection level statistics) then also use the '--enable-debug-daemon' flag when running 'configure'.
+* Stubby is an experimental implementation of a DNS Privacy enabled stub resolver. It is currently suitable for advanced/technical users - all feedback is welcome! Also see [dnsprivacy.org](https://dnsprivacy.org) for more information on DNS Privacy and stubby.
+* By default stubby will attempt to use 'Opportunistic' Privacy for DNS queries.
+* A sample configuration file is available in the source code (src/tools/stubby.conf) which uses 'Strict' Privacy and some of the available test DNS Privacy servers to resolve queries. Note these servers are test servers that offer no service guarantees. The location of a configuration file can be specified with the '-C' flag
+* RECOMMENDED: Minimal logging output from Stubby is available  (e.g. which servers are used and connection level statistics) by also using the '--enable-debug-daemon' flag when running 'configure'.
 
 To use stubby
 * Start stubby from the command line
diff --git a/src/stub.c b/src/stub.c
index ef74beb8..d9c35d7d 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1546,9 +1546,11 @@ upstream_write_cb(void *userarg)
 	case STUB_NO_AUTH:
 		/* Cleaning up after connection or auth check failure. Need to fallback. */
 		stub_cleanup(netreq);
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 		DEBUG_DAEMON("%s %s : Conn closed   : Transport=%s - *Failure*\n",
 		             STUB_DEBUG_DAEMON, upstream->addr_str,
 		             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"));
+#endif
 		if (fallback_on_write(netreq) == STUB_TCP_ERROR) {
 			/* TODO: Need new state to report transport unavailable*/
 			netreq->state = NET_REQ_FINISHED;
@@ -1847,8 +1849,10 @@ upstream_find_for_netreq(getdns_network_req *netreq)
 	}
 	/* Handle better, will give generic error*/
 	DEBUG_STUB("%s %-35s: MSG: %p No valid upstream! \n", STUB_DEBUG_SCHEDULE, __FUNCTION__, netreq);
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 	DEBUG_DAEMON("%s *FAILURE* no valid transports or upstreams available!\n",
 	              STUB_DEBUG_DAEMON);
+#endif
 	return -1;
 }
 
diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf
new file mode 100644
index 00000000..3d3fd30e
--- /dev/null
+++ b/src/tools/stubby.conf
@@ -0,0 +1,52 @@
+{ resolution_type: GETDNS_RESOLUTION_STUB
+, dns_transport_list: [ GETDNS_TRANSPORT_TLS ]
+, upstream_recursive_servers:
+  [ { address_data: 145.100.185.15
+    , tls_auth_name: "dnsovertls.sinodun.com"
+    , tls_pubkey_pinset:
+      [ { digest: "sha256"
+        , value: 0xA132D34D34C181765337C70B83E3697B9524DDDB05A7118B43C0284033D5A0CC
+      } ] 
+    },
+    { address_data: 145.100.185.16
+    , tls_auth_name: "dnsovertls1.sinodun.com"
+    , tls_pubkey_pinset:
+      [ { digest: "sha256"
+        , value: 0x659B41EB08DCC70EE9D624E6219C76EE31954DA1548B0C8519EAE5228CB24150
+      } ] 
+    },
+    { address_data: 185.49.141.38
+    , tls_auth_name: "getdnsapi.net"
+    , tls_pubkey_pinset:
+      [ { digest: "sha256"
+        , value: 0x7e8c59467221f606695a797ecc488a6b4109dab7421aba0c5a6d3681ac5273d4
+      } ]
+    },
+    { address_data: 2001:610:1:40ba:145:100:185:15
+    , tls_auth_name: "dnsovertls.sinodun.com"
+    , tls_pubkey_pinset:
+      [ { digest: "sha256"
+        , value: 0xA132D34D34C181765337C70B83E3697B9524DDDB05A7118B43C0284033D5A0CC
+      } ] 
+    },
+    { address_data: 2001:610:1:40ba:145:100:185:16
+    , tls_auth_name: "dnsovertls1.sinodun.com"
+    , tls_pubkey_pinset:
+      [ { digest: "sha256"
+        , value: 0x659B41EB08DCC70EE9D624E6219C76EE31954DA1548B0C8519EAE5228CB24150
+      } ] 
+    },
+    { address_data: 2a04:b900:0:100::38
+    , tls_auth_name: "getdnsapi.net"
+    , tls_pubkey_pinset:
+      [ { digest: "sha256"
+        , value: 0x7e8c59467221f606695a797ecc488a6b4109dab7421aba0c5a6d3681ac5273d4
+      } ]
+    }
+  ]
+, tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
+, tls_query_padding_blocksize: 256
+, edns_client_subnet_private : 1
+, listen_addresses: [ 127.0.0.1, 0::1 ]
+, idle_timeout: 10000 
+}

From 702fe1f5d975c0ccbc7b35694cc64d6dd1ff60a0 Mon Sep 17 00:00:00 2001
From: huitema <huitema@huitema.net>
Date: Tue, 6 Dec 2016 12:32:44 -0800
Subject: [PATCH 044/249] Update default_eventloop.c

---
 src/extension/default_eventloop.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 2f9856dd..b6ad5586 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -25,7 +25,7 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#include "Config.h"
+#include "config.h"
 
 #include "extension/default_eventloop.h"
 #include "debug.h"

From 50b064a292404c77d04ea714a597f6e3a05f36b0 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Wed, 7 Dec 2016 15:40:24 -0800
Subject: [PATCH 045/249] Fixing potential clipping of idle_timeout value in
 call to upstream_reschedule_events

---
 src/stub.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index 8232e288..9bc0a455 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -84,7 +84,7 @@ static void upstream_idle_timeout_cb(void *userarg);
 static void upstream_schedule_netreq(getdns_upstream *upstream, 
                                      getdns_network_req *netreq);
 static void upstream_reschedule_events(getdns_upstream *upstream, 
-                                     size_t idle_timeout);
+                                     uint64_t idle_timeout);
 static int  upstream_connect(getdns_upstream *upstream, 
                              getdns_transport_list_t transport,
                              getdns_dns_req *dnsreq);
@@ -1816,7 +1816,7 @@ fallback_on_write(getdns_network_req *netreq)
 }
 
 static void
-upstream_reschedule_events(getdns_upstream *upstream, size_t idle_timeout) {
+upstream_reschedule_events(getdns_upstream *upstream, uint64_t idle_timeout) {
 
 	DEBUG_STUB("%s %-35s: FD:  %d \n", STUB_DEBUG_SCHEDULE, 
 	             __FUNCTION__, upstream->fd);

From 21303fa40ababb9f205ac987eee2f2b2fd357e68 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 11:07:37 +0100
Subject: [PATCH 046/249] Sync gldns with unbound's sldns

---
 src/gldns/str2wire.c | 14 +++++++-------
 src/gldns/wire2str.c | 11 ++++++-----
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/src/gldns/str2wire.c b/src/gldns/str2wire.c
index 4550a29a..89844f13 100644
--- a/src/gldns/str2wire.c
+++ b/src/gldns/str2wire.c
@@ -328,7 +328,7 @@ rrinternal_write_typeclassttl(gldns_buffer* strbuf, uint8_t* rr, size_t len,
 
 /** find delimiters for type */
 static const char*
-rrinternal_get_delims(gldns_rdf_type rdftype, uint16_t r_cnt, uint16_t r_max)
+rrinternal_get_delims(gldns_rdf_type rdftype, size_t r_cnt, size_t r_max)
 {
 	switch(rdftype) {
 	case GLDNS_RDF_TYPE_B64        :
@@ -463,7 +463,7 @@ rrinternal_parse_unknown(gldns_buffer* strbuf, char* token, size_t token_len,
 static int
 rrinternal_parse_rdf(gldns_buffer* strbuf, char* token, size_t token_len,
 	uint8_t* rr, size_t rr_len, size_t* rr_cur_len, gldns_rdf_type rdftype,
-	uint16_t rr_type, uint16_t r_cnt, uint16_t r_max, size_t dname_len,
+	uint16_t rr_type, size_t r_cnt, size_t r_max, size_t dname_len,
 	uint8_t* origin, size_t origin_len)
 {
 	size_t len;
@@ -613,7 +613,7 @@ rrinternal_parse_rdata(gldns_buffer* strbuf, char* token, size_t token_len,
 	uint8_t* origin, size_t origin_len)
 {
 	const gldns_rr_descriptor *desc = gldns_rr_descript((uint16_t)rr_type);
-	uint16_t r_cnt, r_min, r_max;
+	size_t r_cnt, r_min, r_max;
 	size_t rr_cur_len = dname_len + 10, pre_data_pos, token_strlen;
 	int was_unknown_rr_format = 0, parens = 0, status, quoted;
 	const char* delimiters;
@@ -693,7 +693,7 @@ rrinternal_parse_rdata(gldns_buffer* strbuf, char* token, size_t token_len,
 				gldns_buffer_position(strbuf));
 	}
 	/* write rdata length */
-	gldns_write_uint16(rr+dname_len+8, rr_cur_len-dname_len-10);
+	gldns_write_uint16(rr+dname_len+8, (uint16_t)(rr_cur_len-dname_len-10));
 	*rr_len = rr_cur_len;
 	return GLDNS_WIREPARSE_ERR_OK;
 }
@@ -1369,7 +1369,7 @@ int gldns_str2wire_time_buf(const char* str, uint8_t* rd, size_t* len)
 		if (tm.tm_sec < 0 || tm.tm_sec > 59)
 			return GLDNS_WIREPARSE_ERR_SYNTAX_TIME;
 
-		gldns_write_uint32(rd, gldns_mktime_from_utc(&tm));
+		gldns_write_uint32(rd, (uint32_t)gldns_mktime_from_utc(&tm));
 	} else {
 		/* handle it as 32 bits timestamp */
 		char *end;
@@ -1932,7 +1932,7 @@ int gldns_str2wire_tag_buf(const char* str, uint8_t* rd, size_t* len)
 		if(!isalnum((unsigned char)*ptr))
 			return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_TAG, ptr-str);
 	}
-	rd[0] = slen;
+	rd[0] = (uint8_t)slen;
 	memmove(rd+1, str, slen);
 	*len = slen+1;
 	return GLDNS_WIREPARSE_ERR_OK;
@@ -2000,7 +2000,7 @@ int gldns_str2wire_hip_buf(const char* str, uint8_t* rd, size_t* len)
 		return RET_ERR_SHIFT(e, s-(char*)str);
 	if(pklen > 65535)
 		return RET_ERR(GLDNS_WIREPARSE_ERR_LABEL_OVERFLOW, s-(char*)str+65535);
-	gldns_write_uint16(rd+2, pklen);
+	gldns_write_uint16(rd+2, (uint16_t)pklen);
 
 	*len = 4 + hitlen + pklen;
 	return GLDNS_WIREPARSE_ERR_OK;
diff --git a/src/gldns/wire2str.c b/src/gldns/wire2str.c
index abc055d7..50d00967 100644
--- a/src/gldns/wire2str.c
+++ b/src/gldns/wire2str.c
@@ -668,7 +668,7 @@ int gldns_wire2str_rdata_scan(uint8_t** d, size_t* dlen, char** s,
 	uint8_t* origd = *d;
 	char* origs = *s;
 	size_t origdlen = *dlen, origslen = *slen;
-	uint16_t r_cnt, r_max;
+	size_t r_cnt, r_max;
 	gldns_rdf_type rdftype;
 	int w = 0, n;
 
@@ -789,8 +789,9 @@ int gldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 		}
 
 		/* spool label characters, end with '.' */
-		if(in_buf && *dlen < labellen) labellen = *dlen;
-		else if(!in_buf && pos+labellen > pkt+pktlen)
+		if(in_buf && *dlen < (size_t)labellen)
+			labellen = (uint8_t)*dlen;
+		else if(!in_buf && pos+(size_t)labellen > pkt+pktlen)
 			labellen = (uint8_t)(pkt + pktlen - pos);
 		for(i=0; i<(unsigned)labellen; i++) {
 			w += dname_char_print(s, slen, *pos++);
@@ -1983,10 +1984,10 @@ int gldns_wire2str_edns_scan(uint8_t** data, size_t* data_len, char** str,
 	w += gldns_str_print(str, str_len, " ; udp: %u", (unsigned)udpsize);
 
 	if(rdatalen) {
-		if(*data_len < rdatalen) {
+		if((size_t)*data_len < rdatalen) {
 			w += gldns_str_print(str, str_len,
 				" ; Error EDNS rdata too short; ");
-			rdatalen = *data_len;
+			rdatalen = (uint16_t)*data_len;
 		}
 		w += print_edns_opts(str, str_len, *data, rdatalen);
 		(*data) += rdatalen;

From 473da8966bc0cfcb93b65530068386a8d04ce450 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 14:05:58 +0100
Subject: [PATCH 047/249] Library fixed for CFLAGS=-Wextra

---
 src/context.c                     |   9 +-
 src/context.h                     |   2 +-
 src/convert.c                     |   3 -
 src/dict.c                        |  19 +-
 src/dnssec.c                      |   6 +-
 src/extension/default_eventloop.c |  10 +-
 src/extension/libev.c             |   5 +-
 src/extension/libevent.c          |   2 +
 src/extension/libuv.c             |   3 +
 src/list.c                        |   2 +-
 src/pubkey-pinning.c              |   4 +-
 src/rr-dict.c                     | 307 +++++++++++++++---------------
 src/rr-dict.h                     |   2 +-
 src/rr-iter.c                     |   2 +-
 src/rr-iter.h                     |   8 +-
 src/stub.c                        |   8 +-
 src/sync.c                        |   1 +
 src/types-internal.h              |   2 +-
 src/ub_loop.c                     |   4 +-
 src/util-internal.c               |   4 +-
 20 files changed, 211 insertions(+), 192 deletions(-)

diff --git a/src/context.c b/src/context.c
index 8893191e..dc3b8b92 100644
--- a/src/context.c
+++ b/src/context.c
@@ -711,8 +711,11 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 }
 
 static int
-tls_is_in_transports_list(getdns_context *context) {
-	for (int i=0; i< context->dns_transport_count;i++) {
+tls_is_in_transports_list(getdns_context *context)
+{
+	size_t i;
+
+	for (i = 0; i< context->dns_transport_count;i++) {
 		if (context->dns_transports[i] == GETDNS_TRANSPORT_TLS)
 			return 1;
 	}
@@ -2971,7 +2974,7 @@ getdns_return_t
 _getdns_context_prepare_for_resolution(struct getdns_context *context,
     int usenamespaces)
 {
-	int i;
+	size_t i;
 	getdns_return_t r;
 
 	RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
diff --git a/src/context.h b/src/context.h
index 46ed6c88..86bfb817 100644
--- a/src/context.h
+++ b/src/context.h
@@ -192,7 +192,7 @@ struct getdns_context {
 	/* Context values */
 	getdns_resolution_t  resolution_type;
 	getdns_namespace_t   *namespaces;
-	int                  namespace_count;
+	size_t               namespace_count;
 	uint64_t             timeout;
 	uint64_t             idle_timeout;
 	getdns_redirects_t   follow_redirects;
diff --git a/src/convert.c b/src/convert.c
index 9ce2fa39..41d2b155 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -53,9 +53,6 @@
 #include "convert.h"
 #include "debug.h"
 
-/* stuff to make it compile pedantically */
-#define UNUSED_PARAM(x) ((void)(x))
-
 getdns_return_t
 getdns_convert_dns_name_to_fqdn(
     const getdns_bindata *dns_name_wire_fmt, char **fqdn_as_string)
diff --git a/src/dict.c b/src/dict.c
index e7294e62..042ec190 100644
--- a/src/dict.c
+++ b/src/dict.c
@@ -54,7 +54,7 @@
 
 
 static char *_json_ptr_first(const struct mem_funcs *mf,
-    const char *jptr, char *first, size_t first_sz)
+    const char *jptr, char *first, ssize_t first_sz)
 {
 	const char *next_ref, *k;
 	char *j;
@@ -735,14 +735,13 @@ _getdns_bindata_is_dname(getdns_bindata *bindata)
 /**
  * private function to pretty print bindata to a gldns_buffer
  * @param buf     buffer to write to
- * @param indent  number of spaces to append after newline
  * @param bindata the bindata to print
  * @return        on success the number of written characters
  *                if an output error is encountered, a negative value
  */
 static int
-getdns_pp_bindata(gldns_buffer *buf, size_t indent,
-	getdns_bindata *bindata, int rdata_raw, int json)
+getdns_pp_bindata(gldns_buffer *buf, getdns_bindata *bindata,
+    int rdata_raw, int json)
 {
 	size_t i, p = gldns_buffer_position(buf);
 	uint8_t *dptr;
@@ -887,7 +886,7 @@ getdns_pp_list(gldns_buffer *buf, size_t indent, const getdns_list *list,
 			    GETDNS_RETURN_GOOD)
 				return -1;
 			if (getdns_pp_bindata(
-			    buf, indent, bindata_item, 0, json) < 0)
+			    buf, bindata_item, 0, json) < 0)
 				return -1;
 			break;
 
@@ -1096,7 +1095,7 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 					return -1;
 	
 			} else if (getdns_pp_bindata(
-			    buf, indent, item->i.data.bindata,
+			    buf, item->i.data.bindata,
 			    (strcmp(item->node.key, "rdata_raw") == 0),
 			    json) < 0)
 				return -1;
@@ -1189,7 +1188,7 @@ getdns_pretty_snprint_dict(char *str, size_t size, const getdns_dict *dict)
 
 	gldns_buffer_init_frm_data(&buf, str, size);
 	return getdns_pp_dict(&buf, 0, dict, 0) < 0
-	     ? -1 : gldns_buffer_position(&buf);
+	     ? -1 : (int)gldns_buffer_position(&buf);
 }
 
 char *
@@ -1223,7 +1222,7 @@ getdns_pretty_snprint_list(char *str, size_t size, const getdns_list *list)
 
 	gldns_buffer_init_frm_data(&buf, str, size);
 	return getdns_pp_list(&buf, 0, list, 0, 0) < 0
-	     ? -1 : gldns_buffer_position(&buf);
+	     ? -1 : (int)gldns_buffer_position(&buf);
 }
 
 char *
@@ -1258,7 +1257,7 @@ getdns_snprint_json_dict(
 
 	gldns_buffer_init_frm_data(&buf, str, size);
 	return getdns_pp_dict(&buf, 0, dict, pretty ? 1 : 2) < 0
-	     ? -1 : gldns_buffer_position(&buf);
+	     ? -1 : (int)gldns_buffer_position(&buf);
 }
 
 char *
@@ -1293,7 +1292,7 @@ getdns_snprint_json_list(
 
 	gldns_buffer_init_frm_data(&buf, str, size);
 	return getdns_pp_list(&buf, 0, list, 0, pretty ? 1 : 2) < 0
-	     ? -1 : gldns_buffer_position(&buf);
+	     ? -1 : (int)gldns_buffer_position(&buf);
 }
 
 /* dict.c */
diff --git a/src/dnssec.c b/src/dnssec.c
index f567b96b..961941a4 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -256,7 +256,7 @@ static uint8_t *_dname_label_copy(uint8_t *dst, const uint8_t *src, size_t dst_l
 {
 	uint8_t *r = dst, i;
 
-	if (!src || *src + 1 > dst_len)
+	if (!src || (size_t)*src + 1 > dst_len)
 		return NULL;
 
 	for (i = (*dst++ = *src++); i ; i--)
@@ -528,7 +528,7 @@ static chain_head *add_rrset2val_chain(struct mem_funcs *mf,
 	chain_head *head;
 	const uint8_t *labels[128], **last_label, **label;
 
-	size_t      max_labels; /* max labels in common */
+	ssize_t     max_labels; /* max labels in common */
 	chain_head *max_head;
 	chain_node *max_node;
 
@@ -1871,7 +1871,7 @@ static int ds_authenticates_keys(struct mem_funcs *mf,
 			max_supported_digest = ds->rr_i.rr_type[13];
 			max_supported_result = 0;
 
-			if (digest_len != ds->rr_i.nxt - ds->rr_i.rr_type-14
+			if ((int)digest_len != ds->rr_i.nxt - ds->rr_i.rr_type-14
 			    || memcmp(digest, ds->rr_i.rr_type+14, digest_len) != 0) {
 				if (digest != digest_spc)
 					GETDNS_FREE(*mf, digest);
diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 10efff59..671c3955 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -39,7 +39,8 @@ static uint64_t get_now_plus(uint64_t amount)
 	}
 	now = tv.tv_sec * 1000000 + tv.tv_usec;
 
-	return (now + amount * 1000) >= now ? now + amount * 1000 : -1;
+	return (now + amount * 1000) >= now
+	      ? now + amount * 1000 : 0xFFFFFFFFFFFFFFFF;
 }
 
 static getdns_return_t
@@ -151,6 +152,7 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 static void
 default_eventloop_cleanup(getdns_eventloop *loop)
 {
+	(void)loop;
 }
 
 static void
@@ -181,7 +183,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 
 	fd_set   readfds, writefds;
 	int      fd, max_fd = -1;
-	uint64_t now, timeout = (uint64_t)-1;
+	uint64_t now, timeout = 0xFFFFFFFFFFFFFFFF;
 	size_t   i;
 	struct timeval tv;
 
@@ -212,7 +214,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		if (default_loop->fd_timeout_times[fd] < timeout)
 			timeout = default_loop->fd_timeout_times[fd];
 	}
-	if (max_fd == -1 && timeout == (uint64_t)-1)
+	if (max_fd == -1 && timeout == 0xFFFFFFFFFFFFFFFF)
 		return;
 
 	if (! blocking || now > timeout) {
@@ -223,7 +225,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		tv.tv_usec = (timeout - now) % 1000000;
 	}
 	if (select(max_fd + 1, &readfds, &writefds, NULL,
-	    (timeout == ((uint64_t)-1) ? NULL : &tv)) < 0) {
+	    (timeout == 0xFFFFFFFFFFFFFFFF ? NULL : &tv)) < 0) {
 		perror("select() failed");
 		exit(EXIT_FAILURE);
 	}
diff --git a/src/extension/libev.c b/src/extension/libev.c
index 6a8c26e9..ff36b5c2 100644
--- a/src/extension/libev.c
+++ b/src/extension/libev.c
@@ -97,6 +97,7 @@ static void
 getdns_libev_read_cb(struct ev_loop *l, struct ev_io *io, int revents)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)io->data;
+	(void)l; (void)revents;
         assert(el_ev->read_cb);
         el_ev->read_cb(el_ev->userarg);
 }
@@ -105,14 +106,16 @@ static void
 getdns_libev_write_cb(struct ev_loop *l, struct ev_io *io, int revents)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)io->data;
+	(void)l; (void)revents;
         assert(el_ev->write_cb);
         el_ev->write_cb(el_ev->userarg);
 }
 
 static void
-getdns_libev_timeout_cb(struct ev_loop *l, struct ev_timer *timer, int revent)
+getdns_libev_timeout_cb(struct ev_loop *l, struct ev_timer *timer, int revents)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)timer->data;
+	(void)l; (void)revents;
         assert(el_ev->timeout_cb);
         el_ev->timeout_cb(el_ev->userarg);
 }
diff --git a/src/extension/libevent.c b/src/extension/libevent.c
index 800ebe8e..d096d347 100644
--- a/src/extension/libevent.c
+++ b/src/extension/libevent.c
@@ -95,6 +95,7 @@ static getdns_return_t
 getdns_libevent_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
 {
 	struct event *my_ev = (struct event *)el_ev->ev;
+	(void)loop;
 
 	assert(my_ev);
 
@@ -110,6 +111,7 @@ static void
 getdns_libevent_callback(evutil_socket_t fd, short bits, void *arg)
 {
 	getdns_eventloop_event *el_ev = (getdns_eventloop_event *)arg;
+	(void)fd;
 
 	if (bits & EV_READ) {
 		assert(el_ev->read_cb);
diff --git a/src/extension/libuv.c b/src/extension/libuv.c
index adf97835..ec9257be 100644
--- a/src/extension/libuv.c
+++ b/src/extension/libuv.c
@@ -104,6 +104,7 @@ getdns_libuv_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
 	poll_timer   *my_ev = (poll_timer *)el_ev->ev;
 	uv_poll_t    *my_poll;
 	uv_timer_t   *my_timer;
+	(void)loop;
 	
 	assert(my_ev);
 
@@ -141,6 +142,7 @@ static void
 getdns_libuv_read_cb(uv_poll_t *poll, int status, int events)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)poll->data;
+	(void)status; (void)events;
         assert(el_ev->read_cb);
 	DEBUG_UV("enter libuv_read_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);
@@ -153,6 +155,7 @@ static void
 getdns_libuv_write_cb(uv_poll_t *poll, int status, int events)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)poll->data;
+	(void)status; (void)events;
         assert(el_ev->write_cb);
 	DEBUG_UV("enter libuv_write_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);
diff --git a/src/list.c b/src/list.c
index eec2a1c1..4a73b63f 100644
--- a/src/list.c
+++ b/src/list.c
@@ -312,7 +312,7 @@ getdns_return_t
 _getdns_list_copy(const struct getdns_list * srclist,
 	struct getdns_list ** dstlist)
 {
-	int i;
+	size_t i;
 	getdns_return_t retval;
 
 	if (!dstlist)
diff --git a/src/pubkey-pinning.c b/src/pubkey-pinning.c
index 7d286691..db60fbc8 100644
--- a/src/pubkey-pinning.c
+++ b/src/pubkey-pinning.c
@@ -97,7 +97,7 @@ getdns_dict* getdns_pubkey_pin_create_from_string(
 	const char* str)
 {
 	BIO *bio = NULL;
-	int i;
+	size_t i;
 	uint8_t buf[SHA256_DIGEST_LENGTH];
 	char inbuf[B64_ENCODED_SHA256_LENGTH + 1];
 	getdns_bindata value = { .size = SHA256_DIGEST_LENGTH, .data = buf };
@@ -425,7 +425,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 #endif
 		/* digest the cert with sha256 */
 		len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), NULL);
-		if (len > sizeof(raw)) {
+		if (len > (int)sizeof(raw)) {
 			DEBUG_STUB("%s %-35s: Pubkey %d is larger than "PRIsz" octets\n",
 			           STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, sizeof(raw));
 			continue;
diff --git a/src/rr-dict.c b/src/rr-dict.c
index 76972997..1fa30fed 100644
--- a/src/rr-dict.c
+++ b/src/rr-dict.c
@@ -47,6 +47,7 @@
 static const uint8_t *
 apl_n_rdf_end(const uint8_t *pkt, const uint8_t *pkt_end, const uint8_t *rdf)
 {
+	(void)pkt;
 	return rdf < pkt_end ? rdf + 1 : NULL;
 }
 static getdns_return_t
@@ -107,6 +108,7 @@ apl_afdpart_rdf_end(
     const uint8_t *pkt, const uint8_t *pkt_end, const uint8_t *rdf)
 {
 	const uint8_t *end = rdf + (rdf[-1] & 0x7F);
+	(void)(pkt);
 	return end <= pkt_end ? end : NULL;
 }
 static getdns_return_t
@@ -335,6 +337,7 @@ static const uint8_t *
 hip_pk_algorithm_rdf_end(
     const uint8_t *pkt, const uint8_t *pkt_end, const uint8_t *rdf)
 {
+	(void)(pkt);
 	return rdf + 4 > pkt_end ? NULL
 	     : rdf + 4 + *rdf + gldns_read_uint16(rdf + 2) > pkt_end ? NULL
 	     : rdf + 1;
@@ -397,6 +400,7 @@ static _getdns_rdf_special hip_pk_algorithm = {
 static const uint8_t *
 hip_hit_rdf_end(const uint8_t *pkt, const uint8_t *pkt_end, const uint8_t *rdf)
 {
+	(void)(pkt);
 	return rdf + 3 > pkt_end ? NULL
 	     : rdf + 3 + rdf[-1] + gldns_read_uint16(rdf + 1) > pkt_end ? NULL
 	     : rdf + 1;
@@ -467,6 +471,7 @@ static const uint8_t *
 hip_public_key_rdf_end(
     const uint8_t *pkt, const uint8_t *pkt_end, const uint8_t *rdf)
 {
+	(void)(pkt);
 	return rdf + 2 > pkt_end ? NULL
 	     : rdf + 2 + rdf[-2] + gldns_read_uint16(rdf) > pkt_end ? NULL
 	     : rdf + 2 + rdf[-2] + gldns_read_uint16(rdf);
@@ -537,222 +542,222 @@ static _getdns_rdf_special hip_public_key = {
 
 
 static _getdns_rdata_def          a_rdata[] = {
-	{ "ipv4_address"                , GETDNS_RDF_A    }};
+	{ "ipv4_address"                , GETDNS_RDF_A      , NULL }};
 static _getdns_rdata_def         ns_rdata[] = {
-	{ "nsdname"                     , GETDNS_RDF_N_C  }};
+	{ "nsdname"                     , GETDNS_RDF_N_C    , NULL }};
 static _getdns_rdata_def         md_rdata[] = {
-	{ "madname"                     , GETDNS_RDF_N_C  }};
+	{ "madname"                     , GETDNS_RDF_N_C    , NULL }};
 static _getdns_rdata_def      cname_rdata[] = {
-	{ "cname"                       , GETDNS_RDF_N_C  }};
+	{ "cname"                       , GETDNS_RDF_N_C    , NULL }};
 static _getdns_rdata_def        soa_rdata[] = {
-	{ "mname"                       , GETDNS_RDF_N_C  },
-	{ "rname"                       , GETDNS_RDF_N_C  },
-	{ "serial"                      , GETDNS_RDF_I4   },
-	{ "refresh"                     , GETDNS_RDF_I4   },
-	{ "retry"                       , GETDNS_RDF_I4   },
-	{ "expire"                      , GETDNS_RDF_I4   },
-	{ "minimum"                     , GETDNS_RDF_I4   }};
+	{ "mname"                       , GETDNS_RDF_N_C    , NULL },
+	{ "rname"                       , GETDNS_RDF_N_C    , NULL },
+	{ "serial"                      , GETDNS_RDF_I4     , NULL },
+	{ "refresh"                     , GETDNS_RDF_I4     , NULL },
+	{ "retry"                       , GETDNS_RDF_I4     , NULL },
+	{ "expire"                      , GETDNS_RDF_I4     , NULL },
+	{ "minimum"                     , GETDNS_RDF_I4     , NULL }};
 static _getdns_rdata_def         mg_rdata[] = {
-	{ "mgmname"                     , GETDNS_RDF_N_C  }};
+	{ "mgmname"                     , GETDNS_RDF_N_C    , NULL }};
 static _getdns_rdata_def         mr_rdata[] = {
-	{ "newname"                     , GETDNS_RDF_N_C  }};
+	{ "newname"                     , GETDNS_RDF_N_C    , NULL }};
 static _getdns_rdata_def       null_rdata[] = {
-	{ "anything"                    , GETDNS_RDF_X    }};
+	{ "anything"                    , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def        wks_rdata[] = {
-	{ "address"                     , GETDNS_RDF_A    },
-	{ "protocol"                    , GETDNS_RDF_I1   },
-	{ "bitmap"                      , GETDNS_RDF_X    }};
+	{ "address"                     , GETDNS_RDF_A      , NULL },
+	{ "protocol"                    , GETDNS_RDF_I1     , NULL },
+	{ "bitmap"                      , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def        ptr_rdata[] = {
-	{ "ptrdname"                    , GETDNS_RDF_N_C  }};
+	{ "ptrdname"                    , GETDNS_RDF_N_C    , NULL }};
 static _getdns_rdata_def      hinfo_rdata[] = {
-	{ "cpu"                         , GETDNS_RDF_S    },
-	{ "os"                          , GETDNS_RDF_S    }};
+	{ "cpu"                         , GETDNS_RDF_S      , NULL },
+	{ "os"                          , GETDNS_RDF_S      , NULL }};
 static _getdns_rdata_def      minfo_rdata[] = {
-	{ "rmailbx"                     , GETDNS_RDF_N_C  },
-	{ "emailbx"                     , GETDNS_RDF_N_C  }};
+	{ "rmailbx"                     , GETDNS_RDF_N_C    , NULL },
+	{ "emailbx"                     , GETDNS_RDF_N_C    , NULL }};
 static _getdns_rdata_def         mx_rdata[] = {
-	{ "preference"                  , GETDNS_RDF_I2   },
-	{ "exchange"                    , GETDNS_RDF_N_C  }};
+	{ "preference"                  , GETDNS_RDF_I2     , NULL },
+	{ "exchange"                    , GETDNS_RDF_N_C    , NULL }};
 static _getdns_rdata_def        txt_rdata[] = {
-	{ "txt_strings"                 , GETDNS_RDF_S_M  }};
+	{ "txt_strings"                 , GETDNS_RDF_S_M    , NULL }};
 static _getdns_rdata_def         rp_rdata[] = {
-	{ "mbox_dname"                  , GETDNS_RDF_N    },
-	{ "txt_dname"                   , GETDNS_RDF_N    }};
+	{ "mbox_dname"                  , GETDNS_RDF_N      , NULL },
+	{ "txt_dname"                   , GETDNS_RDF_N      , NULL }};
 static _getdns_rdata_def      afsdb_rdata[] = {
-	{ "subtype"                     , GETDNS_RDF_I2   },
-	{ "hostname"                    , GETDNS_RDF_N    }};
+	{ "subtype"                     , GETDNS_RDF_I2     , NULL },
+	{ "hostname"                    , GETDNS_RDF_N      , NULL }};
 static _getdns_rdata_def        x25_rdata[] = {
-	{ "psdn_address"                , GETDNS_RDF_S    }};
+	{ "psdn_address"                , GETDNS_RDF_S      , NULL }};
 static _getdns_rdata_def       isdn_rdata[] = {
-	{ "isdn_address"                , GETDNS_RDF_S    },
-	{ "sa"                          , GETDNS_RDF_S    }};
+	{ "isdn_address"                , GETDNS_RDF_S      , NULL },
+	{ "sa"                          , GETDNS_RDF_S      , NULL }};
 static _getdns_rdata_def         rt_rdata[] = {
-	{ "preference"                  , GETDNS_RDF_I2   },
-	{ "intermediate_host"           , GETDNS_RDF_N    }};
+	{ "preference"                  , GETDNS_RDF_I2     , NULL },
+	{ "intermediate_host"           , GETDNS_RDF_N      , NULL }};
 static _getdns_rdata_def       nsap_rdata[] = {
-	{ "nsap"                        , GETDNS_RDF_X    }};
+	{ "nsap"                        , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def        sig_rdata[] = {
-	{ "sig_obsolete"                , GETDNS_RDF_X    }};
+	{ "sig_obsolete"                , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def        key_rdata[] = {
-	{ "key_obsolete"                , GETDNS_RDF_X    }};
+	{ "key_obsolete"                , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def         px_rdata[] = {
-	{ "preference"                  , GETDNS_RDF_I2   },
-	{ "map822"                      , GETDNS_RDF_N    },
-	{ "mapx400"                     , GETDNS_RDF_N    }};
+	{ "preference"                  , GETDNS_RDF_I2     , NULL },
+	{ "map822"                      , GETDNS_RDF_N      , NULL },
+	{ "mapx400"                     , GETDNS_RDF_N      , NULL }};
 static _getdns_rdata_def       gpos_rdata[] = {
-	{ "longitude"                   , GETDNS_RDF_S    },
-	{ "latitude"                    , GETDNS_RDF_S    },
-	{ "altitude"                    , GETDNS_RDF_S    }};
+	{ "longitude"                   , GETDNS_RDF_S      , NULL },
+	{ "latitude"                    , GETDNS_RDF_S      , NULL },
+	{ "altitude"                    , GETDNS_RDF_S      , NULL }};
 static _getdns_rdata_def       aaaa_rdata[] = {
-	{ "ipv6_address"                , GETDNS_RDF_AAAA }};
+	{ "ipv6_address"                , GETDNS_RDF_AAAA   , NULL }};
 static _getdns_rdata_def        loc_rdata[] = {
-	{ "loc_obsolete"                , GETDNS_RDF_X    }};
+	{ "loc_obsolete"                , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def        nxt_rdata[] = {
-	{ "nxt_obsolete"                , GETDNS_RDF_X    }};
+	{ "nxt_obsolete"                , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def        srv_rdata[] = {
-	{ "priority"                    , GETDNS_RDF_I2   },
-	{ "weight"                      , GETDNS_RDF_I2   },
-	{ "port"                        , GETDNS_RDF_I2   },
-	{ "target"                      , GETDNS_RDF_N    }};
+	{ "priority"                    , GETDNS_RDF_I2     , NULL },
+	{ "weight"                      , GETDNS_RDF_I2     , NULL },
+	{ "port"                        , GETDNS_RDF_I2     , NULL },
+	{ "target"                      , GETDNS_RDF_N      , NULL }};
 static _getdns_rdata_def       atma_rdata[] = {
-	{ "format"                      , GETDNS_RDF_X    }};
+	{ "format"                      , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def      naptr_rdata[] = {
-	{ "order"                       , GETDNS_RDF_I2   },
-	{ "preference"                  , GETDNS_RDF_I2   },
-	{ "flags"                       , GETDNS_RDF_S    },
-	{ "service"                     , GETDNS_RDF_S    },
-	{ "regexp"                      , GETDNS_RDF_S    },
-	{ "replacement"                 , GETDNS_RDF_N    }};
+	{ "order"                       , GETDNS_RDF_I2     , NULL },
+	{ "preference"                  , GETDNS_RDF_I2     , NULL },
+	{ "flags"                       , GETDNS_RDF_S      , NULL },
+	{ "service"                     , GETDNS_RDF_S      , NULL },
+	{ "regexp"                      , GETDNS_RDF_S      , NULL },
+	{ "replacement"                 , GETDNS_RDF_N      , NULL }};
 static _getdns_rdata_def         kx_rdata[] = {
-	{ "preference"                  , GETDNS_RDF_I2   },
-	{ "exchanger"                   , GETDNS_RDF_N    }};
+	{ "preference"                  , GETDNS_RDF_I2     , NULL },
+	{ "exchanger"                   , GETDNS_RDF_N      , NULL }};
 static _getdns_rdata_def       cert_rdata[] = {
-	{ "type"                        , GETDNS_RDF_I2   },
-	{ "key_tag"                     , GETDNS_RDF_I2   },
-	{ "algorithm"                   , GETDNS_RDF_I1   },
-	{ "certificate_or_crl"          , GETDNS_RDF_B    }};
+	{ "type"                        , GETDNS_RDF_I2     , NULL },
+	{ "key_tag"                     , GETDNS_RDF_I2     , NULL },
+	{ "algorithm"                   , GETDNS_RDF_I1     , NULL },
+	{ "certificate_or_crl"          , GETDNS_RDF_B      , NULL }};
 static _getdns_rdata_def         a6_rdata[] = {
-	{ "a6_obsolete"                 , GETDNS_RDF_X    }};
+	{ "a6_obsolete"                 , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def      dname_rdata[] = {
-	{ "target"                      , GETDNS_RDF_N    }};
+	{ "target"                      , GETDNS_RDF_N      , NULL }};
 static _getdns_rdata_def        opt_rdata[] = {
-	{ "options"                     , GETDNS_RDF_R    },
-	{ "option_code"                 , GETDNS_RDF_I2   },
-	{ "option_data"                 , GETDNS_RDF_X_S  }};
+	{ "options"                     , GETDNS_RDF_R      , NULL },
+	{ "option_code"                 , GETDNS_RDF_I2     , NULL },
+	{ "option_data"                 , GETDNS_RDF_X_S    , NULL }};
 static _getdns_rdata_def        apl_rdata[] = {
-	{ "apitems"                     , GETDNS_RDF_R    },
-	{ "address_family"              , GETDNS_RDF_I2   },
-	{ "prefix"                      , GETDNS_RDF_I1   },
+	{ "apitems"                     , GETDNS_RDF_R      , NULL },
+	{ "address_family"              , GETDNS_RDF_I2     , NULL },
+	{ "prefix"                      , GETDNS_RDF_I1     , NULL },
 	{ "n"                           , GETDNS_RDF_SPECIAL, &apl_n },
 	{ "afdpart"                     , GETDNS_RDF_SPECIAL, &apl_afdpart }};
 static _getdns_rdata_def         ds_rdata[] = {
-	{ "key_tag"                     , GETDNS_RDF_I2   },
-	{ "algorithm"                   , GETDNS_RDF_I1   },
-	{ "digest_type"                 , GETDNS_RDF_I1   },
-	{ "digest"                      , GETDNS_RDF_X    }};
+	{ "key_tag"                     , GETDNS_RDF_I2     , NULL },
+	{ "algorithm"                   , GETDNS_RDF_I1     , NULL },
+	{ "digest_type"                 , GETDNS_RDF_I1     , NULL },
+	{ "digest"                      , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def      sshfp_rdata[] = {
-	{ "algorithm"                   , GETDNS_RDF_I1   },
-	{ "fp_type"                     , GETDNS_RDF_I1   },
-	{ "fingerprint"                 , GETDNS_RDF_X    }};
+	{ "algorithm"                   , GETDNS_RDF_I1     , NULL },
+	{ "fp_type"                     , GETDNS_RDF_I1     , NULL },
+	{ "fingerprint"                 , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def   ipseckey_rdata[] = {
-	{ "algorithm"                   , GETDNS_RDF_I1   },
-	{ "gateway_type"                , GETDNS_RDF_I1   },
-	{ "precedence"                  , GETDNS_RDF_I1   },
+	{ "algorithm"                   , GETDNS_RDF_I1     , NULL },
+	{ "gateway_type"                , GETDNS_RDF_I1     , NULL },
+	{ "precedence"                  , GETDNS_RDF_I1     , NULL },
 	{ "gateway"                     , GETDNS_RDF_SPECIAL, &ipseckey_gateway },
-	{ "public_key"                  , GETDNS_RDF_B    }};
+	{ "public_key"                  , GETDNS_RDF_B      , NULL }};
 static _getdns_rdata_def      rrsig_rdata[] = {
-	{ "type_covered"                , GETDNS_RDF_I2   },
-	{ "algorithm"                   , GETDNS_RDF_I1   },
-	{ "labels"                      , GETDNS_RDF_I1   },
-	{ "original_ttl"                , GETDNS_RDF_I4   },
-	{ "signature_expiration"        , GETDNS_RDF_T    },
-	{ "signature_inception"         , GETDNS_RDF_T    },
-	{ "key_tag"                     , GETDNS_RDF_I2   },
-	{ "signers_name"                , GETDNS_RDF_N    },
-	{ "signature"                   , GETDNS_RDF_B    }};
+	{ "type_covered"                , GETDNS_RDF_I2     , NULL },
+	{ "algorithm"                   , GETDNS_RDF_I1     , NULL },
+	{ "labels"                      , GETDNS_RDF_I1     , NULL },
+	{ "original_ttl"                , GETDNS_RDF_I4     , NULL },
+	{ "signature_expiration"        , GETDNS_RDF_T      , NULL },
+	{ "signature_inception"         , GETDNS_RDF_T      , NULL },
+	{ "key_tag"                     , GETDNS_RDF_I2     , NULL },
+	{ "signers_name"                , GETDNS_RDF_N      , NULL },
+	{ "signature"                   , GETDNS_RDF_B      , NULL }};
 static _getdns_rdata_def       nsec_rdata[] = {
-	{ "next_domain_name"            , GETDNS_RDF_N    },
-	{ "type_bit_maps"               , GETDNS_RDF_X    }};
+	{ "next_domain_name"            , GETDNS_RDF_N      , NULL },
+	{ "type_bit_maps"               , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def     dnskey_rdata[] = {
-	{ "flags"                       , GETDNS_RDF_I2   },
-	{ "protocol"                    , GETDNS_RDF_I1   },
-	{ "algorithm"                   , GETDNS_RDF_I1   },
-	{ "public_key"                  , GETDNS_RDF_B    }};
+	{ "flags"                       , GETDNS_RDF_I2     , NULL },
+	{ "protocol"                    , GETDNS_RDF_I1     , NULL },
+	{ "algorithm"                   , GETDNS_RDF_I1     , NULL },
+	{ "public_key"                  , GETDNS_RDF_B      , NULL }};
 static _getdns_rdata_def      dhcid_rdata[] = {
-	{ "dhcid_opaque"                , GETDNS_RDF_B    }};
+	{ "dhcid_opaque"                , GETDNS_RDF_B      , NULL }};
 static _getdns_rdata_def      nsec3_rdata[] = {
-	{ "hash_algorithm"              , GETDNS_RDF_I1   },
-	{ "flags"                       , GETDNS_RDF_I1   },
-	{ "iterations"                  , GETDNS_RDF_I2   },
-	{ "salt"                        , GETDNS_RDF_X_C  },
-	{ "next_hashed_owner_name"      , GETDNS_RDF_B32_C},
-	{ "type_bit_maps"               , GETDNS_RDF_X    }};
+	{ "hash_algorithm"              , GETDNS_RDF_I1     , NULL },
+	{ "flags"                       , GETDNS_RDF_I1     , NULL },
+	{ "iterations"                  , GETDNS_RDF_I2     , NULL },
+	{ "salt"                        , GETDNS_RDF_X_C    , NULL },
+	{ "next_hashed_owner_name"      , GETDNS_RDF_B32_C  , NULL },
+	{ "type_bit_maps"               , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def nsec3param_rdata[] = {
-	{ "hash_algorithm"              , GETDNS_RDF_I1   },
-	{ "flags"                       , GETDNS_RDF_I1   },
-	{ "iterations"                  , GETDNS_RDF_I2   },
-	{ "salt"                        , GETDNS_RDF_X_C  }};
+	{ "hash_algorithm"              , GETDNS_RDF_I1     , NULL },
+	{ "flags"                       , GETDNS_RDF_I1     , NULL },
+	{ "iterations"                  , GETDNS_RDF_I2     , NULL },
+	{ "salt"                        , GETDNS_RDF_X_C    , NULL }};
 static _getdns_rdata_def       tlsa_rdata[] = {
-	{ "certificate_usage"           , GETDNS_RDF_I1   },
-	{ "selector"                    , GETDNS_RDF_I1   },
-	{ "matching_type"               , GETDNS_RDF_I1   },
-	{ "certificate_association_data", GETDNS_RDF_X    }};
+	{ "certificate_usage"           , GETDNS_RDF_I1     , NULL },
+	{ "selector"                    , GETDNS_RDF_I1     , NULL },
+	{ "matching_type"               , GETDNS_RDF_I1     , NULL },
+	{ "certificate_association_data", GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def        hip_rdata[] = {
 	{ "pk_algorithm"                , GETDNS_RDF_SPECIAL, &hip_pk_algorithm },
 	{ "hit"                         , GETDNS_RDF_SPECIAL, &hip_hit },
 	{ "public_key"                  , GETDNS_RDF_SPECIAL, &hip_public_key },
-	{ "rendezvous_servers"          , GETDNS_RDF_N_M  }};
+	{ "rendezvous_servers"          , GETDNS_RDF_N_M    , NULL }};
 static _getdns_rdata_def        csync_rdata[] = {
-	{ "serial"                      , GETDNS_RDF_I4   },
-	{ "flags"                       , GETDNS_RDF_I2   },
-	{ "type_bit_maps"               , GETDNS_RDF_X    }};
+	{ "serial"                      , GETDNS_RDF_I4     , NULL },
+	{ "flags"                       , GETDNS_RDF_I2     , NULL },
+	{ "type_bit_maps"               , GETDNS_RDF_X      , NULL }};
 static _getdns_rdata_def        spf_rdata[] = {
-	{ "text"                        , GETDNS_RDF_S_M  }};
+	{ "text"                        , GETDNS_RDF_S_M    , NULL }};
 static _getdns_rdata_def        nid_rdata[] = {
-	{ "preference"                  , GETDNS_RDF_I2   },
-	{ "node_id"                     , GETDNS_RDF_AA   }};
+	{ "preference"                  , GETDNS_RDF_I2     , NULL },
+	{ "node_id"                     , GETDNS_RDF_AA     , NULL }};
 static _getdns_rdata_def        l32_rdata[] = {
-	{ "preference"                  , GETDNS_RDF_I2   },
-	{ "locator32"                   , GETDNS_RDF_A    }};
+	{ "preference"                  , GETDNS_RDF_I2     , NULL },
+	{ "locator32"                   , GETDNS_RDF_A      , NULL }};
 static _getdns_rdata_def        l64_rdata[] = {
-	{ "preference"                  , GETDNS_RDF_I2   },
-	{ "locator64"                   , GETDNS_RDF_AA   }};
+	{ "preference"                  , GETDNS_RDF_I2     , NULL },
+	{ "locator64"                   , GETDNS_RDF_AA     , NULL }};
 static _getdns_rdata_def         lp_rdata[] = {
-	{ "preference"                  , GETDNS_RDF_I2   },
-	{ "fqdn"                        , GETDNS_RDF_N    }};
+	{ "preference"                  , GETDNS_RDF_I2     , NULL },
+	{ "fqdn"                        , GETDNS_RDF_N      , NULL }};
 static _getdns_rdata_def      eui48_rdata[] = {
-	{ "eui48_address"               , GETDNS_RDF_X6   }};
+	{ "eui48_address"               , GETDNS_RDF_X6     , NULL }};
 static _getdns_rdata_def      eui64_rdata[] = {
-	{ "eui64_address"               , GETDNS_RDF_X8   }};
+	{ "eui64_address"               , GETDNS_RDF_X8     , NULL }};
 static _getdns_rdata_def       tkey_rdata[] = {
-	{ "algorithm"                   , GETDNS_RDF_N    },
-	{ "inception"                   , GETDNS_RDF_T    },
-	{ "expiration"                  , GETDNS_RDF_T    },
-	{ "mode"                        , GETDNS_RDF_I2   },
-	{ "error"                       , GETDNS_RDF_I2   },
-	{ "key_data"                    , GETDNS_RDF_X_S  },
-	{ "other_data"                  , GETDNS_RDF_X_S  }};
+	{ "algorithm"                   , GETDNS_RDF_N      , NULL },
+	{ "inception"                   , GETDNS_RDF_T      , NULL },
+	{ "expiration"                  , GETDNS_RDF_T      , NULL },
+	{ "mode"                        , GETDNS_RDF_I2     , NULL },
+	{ "error"                       , GETDNS_RDF_I2     , NULL },
+	{ "key_data"                    , GETDNS_RDF_X_S    , NULL },
+	{ "other_data"                  , GETDNS_RDF_X_S    , NULL }};
 static _getdns_rdata_def       tsig_rdata[] = {
-	{ "algorithm"                   , GETDNS_RDF_N    },
-	{ "time_signed"                 , GETDNS_RDF_T6   },
-	{ "fudge"                       , GETDNS_RDF_I2   },
-	{ "mac"                         , GETDNS_RDF_X_S  },
-	{ "original_id"                 , GETDNS_RDF_I2   },
-	{ "error"                       , GETDNS_RDF_I2   },
-	{ "other_data"                  , GETDNS_RDF_X_S  }};
+	{ "algorithm"                   , GETDNS_RDF_N      , NULL },
+	{ "time_signed"                 , GETDNS_RDF_T6     , NULL },
+	{ "fudge"                       , GETDNS_RDF_I2     , NULL },
+	{ "mac"                         , GETDNS_RDF_X_S    , NULL },
+	{ "original_id"                 , GETDNS_RDF_I2     , NULL },
+	{ "error"                       , GETDNS_RDF_I2     , NULL },
+	{ "other_data"                  , GETDNS_RDF_X_S    , NULL }};
 static _getdns_rdata_def        uri_rdata[] = {
-	{ "priority"                    , GETDNS_RDF_I2   },
-	{ "weight"                      , GETDNS_RDF_I2   },
-	{ "target"                      , GETDNS_RDF_S_L  }};
+	{ "priority"                    , GETDNS_RDF_I2     , NULL },
+	{ "weight"                      , GETDNS_RDF_I2     , NULL },
+	{ "target"                      , GETDNS_RDF_S_L    , NULL }};
 static _getdns_rdata_def        caa_rdata[] = {
-	{ "flags"                       , GETDNS_RDF_I1   },
-	{ "tag"                         , GETDNS_RDF_S    },
-	{ "value"                       , GETDNS_RDF_S_L  }};
+	{ "flags"                       , GETDNS_RDF_I1     , NULL },
+	{ "tag"                         , GETDNS_RDF_S      , NULL },
+	{ "value"                       , GETDNS_RDF_S_L    , NULL }};
 static _getdns_rdata_def        dlv_rdata[] = {
-	{ "key_tag"                     , GETDNS_RDF_I2   },
-	{ "algorithm"                   , GETDNS_RDF_I1   },
-	{ "digest_type"                 , GETDNS_RDF_I1   },
-	{ "digest"                      , GETDNS_RDF_X    }};
+	{ "key_tag"                     , GETDNS_RDF_I2     , NULL },
+	{ "algorithm"                   , GETDNS_RDF_I1     , NULL },
+	{ "digest_type"                 , GETDNS_RDF_I1     , NULL },
+	{ "digest"                      , GETDNS_RDF_X      , NULL }};
 
 static _getdns_rr_def _getdns_rr_defs[] = {
 	{         NULL,             NULL, 0                      },
diff --git a/src/rr-dict.h b/src/rr-dict.h
index 6ab52b88..e19e0387 100644
--- a/src/rr-dict.h
+++ b/src/rr-dict.h
@@ -138,7 +138,7 @@ typedef struct _getdns_rdata_def {
 typedef struct _getdns_rr_def {
 	const char              *name;
 	const _getdns_rdata_def *rdata;
-	int                      n_rdata_fields;
+	size_t                   n_rdata_fields;
 } _getdns_rr_def;
 
 const _getdns_rr_def *_getdns_rr_def_lookup(uint16_t rr_type);
diff --git a/src/rr-iter.c b/src/rr-iter.c
index 9b332603..24c71799 100644
--- a/src/rr-iter.c
+++ b/src/rr-iter.c
@@ -75,7 +75,7 @@ find_rrtype(_getdns_rr_iter *i)
 
 	/* Past the last RR in the pkt */
 	if (i->pkt &&
-	    GLDNS_QDCOUNT(i->pkt) + GLDNS_ANCOUNT(i->pkt) +
+	    (size_t)GLDNS_QDCOUNT(i->pkt) + GLDNS_ANCOUNT(i->pkt) +
 	    GLDNS_NSCOUNT(i->pkt) + GLDNS_ARCOUNT(i->pkt) <= i->n)
 		goto done;
 
diff --git a/src/rr-iter.h b/src/rr-iter.h
index d657d484..042afb2d 100644
--- a/src/rr-iter.h
+++ b/src/rr-iter.h
@@ -88,13 +88,13 @@ _getdns_rr_iter_section(_getdns_rr_iter *i)
 {
 	return !i->pkt ? (i->nxt - i->rr_type == 4 ? SECTION_QUESTION
 	                                           : SECTION_ANSWER  )
-             : i->n < GLDNS_QDCOUNT(i->pkt) ? SECTION_QUESTION
-	     : i->n < GLDNS_QDCOUNT(i->pkt)
+             : i->n < (size_t)GLDNS_QDCOUNT(i->pkt) ? SECTION_QUESTION
+	     : i->n < (size_t)GLDNS_QDCOUNT(i->pkt)
 	            + GLDNS_ANCOUNT(i->pkt) ? SECTION_ANSWER
-	     : i->n < GLDNS_QDCOUNT(i->pkt)
+	     : i->n < (size_t)GLDNS_QDCOUNT(i->pkt)
 	            + GLDNS_ANCOUNT(i->pkt)
 	            + GLDNS_NSCOUNT(i->pkt) ? SECTION_AUTHORITY
-	     : i->n < GLDNS_QDCOUNT(i->pkt)
+	     : i->n < (size_t)GLDNS_QDCOUNT(i->pkt)
 	            + GLDNS_ANCOUNT(i->pkt)
 	            + GLDNS_NSCOUNT(i->pkt)
 	            + GLDNS_ARCOUNT(i->pkt) ? SECTION_ADDITIONAL
diff --git a/src/stub.c b/src/stub.c
index 4aa14dae..9af045ae 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -663,7 +663,7 @@ stub_tcp_read(int fd, getdns_tcp_state *tcp, struct mem_funcs *mf)
 		tcp->to_read = 2; /* Packet size */
 	}
 	read = recv(fd, (void *)tcp->read_pos, tcp->to_read, 0);
-	if (read == -1) {
+	if (read < 0) {
 		if (_getdns_EWOULDBLOCK)
 			return STUB_TCP_WOULDBLOCK;
 		else
@@ -672,7 +672,7 @@ stub_tcp_read(int fd, getdns_tcp_state *tcp, struct mem_funcs *mf)
 		/* Remote end closed the socket */
 		/* TODO: Try to reconnect */
 		return STUB_TCP_ERROR;
-	} else if (read> tcp->to_read) {
+	} else if ((size_t)read > tcp->to_read) {
 		return STUB_TCP_ERROR;
 	}
 	tcp->to_read  -= read;
@@ -780,12 +780,12 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 		    (struct sockaddr *)&(netreq->upstream->addr),
 		    netreq->upstream->addr_len);
 #endif
-		if ((written == -1 && (_getdns_EWOULDBLOCK ||
+		if ((written < 0 && (_getdns_EWOULDBLOCK ||
 		/* Add the error case where the connection is in progress which is when
 		   a cookie is not available (e.g. when doing the first request to an
 		   upstream). We must let the handshake complete since non-blocking. */
 		                       _getdns_EINPROGRESS)) ||
-		     written  < pkt_len + 2) {
+		     (size_t)written < pkt_len + 2) {
 
 			/* We couldn't write the whole packet.
 			 * We have to return with STUB_TCP_AGAIN.
diff --git a/src/sync.c b/src/sync.c
index d100afb8..bfec94c6 100644
--- a/src/sync.c
+++ b/src/sync.c
@@ -151,6 +151,7 @@ getdns_sync_cb(getdns_context *context, getdns_callback_type_t callback_type,
     getdns_dict *response, void *userarg, getdns_transaction_t transaction_id)
 {
 	getdns_sync_data *data = (getdns_sync_data *)userarg;
+	(void)context; (void)callback_type; (void)transaction_id;
 
 	assert(data);
 
diff --git a/src/types-internal.h b/src/types-internal.h
index bf7bfd7e..b321bafa 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -110,7 +110,7 @@ struct getdns_upstream;
 #define GETDNS_STR_KEY_NSCOUNT "nscount"
 #define GETDNS_STR_KEY_ARCOUNT "arcount"
 
-#define TIMEOUT_FOREVER ((int64_t)-1)
+#define TIMEOUT_FOREVER ((uint64_t)0xFFFFFFFFFFFFFFFF)
 #define ASSERT_UNREACHABLE 0
 
 #define GETDNS_TRANSPORTS_MAX 3
diff --git a/src/ub_loop.c b/src/ub_loop.c
index ddf59c68..c69d9070 100644
--- a/src/ub_loop.c
+++ b/src/ub_loop.c
@@ -353,6 +353,7 @@ static int my_timer_del(struct ub_event* ev)
 
 static int my_signal_add(struct ub_event* ub_ev, struct timeval* tv)
 {
+	(void)ub_ev; (void)tv;
 	/* Only unbound daaemon workers use signals */
 	DEBUG_SCHED("UB_LOOP ERROR: signal_add()\n");
 	return -1;
@@ -360,6 +361,7 @@ static int my_signal_add(struct ub_event* ub_ev, struct timeval* tv)
 
 static int my_signal_del(struct ub_event* ub_ev)
 {
+	(void)ub_ev;
 	/* Only unbound daaemon workers use signals */
 	DEBUG_SCHED("UB_LOOP ERROR: signal_del()\n");
 	return -1;
@@ -412,7 +414,7 @@ static struct ub_event* my_event_new(struct ub_event_base* base, int fd,
 	ev->added = 0;
 	ev->fd = fd;
 	ev->bits = bits;
-	ev->timeout = (uint64_t)-1;
+	ev->timeout = 0xFFFFFFFFFFFFFFFF;
 	ev->cb = cb;
 	ev->arg = arg;
 #ifdef USE_WINSOCK
diff --git a/src/util-internal.c b/src/util-internal.c
index 6934958d..2d11dabe 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -890,7 +890,7 @@ static int _srv_cmp(const void *a, const void *b)
 
 static void _rfc2782_sort(_srv_rr *start, _srv_rr *end)
 {
-	int running_sum, n;
+	uint32_t running_sum, n;
 	_srv_rr *i, *j, swap;
 
 	/* First move all SRVs with weight 0 to the beginning of the list */
@@ -1253,6 +1253,8 @@ getdns_return_t
 getdns_apply_network_result(getdns_network_req* netreq,
     int rcode, void *pkt, int pkt_len, int sec, char* why_bogus)
 {
+	(void)why_bogus;
+
 	netreq->dnssec_status = sec == 0 ? GETDNS_DNSSEC_INSECURE
 	                      : sec == 2 ? GETDNS_DNSSEC_SECURE
 			      :            GETDNS_DNSSEC_BOGUS;

From a5748be5fbdf4ff034217d01203b308b9ef27e08 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 14:39:38 +0100
Subject: [PATCH 048/249] Unit test fixes for CFLAGS=-Wextra

---
 src/test/check_getdns.c                     | 2 +-
 src/test/check_getdns_cancel_callback.h     | 3 +++
 src/test/check_getdns_common.c              | 4 +++-
 src/test/check_getdns_context_destroy.h     | 1 +
 src/test/check_getdns_context_set_timeout.c | 1 +
 src/test/check_getdns_dict_get_names.h      | 2 +-
 src/test/check_getdns_libev.c               | 1 +
 src/test/check_getdns_libevent.c            | 1 +
 src/test/check_getdns_libuv.c               | 1 +
 src/test/check_getdns_selectloop.c          | 2 ++
 src/test/check_getdns_transport.c           | 2 ++
 src/test/tests_dict.c                       | 4 ++--
 src/test/tests_list.c                       | 2 +-
 src/test/tests_stub_async.c                 | 2 ++
 14 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/src/test/check_getdns.c b/src/test/check_getdns.c
index e5974d1d..f2dff1fa 100644
--- a/src/test/check_getdns.c
+++ b/src/test/check_getdns.c
@@ -75,7 +75,7 @@
 
 
 int
-main (int argc, char** argv)
+main ()
 {
   int number_failed;
   SRunner *sr ;
diff --git a/src/test/check_getdns_cancel_callback.h b/src/test/check_getdns_cancel_callback.h
index 7ad31b46..08331771 100644
--- a/src/test/check_getdns_cancel_callback.h
+++ b/src/test/check_getdns_cancel_callback.h
@@ -451,6 +451,8 @@
          void *userarg,
          getdns_transaction_t transaction_id)
      {
+       (void)context; (void)response; (void)userarg;
+
        callback_called++;
 
        if(callback_type == GETDNS_CALLBACK_CANCEL)
@@ -483,6 +485,7 @@
      */
      void verify_getdns_cancel_callback(struct extracted_response *ex_response)
      {
+       (void)ex_response;
        /*
         *  increment callback_called global to prove callback was called.
         */
diff --git a/src/test/check_getdns_common.c b/src/test/check_getdns_common.c
index 79f177a9..87f0727e 100644
--- a/src/test/check_getdns_common.c
+++ b/src/test/check_getdns_common.c
@@ -320,6 +320,7 @@ void destroy_callbackfn(struct getdns_context *context,
                         void *userarg,
                         getdns_transaction_t transaction_id) {
     int* flag = (int*)userarg;
+    (void)callback_type; (void)transaction_id;
     *flag = 1;
     getdns_dict_destroy(response);
     getdns_context_destroy(context);
@@ -339,6 +340,7 @@ void callbackfn(struct getdns_context *context,
 {
   typedef void (*fn_ptr)(struct extracted_response *ex_response);
   fn_ptr fn = userarg;
+  (void)context; (void)transaction_id;
 
   /*
    *  If userarg is NULL, either a negative test case
@@ -378,7 +380,7 @@ void callbackfn(struct getdns_context *context,
 void update_callbackfn(struct getdns_context *context,
                 getdns_context_code_t changed_item)
 {
-
+  (void)context;
   ck_assert_msg(changed_item == expected_changed_item,
     "Expected changed_item == %d, got %d",
     changed_item, expected_changed_item);
diff --git a/src/test/check_getdns_context_destroy.h b/src/test/check_getdns_context_destroy.h
index 52b28456..381da9f8 100644
--- a/src/test/check_getdns_context_destroy.h
+++ b/src/test/check_getdns_context_destroy.h
@@ -267,6 +267,7 @@
 
      void verify_getdns_context_destroy(struct extracted_response *ex_response)
      {
+       (void)ex_response;
        /*
         * Sleep for a second to make getdns_context_destroy() wait.
         */
diff --git a/src/test/check_getdns_context_set_timeout.c b/src/test/check_getdns_context_set_timeout.c
index f588445a..26d25aa5 100644
--- a/src/test/check_getdns_context_set_timeout.c
+++ b/src/test/check_getdns_context_set_timeout.c
@@ -243,6 +243,7 @@ void timeout_3_cb(struct getdns_context *context,
                   getdns_callback_type_t callback_type,
                   struct getdns_dict * response,
                   void *userarg, getdns_transaction_t transaction_id) {
+    (void)response; (void)transaction_id;
     timeout_thread_data *tdata = (timeout_thread_data*)userarg;
     tdata->num_callbacks++;
     if (callback_type == GETDNS_CALLBACK_TIMEOUT) {
diff --git a/src/test/check_getdns_dict_get_names.h b/src/test/check_getdns_dict_get_names.h
index 46f06f0a..0881ad0f 100644
--- a/src/test/check_getdns_dict_get_names.h
+++ b/src/test/check_getdns_dict_get_names.h
@@ -79,7 +79,7 @@
       struct getdns_list *answer = NULL;
       char *keys[3] = { "ten", "eleven", "twelve" };
       uint32_t values[3] = { 10, 11, 12 };
-      int i;
+      size_t i;
       size_t length;
       struct getdns_bindata *key = NULL;
       char string_buffer[20] = "";
diff --git a/src/test/check_getdns_libev.c b/src/test/check_getdns_libev.c
index 9120cf5a..5523f126 100644
--- a/src/test/check_getdns_libev.c
+++ b/src/test/check_getdns_libev.c
@@ -46,6 +46,7 @@
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
     struct ev_loop* loop = (struct ev_loop*) eventloop;
+    (void)context;
     ev_run(loop, 0);
 }
 
diff --git a/src/test/check_getdns_libevent.c b/src/test/check_getdns_libevent.c
index 304f42ef..e9316b6f 100644
--- a/src/test/check_getdns_libevent.c
+++ b/src/test/check_getdns_libevent.c
@@ -42,6 +42,7 @@
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
     struct event_base* base = (struct event_base*) eventloop;
+    (void)context;
     event_base_dispatch(base);
 }
 
diff --git a/src/test/check_getdns_libuv.c b/src/test/check_getdns_libuv.c
index 3d830445..b7d50e72 100644
--- a/src/test/check_getdns_libuv.c
+++ b/src/test/check_getdns_libuv.c
@@ -42,6 +42,7 @@
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
     uv_loop_t* loop = (uv_loop_t*) eventloop;
+    (void)context;
     uv_run(loop, UV_RUN_DEFAULT);
 }
 
diff --git a/src/test/check_getdns_selectloop.c b/src/test/check_getdns_selectloop.c
index b80f1ffd..c315b30c 100644
--- a/src/test/check_getdns_selectloop.c
+++ b/src/test/check_getdns_selectloop.c
@@ -37,9 +37,11 @@
 #include "getdns/getdns_extra.h"
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
+	(void)eventloop;
  	getdns_context_run(context);
 }
 
 void* create_eventloop_impl(struct getdns_context* context) {
+    (void)context;
     return NULL;
 }
diff --git a/src/test/check_getdns_transport.c b/src/test/check_getdns_transport.c
index 7d97c27c..4b93fdd1 100644
--- a/src/test/check_getdns_transport.c
+++ b/src/test/check_getdns_transport.c
@@ -193,6 +193,8 @@ void transport_cb(struct getdns_context *context,
   struct getdns_dict * response,
   void *userarg, getdns_transaction_t transaction_id) {
   /* Don't really care about the answer*/
+  (void)context; (void)callback_type; (void)response;
+  (void)userarg; (void)transaction_id;
   return;
 }
 
diff --git a/src/test/tests_dict.c b/src/test/tests_dict.c
index 4be804f5..963ba7b4 100644
--- a/src/test/tests_dict.c
+++ b/src/test/tests_dict.c
@@ -214,7 +214,7 @@ tst_getnames(void)
 	size_t index;
 	size_t llen;
 	uint32_t ansint;
-	int i;
+	size_t i;
 	getdns_return_t result;
 	getdns_data_type dtype;
 	struct getdns_dict *dict = NULL;
@@ -508,7 +508,7 @@ tst_create(void)
  *  runs unit tests against list management routines
  */
 int
-main(int argc, char *argv[])
+main()
 {
 	tstmsg_prog_begin("tests_dict");
 
diff --git a/src/test/tests_list.c b/src/test/tests_list.c
index c8a68bd8..ab9a98cf 100644
--- a/src/test/tests_list.c
+++ b/src/test/tests_list.c
@@ -404,7 +404,7 @@ tst_create(void)
  *  runs unit tests against list management routines
  */
 int
-main(int argc, char *argv[])
+main()
 {
 	tstmsg_prog_begin("tests_list");
 
diff --git a/src/test/tests_stub_async.c b/src/test/tests_stub_async.c
index a5b3c995..79a8029c 100644
--- a/src/test/tests_stub_async.c
+++ b/src/test/tests_stub_async.c
@@ -57,6 +57,8 @@ this_callbackfn(struct getdns_context *this_context,
 	struct getdns_dict *this_response,
 	void *this_userarg, getdns_transaction_t this_transaction_id)
 {
+	(void)this_context; (void)this_userarg;
+
 	if (this_callback_type == GETDNS_CALLBACK_COMPLETE) {	/* This is a callback with data */
 		char *res = getdns_pretty_print_dict(this_response);
 		fprintf(stdout, "%s\n", res);

From 3629d558cdf8831eb54d5944fb478759621c742f Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 14:40:06 +0100
Subject: [PATCH 049/249] getdns_query fixes for CFLAGS=-Wextra

---
 .../getdns_context_set_listen_addresses.c     | 10 ++---
 src/test/getdns_query.c                       | 20 +++++-----
 src/test/getdns_str2dict.c                    | 37 ++++++++++---------
 3 files changed, 35 insertions(+), 32 deletions(-)

diff --git a/src/test/getdns_context_set_listen_addresses.c b/src/test/getdns_context_set_listen_addresses.c
index 9246b640..03ac6340 100644
--- a/src/test/getdns_context_set_listen_addresses.c
+++ b/src/test/getdns_context_set_listen_addresses.c
@@ -101,9 +101,9 @@ typedef struct tcp_connection {
 	getdns_eventloop_event  event;
 
 	uint8_t                *read_buf;
-	size_t                  read_buf_len;
+	ssize_t                 read_buf_len;
 	uint8_t                *read_pos;
-	size_t                  to_read;
+	ssize_t                 to_read;
 
 	tcp_to_write           *to_write;
 	size_t                  to_answer;
@@ -331,7 +331,7 @@ static void tcp_read_cb(void *userarg)
 	(void) loop->vmt->schedule(loop, conn->fd,
 	    DOWNSTREAM_IDLE_TIMEOUT, &conn->event);
 
-	if ((bytes_read = read(conn->fd, conn->read_pos, conn->to_read)) == -1) {
+	if ((bytes_read = read(conn->fd, conn->read_pos, conn->to_read)) < 0) {
 		if (errno == EAGAIN || errno == EWOULDBLOCK)
 			return; /* Come back to do the read later */
 
@@ -705,9 +705,9 @@ static getdns_return_t add_listeners(listen_set *set)
 			break;
 
 		if (setsockopt(l->fd, SOL_SOCKET, SO_REUSEADDR,
-		    &enable, sizeof(int)) < 0)
+		    &enable, sizeof(int)) < 0) {
 			; /* Ignore */
-
+		}
 		if (bind(l->fd, (struct sockaddr *)&l->addr,
 		    l->addr_len) == -1)
 			/* IO error */
diff --git a/src/test/getdns_query.c b/src/test/getdns_query.c
index 5c98d8f9..4e8b2d4a 100644
--- a/src/test/getdns_query.c
+++ b/src/test/getdns_query.c
@@ -122,8 +122,8 @@ static int get_rrclass(const char *t)
 }
 
 static getdns_return_t
-fill_transport_list(getdns_context *context, char *transport_list_str, 
-                    getdns_transport_list_t *transports, size_t *transport_count)
+fill_transport_list(char *transport_list_str,
+    getdns_transport_list_t *transports, size_t *transport_count)
 {
 	size_t max_transports = *transport_count;
 	*transport_count = 0;
@@ -334,6 +334,7 @@ void callback(getdns_context *context, getdns_callback_type_t callback_type,
     getdns_dict *response, void *userarg, getdns_transaction_t trans_id)
 {
 	char *response_str;
+	(void)context; (void)userarg;
 
 	/* This is a callback with data */;
 	if (response && !quiet && (response_str = json ?
@@ -475,7 +476,8 @@ static void parse_config(const char *config_str)
 getdns_return_t parse_args(int argc, char **argv)
 {
 	getdns_return_t r = GETDNS_RETURN_GOOD;
-	size_t i, j, klass;
+	size_t j;
+	int i, klass;
 	char *arg, *c, *endptr;
 	int t, print_api_info = 0, print_trust_anchors = 0;
 	getdns_list *upstream_list = NULL;
@@ -622,7 +624,7 @@ getdns_return_t parse_args(int argc, char **argv)
 				}
 				rewind(fh);
 				if (fread(config_file, 1, config_file_sz, fh)
-				    != config_file_sz) {
+				    != (size_t)config_file_sz) {
 					fprintf(stderr, "An error occurred whil"
 					    "e reading \"%s\": %s\n",argv[i],
 					    strerror(errno));
@@ -913,7 +915,7 @@ getdns_return_t parse_args(int argc, char **argv)
 				}
 				getdns_transport_list_t transports[10];
 				size_t transport_count = sizeof(transports);
-				if ((r = fill_transport_list(context, argv[i], transports, &transport_count)) ||
+				if ((r = fill_transport_list(argv[i], transports, &transport_count)) ||
 				    (r = getdns_context_set_dns_transport_list(context, 
 				                                               transport_count, transports))){
 						fprintf(stderr, "Could not set transports\n");
@@ -983,13 +985,13 @@ next:		;
 	if (pubkey_pinset && upstream_count) {
 		getdns_dict *upstream;
 		/* apply the accumulated pubkey pinset to all upstreams: */
-		for (i = 0; i < upstream_count; i++) {
-			if (r = getdns_list_get_dict(upstream_list, i, &upstream), r) {
-				fprintf(stderr, "Failed to get upstream "PRIsz" when adding pinset\n", i);
+		for (j = 0; j < upstream_count; j++) {
+			if (r = getdns_list_get_dict(upstream_list, j, &upstream), r) {
+				fprintf(stderr, "Failed to get upstream "PRIsz" when adding pinset\n", j);
 				return r;
 			}
 			if (r = getdns_dict_set_list(upstream, "tls_pubkey_pinset", pubkey_pinset), r) {
-				fprintf(stderr, "Failed to set pubkey pinset on upstream "PRIsz"\n", i);
+				fprintf(stderr, "Failed to set pubkey pinset on upstream "PRIsz"\n", j);
 				return r;
 			}
 		}
diff --git a/src/test/getdns_str2dict.c b/src/test/getdns_str2dict.c
index f80df99e..3c894ee6 100644
--- a/src/test/getdns_str2dict.c
+++ b/src/test/getdns_str2dict.c
@@ -224,7 +224,7 @@ static int _jsmn_get_ipdict(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 	char value_str[3072];
 	int size = t->end - t->start;
 
-	if (size <= 0 || size >= sizeof(value_str))
+	if (size <= 0 || size >= (int)sizeof(value_str))
 		return 0;
 
 	(void) memcpy(value_str, js + t->start, size);
@@ -237,7 +237,8 @@ static int _jsmn_get_ipdict(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 static int _jsmn_get_data(struct mem_funcs *mf, const char *js, jsmntok_t *t,
     getdns_bindata **value)
 {
-	size_t i, j;
+	int i;
+	size_t j;
 	uint8_t h, l;
 
 	if ((t->end - t->start) < 4 || (t->end - t->start) % 2 == 1 ||
@@ -273,13 +274,13 @@ static int _jsmn_get_data(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 	return 1;
 }
 
-static int _jsmn_get_dname(struct mem_funcs *mf, const char *js, jsmntok_t *t,
+static int _jsmn_get_dname(const char *js, jsmntok_t *t,
     getdns_bindata **value)
 {
 	char value_str[1025];
 	int size = t->end - t->start;
 
-	if (size <= 0 || size >= sizeof(value_str) || js[t->end - 1] != '.')
+	if (size <= 0 || size >= (int)sizeof(value_str) || js[t->end - 1] != '.')
 		return 0;
 
 	(void) memcpy(value_str, js + t->start, size);
@@ -295,7 +296,7 @@ static int _jsmn_get_ipv4(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 	int size = t->end - t->start;
 	uint8_t buf[4];
 
-	if (size <= 0 || size >= sizeof(value_str))
+	if (size <= 0 || size >= (int)sizeof(value_str))
 		return 0;
 
 	(void) memcpy(value_str, js + t->start, size);
@@ -325,7 +326,7 @@ static int _jsmn_get_ipv6(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 	int size = t->end - t->start;
 	uint8_t buf[16];
 
-	if (size <= 0 || size >= sizeof(value_str))
+	if (size <= 0 || size >= (int)sizeof(value_str))
 		return 0;
 
 	(void) memcpy(value_str, js + t->start, size);
@@ -348,14 +349,13 @@ static int _jsmn_get_ipv6(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 	return 0;
 }
 
-static int _jsmn_get_int(struct mem_funcs *mf, const char *js, jsmntok_t *t,
-    uint32_t *value)
+static int _jsmn_get_int(const char *js, jsmntok_t *t, uint32_t *value)
 {
 	char value_str[11];
 	int size = t->end - t->start;
 	char *endptr;
 
-	if (size <= 0 || size >= sizeof(value_str))
+	if (size <= 0 || size >= (int)sizeof(value_str))
 		return 0;
 
 	(void) memcpy(value_str, js + t->start, size);
@@ -367,13 +367,12 @@ static int _jsmn_get_int(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 
 static int _getdns_get_const_name_info(const char *name, uint32_t *code);
 
-static int _jsmn_get_const(struct mem_funcs *mf, const char *js, jsmntok_t *t,
-    uint32_t *value)
+static int _jsmn_get_const(const char *js, jsmntok_t *t, uint32_t *value)
 {
 	char value_str[80];
 	int size = t->end - t->start;
 
-	if (size <= 0 || size >= sizeof(value_str))
+	if (size <= 0 || size >= (int)sizeof(value_str))
 		return 0;
 
 	(void) memcpy(value_str, js + t->start, size);
@@ -407,7 +406,8 @@ static int _jsmn_get_item(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 static int _jsmn_get_dict(struct mem_funcs *mf, const char *js, jsmntok_t *t,
     size_t count, getdns_dict *dict, getdns_return_t *r)
 {
-	size_t i, j = 1;
+	int i;
+	size_t j = 1;
 	char key_spc[1024], *key = NULL;
 	getdns_item child_item;
 
@@ -427,7 +427,7 @@ static int _jsmn_get_dict(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 			*r = GETDNS_RETURN_GENERIC_ERROR; /* range error */
 			break;
 		}
-		if (t[j].end - t[j].start < sizeof(key_spc))
+		if (t[j].end - t[j].start < (int)sizeof(key_spc))
 			key = key_spc;
 
 		else if (!(key = GETDNS_XMALLOC(
@@ -485,7 +485,8 @@ static int _jsmn_get_dict(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 static int _jsmn_get_list(struct mem_funcs *mf, const char *js, jsmntok_t *t,
     size_t count, getdns_list *list, getdns_return_t *r)
 {
-	size_t i, j = 1, index = 0;
+	int i;
+	size_t j = 1, index = 0;
 	getdns_item child_item;
 
 	if (t->size <= 0)
@@ -564,13 +565,13 @@ static int _jsmn_get_item(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 			*r = GETDNS_RETURN_GENERIC_ERROR;
 			break;
 
-		} else if (_jsmn_get_int(mf, js, t, &item->data.n)
-		    || _jsmn_get_const(mf, js, t, &item->data.n)) {
+		} else if (_jsmn_get_int(js, t, &item->data.n)
+		    || _jsmn_get_const(js, t, &item->data.n)) {
 
 			item->dtype = t_int;
 		}
 		else if (_jsmn_get_data(mf, js, t, &item->data.bindata)
-		    || _jsmn_get_dname(mf, js, t,  &item->data.bindata)
+		    || _jsmn_get_dname(js, t,  &item->data.bindata)
 		    || _jsmn_get_ipv4(mf, js, t,  &item->data.bindata)
 		    || _jsmn_get_ipv6(mf, js, t,  &item->data.bindata))
 

From 743e04bfd632368872eb6173639c507b9c2bc833 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 14:44:24 +0100
Subject: [PATCH 050/249] Replace ((uint64_t)-1) with TIMEOUT_FOREVER

---
 src/extension/default_eventloop.c | 9 +++++----
 src/ub_loop.c                     | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 671c3955..b05d8ec3 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -27,6 +27,7 @@
 
 #include "extension/default_eventloop.h"
 #include "debug.h"
+#include "types-internal.h"
 
 static uint64_t get_now_plus(uint64_t amount)
 {
@@ -40,7 +41,7 @@ static uint64_t get_now_plus(uint64_t amount)
 	now = tv.tv_sec * 1000000 + tv.tv_usec;
 
 	return (now + amount * 1000) >= now
-	      ? now + amount * 1000 : 0xFFFFFFFFFFFFFFFF;
+	      ? now + amount * 1000 : TIMEOUT_FOREVER;
 }
 
 static getdns_return_t
@@ -183,7 +184,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 
 	fd_set   readfds, writefds;
 	int      fd, max_fd = -1;
-	uint64_t now, timeout = 0xFFFFFFFFFFFFFFFF;
+	uint64_t now, timeout = TIMEOUT_FOREVER;
 	size_t   i;
 	struct timeval tv;
 
@@ -214,7 +215,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		if (default_loop->fd_timeout_times[fd] < timeout)
 			timeout = default_loop->fd_timeout_times[fd];
 	}
-	if (max_fd == -1 && timeout == 0xFFFFFFFFFFFFFFFF)
+	if (max_fd == -1 && timeout == TIMEOUT_FOREVER)
 		return;
 
 	if (! blocking || now > timeout) {
@@ -225,7 +226,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		tv.tv_usec = (timeout - now) % 1000000;
 	}
 	if (select(max_fd + 1, &readfds, &writefds, NULL,
-	    (timeout == 0xFFFFFFFFFFFFFFFF ? NULL : &tv)) < 0) {
+	    (timeout == TIMEOUT_FOREVER ? NULL : &tv)) < 0) {
 		perror("select() failed");
 		exit(EXIT_FAILURE);
 	}
diff --git a/src/ub_loop.c b/src/ub_loop.c
index c69d9070..c0040289 100644
--- a/src/ub_loop.c
+++ b/src/ub_loop.c
@@ -414,7 +414,7 @@ static struct ub_event* my_event_new(struct ub_event_base* base, int fd,
 	ev->added = 0;
 	ev->fd = fd;
 	ev->bits = bits;
-	ev->timeout = 0xFFFFFFFFFFFFFFFF;
+	ev->timeout = TIMEOUT_FOREVER;
 	ev->cb = cb;
 	ev->arg = arg;
 #ifdef USE_WINSOCK

From 8f75e4ed8da9218105fd8959073e0ce1652d3632 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 15:17:27 +0100
Subject: [PATCH 051/249] Few more things to work with CFLAGS=-Wextra

---
 src/convert.c            | 34 ++++++++++++++++++----------------
 src/tools/getdns_query.c | 12 +++++++-----
 2 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/src/convert.c b/src/convert.c
index 2fbaaeb9..365227dc 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -1183,7 +1183,7 @@ static int _jsmn_get_ipdict(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 	char value_str[3072];
 	int size = t->end - t->start;
 
-	if (size <= 0 || size >= sizeof(value_str))
+	if (size <= 0 || size >= (int)sizeof(value_str))
 		return 0;
 
 	(void) memcpy(value_str, js + t->start, size);
@@ -1196,7 +1196,8 @@ static int _jsmn_get_ipdict(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 static int _jsmn_get_data(struct mem_funcs *mf, const char *js, jsmntok_t *t,
     getdns_bindata **value)
 {
-	size_t i, j;
+	int i;
+	size_t j;
 	uint8_t h, l;
 
 	if ((t->end - t->start) < 4 || (t->end - t->start) % 2 == 1 ||
@@ -1237,8 +1238,9 @@ static int _jsmn_get_dname(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 {
 	char value_str[1025];
 	int size = t->end - t->start;
+	(void)mf; /* TODO: Fix to use  mf */
 
-	if (size <= 0 || size >= sizeof(value_str) || js[t->end - 1] != '.')
+	if (size <= 0 || size >= (int)sizeof(value_str) || js[t->end - 1] != '.')
 		return 0;
 
 	(void) memcpy(value_str, js + t->start, size);
@@ -1254,7 +1256,7 @@ static int _jsmn_get_ipv4(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 	int size = t->end - t->start;
 	uint8_t buf[4];
 
-	if (size <= 0 || size >= sizeof(value_str))
+	if (size <= 0 || size >= (int)sizeof(value_str))
 		return 0;
 
 	(void) memcpy(value_str, js + t->start, size);
@@ -1284,7 +1286,7 @@ static int _jsmn_get_ipv6(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 	int size = t->end - t->start;
 	uint8_t buf[16];
 
-	if (size <= 0 || size >= sizeof(value_str))
+	if (size <= 0 || size >= (int)sizeof(value_str))
 		return 0;
 
 	(void) memcpy(value_str, js + t->start, size);
@@ -1307,14 +1309,13 @@ static int _jsmn_get_ipv6(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 	return 0;
 }
 
-static int _jsmn_get_int(struct mem_funcs *mf, const char *js, jsmntok_t *t,
-    uint32_t *value)
+static int _jsmn_get_int(const char *js, jsmntok_t *t, uint32_t *value)
 {
 	char value_str[11];
 	int size = t->end - t->start;
 	char *endptr;
 
-	if (size <= 0 || size >= sizeof(value_str))
+	if (size <= 0 || size >= (int)sizeof(value_str))
 		return 0;
 
 	(void) memcpy(value_str, js + t->start, size);
@@ -1324,13 +1325,12 @@ static int _jsmn_get_int(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 	return *value_str != '\0' && *endptr == '\0';
 }
 
-static int _jsmn_get_const(struct mem_funcs *mf, const char *js, jsmntok_t *t,
-    uint32_t *value)
+static int _jsmn_get_const(const char *js, jsmntok_t *t, uint32_t *value)
 {
 	char value_str[80];
 	int size = t->end - t->start;
 
-	if (size <= 0 || size >= sizeof(value_str))
+	if (size <= 0 || size >= (int)sizeof(value_str))
 		return 0;
 
 	(void) memcpy(value_str, js + t->start, size);
@@ -1364,7 +1364,8 @@ static int _jsmn_get_item(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 static int _jsmn_get_dict(struct mem_funcs *mf, const char *js, jsmntok_t *t,
     size_t count, getdns_dict *dict, getdns_return_t *r)
 {
-	size_t i, j = 1;
+	int i;
+	size_t j = 1;
 	char key_spc[1024], *key = NULL;
 	getdns_item child_item;
 
@@ -1384,7 +1385,7 @@ static int _jsmn_get_dict(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 			*r = GETDNS_RETURN_GENERIC_ERROR; /* range error */
 			break;
 		}
-		if (t[j].end - t[j].start < sizeof(key_spc))
+		if (t[j].end - t[j].start < (int)sizeof(key_spc))
 			key = key_spc;
 
 		else if (!(key = GETDNS_XMALLOC(
@@ -1442,7 +1443,8 @@ static int _jsmn_get_dict(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 static int _jsmn_get_list(struct mem_funcs *mf, const char *js, jsmntok_t *t,
     size_t count, getdns_list *list, getdns_return_t *r)
 {
-	size_t i, j = 1, index = 0;
+	int i;
+	size_t j = 1, index = 0;
 	getdns_item child_item;
 
 	if (t->size <= 0)
@@ -1521,8 +1523,8 @@ static int _jsmn_get_item(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 			*r = GETDNS_RETURN_GENERIC_ERROR;
 			break;
 
-		} else if (_jsmn_get_int(mf, js, t, &item->data.n)
-		    || _jsmn_get_const(mf, js, t, &item->data.n)) {
+		} else if (_jsmn_get_int(js, t, &item->data.n)
+		    || _jsmn_get_const(js, t, &item->data.n)) {
 
 			item->dtype = t_int;
 		}
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 3148c568..ecd16c65 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -538,7 +538,7 @@ int parse_config_file(const char *fn, int report_open_failure)
 		return GETDNS_RETURN_MEMORY_ERROR;
 	}
 	rewind(fh);
-	if (fread(config_file, 1, config_file_sz, fh) != config_file_sz) {
+	if (fread(config_file, 1, config_file_sz, fh) != (size_t)config_file_sz) {
 		fprintf( stderr, "An error occurred while reading \"%s\": %s\n"
 		       , fn, strerror(errno));
 		fclose(fh);
@@ -1653,12 +1653,14 @@ main(int argc, char **argv)
 		goto done_destroy_context;
 	}
 	if (i_am_stubby) {
+		int n_chars = snprintf( home_stubby_conf_fn
+		                      , sizeof(home_stubby_conf_fn)
+		                      , "%s/.stubby.conf"
+		                      , getenv("HOME")
+		                      );
 		(void) parse_config(default_stubby_config);
 		(void) parse_config_file("/etc/stubby.conf", 0);
-		if (snprintf( home_stubby_conf_fn, sizeof(home_stubby_conf_fn)
-		            , "%s/.stubby.conf", getenv("HOME")
-			    ) < sizeof(home_stubby_conf_fn)) {
-
+		if (n_chars > 0 && n_chars < (int)sizeof(home_stubby_conf_fn)){
 			(void) parse_config_file(home_stubby_conf_fn, 0);
 		}
 		clear_listen_list_on_arg = 1;

From ce41258b1455593957fe7c8ff9c8d51b3c3cf60a Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 16:26:48 +0100
Subject: [PATCH 052/249] Compile with extra warnings by default

---
 configure.ac | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configure.ac b/configure.ac
index 282b3990..ea2f1ab7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -98,6 +98,7 @@ CFLAGS="$CFLAGS"
 AC_PROG_CC_C99
 AX_CHECK_COMPILE_FLAG([-xc99],[CFLAGS="$CFLAGS -xc99"],[],[])
 AX_CHECK_COMPILE_FLAG([-Wall],[CFLAGS="$CFLAGS -Wall"],[],[])
+AX_CHECK_COMPILE_FLAG([-Wall],[CFLAGS="$CFLAGS -Wextra"],[],[])
 
 case "$host_os" in
   linux* ) CFLAGS="$CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE"

From 39f854d2b3fc7a5f40c669e715799bdc61510ea7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 16:27:43 +0100
Subject: [PATCH 053/249] Fixes for pedantic warnings

---
 src/extension/default_eventloop.c | 13 +++++++++++--
 src/test/getdns_query.c           |  3 +++
 src/types-internal.h              | 32 +++++++++++++++----------------
 src/ub_loop.c                     |  4 ++--
 4 files changed, 32 insertions(+), 20 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index b05d8ec3..e83d9b89 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -83,7 +83,7 @@ default_eventloop_schedule(getdns_eventloop *loop,
 #endif
 		default_loop->fd_events[fd] = event;
 		default_loop->fd_timeout_times[fd] = get_now_plus(timeout);
-		event->ev = (void *) (intptr_t) fd + 1;
+		event->ev = (void *) (intptr_t) (fd + 1);
 
 		DEBUG_SCHED( "scheduled read/write at %d\n", fd);
 		return GETDNS_RETURN_GOOD;
@@ -104,7 +104,7 @@ default_eventloop_schedule(getdns_eventloop *loop,
 		if (default_loop->timeout_events[i] == NULL) {
 			default_loop->timeout_events[i] = event;
 			default_loop->timeout_times[i] = get_now_plus(timeout);
-			event->ev = (void *) (intptr_t) i + 1;
+			event->ev = (void *) (intptr_t) (i + 1);
 
 			DEBUG_SCHED( "scheduled timeout at %d\n", (int)i);
 			return GETDNS_RETURN_GOOD;
@@ -159,6 +159,9 @@ default_eventloop_cleanup(getdns_eventloop *loop)
 static void
 default_read_cb(int fd, getdns_eventloop_event *event)
 {
+#if !defined(SCHED_DEBUG) || !SCHED_DEBUG
+	(void)fd;
+#endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNCTION__, fd, event);
 	event->read_cb(event->userarg);
 }
@@ -166,6 +169,9 @@ default_read_cb(int fd, getdns_eventloop_event *event)
 static void
 default_write_cb(int fd, getdns_eventloop_event *event)
 {
+#if !defined(SCHED_DEBUG) || !SCHED_DEBUG
+	(void)fd;
+#endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNCTION__, fd, event);
 	event->write_cb(event->userarg);
 }
@@ -173,6 +179,9 @@ default_write_cb(int fd, getdns_eventloop_event *event)
 static void
 default_timeout_cb(int fd, getdns_eventloop_event *event)
 {
+#if !defined(SCHED_DEBUG) || !SCHED_DEBUG
+	(void)fd;
+#endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNCTION__, fd, event);
 	event->timeout_cb(event->userarg);
 }
diff --git a/src/test/getdns_query.c b/src/test/getdns_query.c
index 4e8b2d4a..8230b7ef 100644
--- a/src/test/getdns_query.c
+++ b/src/test/getdns_query.c
@@ -1284,6 +1284,9 @@ static void request_cb(
 	getdns_return_t r = GETDNS_RETURN_GOOD;
 	uint32_t n, rcode, dnssec_status;
 
+#if !defined(SERVER_DEBUG) || !SERVER_DEBUG
+	(void)transaction_id;
+#endif
 	DEBUG_SERVER("reply for: %p %"PRIu64" %d (edns0: %d, do: %d, ad: %d,"
 	    " cd: %d)\n", msg, transaction_id, (int)callback_type,
 	    msg->has_edns0, msg->do_bit, msg->ad_bit, msg->cd_bit);
diff --git a/src/types-internal.h b/src/types-internal.h
index b321bafa..37588e7a 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -278,29 +278,29 @@ typedef struct getdns_dns_req {
 	getdns_append_name_t append_name;
 	const uint8_t *suffix;
 	size_t  suffix_len;
-	int suffix_appended			: 1;
+	unsigned suffix_appended			: 1;
 
 	/* canceled flag */
-	int canceled				: 1;
+	unsigned canceled				: 1;
 
 	/* request extensions */
-	int dnssec_return_status		: 1;
-	int dnssec_return_only_secure		: 1;
-	int dnssec_return_all_statuses		: 1;
-	int dnssec_return_validation_chain	: 1;
-	int dnssec_return_full_validation_chain	: 1;
+	unsigned dnssec_return_status			: 1;
+	unsigned dnssec_return_only_secure		: 1;
+	unsigned dnssec_return_all_statuses		: 1;
+	unsigned dnssec_return_validation_chain		: 1;
+	unsigned dnssec_return_full_validation_chain	: 1;
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
-	int dnssec_roadblock_avoidance		: 1;
-	int avoid_dnssec_roadblocks		: 1;
+	unsigned dnssec_roadblock_avoidance		: 1;
+	unsigned avoid_dnssec_roadblocks		: 1;
 #endif
-	int edns_cookies			: 1;
-	int edns_client_subnet_private		: 1;
-	int return_call_reporting		: 1;
-	int add_warning_for_bad_dns		: 1;
+	unsigned edns_cookies				: 1;
+	unsigned edns_client_subnet_private		: 1;
+	unsigned return_call_reporting			: 1;
+	unsigned add_warning_for_bad_dns		: 1;
 
 	/* Internally used by return_validation_chain */
-	int dnssec_ok_checking_disabled		: 1;
-	int is_sync_request			: 1;
+	unsigned dnssec_ok_checking_disabled		: 1;
+	unsigned is_sync_request			: 1;
 
 	/* The validating and freed variables are used to make sure a single
 	 * code path is followed while processing a DNS request, even when
@@ -310,7 +310,7 @@ typedef struct getdns_dns_req {
 	 * validating is touched by _getdns_get_validation_chain only and
 	 * freed      is touched by _getdns_submit_netreq only
 	 */
-	int validating                          : 1;
+	unsigned validating				: 1;
 	int *freed;
 
 	uint16_t tls_query_padding_blocksize;
diff --git a/src/ub_loop.c b/src/ub_loop.c
index c0040289..1fc9daa7 100644
--- a/src/ub_loop.c
+++ b/src/ub_loop.c
@@ -115,9 +115,9 @@ typedef struct my_event {
 } my_event;
 
 #define AS_UB_LOOP(x) \
-	(((union {struct ub_event_base* a; _getdns_ub_loop* b;})x).b)
+	((_getdns_ub_loop *)(x))
 #define AS_MY_EVENT(x) \
-	(((union {struct ub_event* a; my_event* b;})x).b)
+	((my_event *)(x))
 
 static void my_event_base_free(struct ub_event_base* base)
 {

From fbb4eb717a4c593033be2882909f9f2faae55ea6 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 16:28:21 +0100
Subject: [PATCH 054/249] Unit tests fail on pedantic warnings

---
 src/Makefile.in                               |  4 +--
 .../tpkg/100-compile.tpkg/100-compile.pre     | 12 ++++++-
 .../200-stub-only-compile.pre                 | 12 ++++++-
 .../300-event-loops-configure.test            | 36 +++++++++++++++----
 .../323-event-loops-configure.dsc             | 16 +++++++++
 .../323-event-loops-configure.pre             | 14 ++++++++
 .../323-event-loops-configure.test            | 16 +++++++++
 .../326-event-loops-compile.dsc               | 16 +++++++++
 .../326-event-loops-compile.post              | 20 +++++++++++
 .../326-event-loops-compile.pre               | 24 +++++++++++++
 .../326-event-loops-compile.test              |  8 +++++
 11 files changed, 167 insertions(+), 11 deletions(-)
 create mode 100644 src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.dsc
 create mode 100644 src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.pre
 create mode 100644 src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.test
 create mode 100644 src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.dsc
 create mode 100644 src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.post
 create mode 100644 src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.pre
 create mode 100644 src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.test

diff --git a/src/Makefile.in b/src/Makefile.in
index 3766b318..aa5e7fa7 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -99,10 +99,10 @@ $(GLDNS_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/gldns/$(@:.lo=.c) -o $@
 
 $(COMPAT_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/compat/$(@:.lo=.c) -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -Wno-error=pedantic -c $(srcdir)/compat/$(@:.lo=.c) -o $@
 
 $(UTIL_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/util/$(@:.lo=.c) -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -Wno-error=pedantic -Wno-error=unused-parameter -c $(srcdir)/util/$(@:.lo=.c) -o $@
 
 $(EXTENSION_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/extension/$(@:.lo=.c) -o $@
diff --git a/src/test/tpkg/100-compile.tpkg/100-compile.pre b/src/test/tpkg/100-compile.tpkg/100-compile.pre
index 6b76edba..f0bd9a5c 100644
--- a/src/test/tpkg/100-compile.tpkg/100-compile.pre
+++ b/src/test/tpkg/100-compile.tpkg/100-compile.pre
@@ -25,4 +25,14 @@ done
 rm -fr "${BUILDDIR}/build"
 mkdir  "${BUILDDIR}/build"
 cd "${BUILDDIR}/build"
-"${SRCROOT}/configure" $* --prefix "${BUILDDIR}/install"
+if [ -z "$CFLAGS" ]
+then
+	if (echo $*|grep -q CFLAGS)
+	then
+		"${SRCROOT}/configure" $* --prefix "${BUILDDIR}/install"
+	else
+		"${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --prefix "${BUILDDIR}/install"
+	fi
+else
+	"${SRCROOT}/configure" $* --prefix "${BUILDDIR}/install"
+fi
diff --git a/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.pre b/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.pre
index 46686828..1aa7252f 100644
--- a/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.pre
+++ b/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.pre
@@ -25,4 +25,14 @@ done
 rm -fr "${BUILDDIR}/build-stub-only"
 mkdir  "${BUILDDIR}/build-stub-only"
 cd "${BUILDDIR}/build-stub-only"
-"${SRCROOT}/configure" $* --enable-stub-only
+if [ -z "$CFLAGS" ]
+then
+	if (echo $*|grep -q CFLAGS)
+	then
+		"${SRCROOT}/configure" $* --enable-stub-only
+	else
+		"${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-stub-only
+	fi
+else
+	"${SRCROOT}/configure" $* --enable-stub-only
+fi
diff --git a/src/test/tpkg/300-event-loops-configure.tpkg/300-event-loops-configure.test b/src/test/tpkg/300-event-loops-configure.tpkg/300-event-loops-configure.test
index 83ade30b..5242e211 100644
--- a/src/test/tpkg/300-event-loops-configure.tpkg/300-event-loops-configure.test
+++ b/src/test/tpkg/300-event-loops-configure.tpkg/300-event-loops-configure.test
@@ -7,10 +7,32 @@
 rm -fr "${BUILDDIR}/build-event-loops"
 mkdir  "${BUILDDIR}/build-event-loops"
 cd "${BUILDDIR}/build-event-loops"
-"${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libevent --with-libev --with-libuv \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libevent --with-libev \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libevent --with-libuv \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libev --with-libuv \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libevent \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libev \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libuv
+if [ -z "$CFLAGS" ]
+then
+	if (echo $*|grep -q CFLAGS)
+	then
+		"${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
+		    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
+		    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
+		    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
+		    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent \
+		    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev \
+		    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libuv
+	else
+		"${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
+		    || "${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
+		    || "${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
+		    || "${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
+		    || "${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libevent \
+		    || "${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libev \
+		    || "${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libuv
+	fi
+else
+	"${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
+	    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
+	    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
+	    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
+	    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent \
+	    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev \
+	    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libuv
+fi
diff --git a/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.dsc b/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.dsc
new file mode 100644
index 00000000..3d1dec87
--- /dev/null
+++ b/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.dsc
@@ -0,0 +1,16 @@
+BaseName: 323-event-loops-configure
+Version: 1.0
+Description: Configure for maximum coverage
+CreationDate: do  8 dec 2016 16:21:08 CET
+Maintainer: Willem Toorop
+Category: 
+Component:
+CmdDepends: 
+Depends: 
+Help:
+Pre: 323-event-loops-configure.pre
+Post:
+Test: 323-event-loops-configure.test
+AuxFiles: 
+Passed:
+Failure:
diff --git a/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.pre b/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.pre
new file mode 100644
index 00000000..a8423666
--- /dev/null
+++ b/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.pre
@@ -0,0 +1,14 @@
+# #-- 323-event-loops-configure.pre--#
+# source the master var file when it's there
+if [ -f ../.tpkg.var.master ]
+then
+	source ../.tpkg.var.master
+else
+	(
+		cd ..
+		[ -f  "${TPKG_SRCDIR}/setup-env.sh" ] \
+		    && sh "${TPKG_SRCDIR}/setup-env.sh" 
+	) && source ../.tpkg.var.master
+fi
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
diff --git a/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.test b/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.test
new file mode 100644
index 00000000..b54bd321
--- /dev/null
+++ b/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.test
@@ -0,0 +1,16 @@
+# #-- 323-event-loops-configure.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+rm -fr "${BUILDDIR}/build-event-loops"
+mkdir  "${BUILDDIR}/build-event-loops"
+cd "${BUILDDIR}/build-event-loops"
+"${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libevent --with-libev --with-libuv \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libevent --with-libev \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libevent --with-libuv \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libev --with-libuv \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libevent \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libev \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libuv
diff --git a/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.dsc b/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.dsc
new file mode 100644
index 00000000..c4760a36
--- /dev/null
+++ b/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.dsc
@@ -0,0 +1,16 @@
+BaseName: 326-event-loops-compile
+Version: 1.0
+Description: Compile
+CreationDate: do  8 dec 2016 16:21:21 CET
+Maintainer: Willem Toorop
+Category: 
+Component:
+CmdDepends: 
+Depends: 300-event-loops-configure.tpkg
+Help:
+Pre: 326-event-loops-compile.pre
+Post: 326-event-loops-compile.post
+Test: 326-event-loops-compile.test
+AuxFiles: 
+Passed:
+Failure:
diff --git a/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.post b/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.post
new file mode 100644
index 00000000..d8029117
--- /dev/null
+++ b/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.post
@@ -0,0 +1,20 @@
+# #-- 326-event-loops-compile.post --#
+# source the master var file when it's there
+if [ -f ../.tpkg.var.master ]
+then
+	source ../.tpkg.var.master
+else
+	(
+		cd ..
+		[ -f  "${TPKG_SRCDIR}/setup-env.sh" ] \
+		    && sh "${TPKG_SRCDIR}/setup-env.sh"
+	) && source ../.tpkg.var.master
+fi
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+for f in `cat restore-srcdir-configure-settings`
+do
+	mv "${SRCROOT}/${f}.build-event-loops" "${SRCROOT}/${f}"
+done
+
diff --git a/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.pre b/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.pre
new file mode 100644
index 00000000..a4ef762d
--- /dev/null
+++ b/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.pre
@@ -0,0 +1,24 @@
+# #-- 326-event-loops-compile.pre--#
+# source the master var file when it's there
+if [ -f ../.tpkg.var.master ]
+then
+	source ../.tpkg.var.master
+else
+	(
+		cd ..
+		[ -f  "${TPKG_SRCDIR}/setup-env.sh" ] \
+		    && sh "${TPKG_SRCDIR}/setup-env.sh" 
+	) && source ../.tpkg.var.master
+fi
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+echo "" > restore-srcdir-configure-settings
+for f in `grep 'CONFIG_[FH][IE][LA][ED][SE]' "${SRCROOT}/configure.ac" | sed -e 's/^.*(\[//g' -e 's/\])//g'`
+do
+	if [ -f "${SRCROOT}/$f" ]
+	then
+		mv "${SRCROOT}/${f}" "${SRCROOT}/${f}.build-event-loops" && \
+			echo "$f" >> restore-srcdir-configure-settings
+	fi
+done
diff --git a/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.test b/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.test
new file mode 100644
index 00000000..217cfd35
--- /dev/null
+++ b/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.test
@@ -0,0 +1,8 @@
+# #-- 326-event-loops-compile.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+cd "${BUILDDIR}/build-event-loops"
+make

From 2281accd38e7884c6ee7d7396b34f27bbe6190a6 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 16:36:23 +0100
Subject: [PATCH 055/249] Extra fixes for pedantic warnings

---
 src/context.h | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/context.h b/src/context.h
index c6484658..b89a5876 100644
--- a/src/context.h
+++ b/src/context.h
@@ -309,19 +309,19 @@ struct getdns_context {
 	/* request extension defaults */
 	getdns_dict *header;
 	getdns_dict *add_opt_parameters;
-	int add_warning_for_bad_dns             : 1;
-	int dnssec_return_all_statuses          : 1;
-	int dnssec_return_full_validation_chain : 1;
-	int dnssec_return_only_secure           : 1;
-	int dnssec_return_status                : 1;
-	int dnssec_return_validation_chain      : 1;
+	unsigned add_warning_for_bad_dns             : 1;
+	unsigned dnssec_return_all_statuses          : 1;
+	unsigned dnssec_return_full_validation_chain : 1;
+	unsigned dnssec_return_only_secure           : 1;
+	unsigned dnssec_return_status                : 1;
+	unsigned dnssec_return_validation_chain      : 1;
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
-	int dnssec_roadblock_avoidance          : 1;
+	unsigned dnssec_roadblock_avoidance          : 1;
 #endif
-	int edns_cookies                        : 1;
-	int return_api_information              : 1; /* Not used */
-	int return_both_v4_and_v6               : 1;
-	int return_call_reporting               : 1;
+	unsigned edns_cookies                        : 1;
+	unsigned return_api_information              : 1; /* Not used */
+	unsigned return_both_v4_and_v6               : 1;
+	unsigned return_call_reporting               : 1;
 	uint16_t specify_class;
 
 	/*

From 26eaf255c5a50e07cee5bd96e417eadd93fb06ba Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Thu, 8 Dec 2016 12:37:35 -0800
Subject: [PATCH 056/249] Fixing the bulk of the compilation warnings in the
 GetDNS code

---
 src/compat/arc4random_uniform.c |  2 +-
 src/context.c                   | 20 ++++++++++++++++----
 src/convert.c                   | 12 ++++++++++--
 src/dict.c                      |  2 +-
 src/dnssec.c                    |  8 ++++----
 src/general.c                   |  2 +-
 src/list.c                      |  2 +-
 src/request-internal.c          | 12 ++++++------
 src/rr-dict.c                   |  4 ++--
 src/rr-iter.c                   |  8 ++++----
 src/rr-iter.h                   | 20 ++++++++++----------
 src/util-internal.c             |  8 +++++---
 12 files changed, 61 insertions(+), 39 deletions(-)

diff --git a/src/compat/arc4random_uniform.c b/src/compat/arc4random_uniform.c
index 154260eb..c03c2c9b 100644
--- a/src/compat/arc4random_uniform.c
+++ b/src/compat/arc4random_uniform.c
@@ -39,7 +39,7 @@ arc4random_uniform(uint32_t upper_bound)
 		return 0;
 
 	/* 2**32 % x == (2**32 - x) % x */
-	min = -upper_bound % upper_bound;
+	min = ((uint32_t)(-(int32_t)upper_bound)) % upper_bound;
 
 	/*
 	 * This could theoretically loop forever but each retry has
diff --git a/src/context.c b/src/context.c
index 010b1685..ebe45ccb 100644
--- a/src/context.c
+++ b/src/context.c
@@ -661,7 +661,13 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
 			SSL_free(upstream->tls_obj);
 		}
 		if (upstream->fd != -1)
+		{
+#ifdef USE_WINSOCK
+			closesocket(upstream->fd);
+#else
 			close(upstream->fd);
+#endif
+		}
 		while (pin) {
 			sha256_pin_t *nextpin = pin->next;
 			GETDNS_FREE(upstreams->mf, pin);
@@ -707,12 +713,18 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 		upstream->tls_obj = NULL;
 	}
 	if (fd != -1)
+	{
+#ifdef USE_WINSOCK
+		closesocket(fd);
+#else
 		close(fd);
+#endif
+	}
 }
 
 static int
 tls_is_in_transports_list(getdns_context *context) {
-	for (int i=0; i< context->dns_transport_count;i++) {
+	for (size_t i=0; i< context->dns_transport_count;i++) {
 		if (context->dns_transports[i] == GETDNS_TRANSPORT_TLS)
 			return 1;
 	}
@@ -761,7 +773,7 @@ static getdns_tsig_info const * const last_tsig_info =
 
 const getdns_tsig_info *_getdns_get_tsig_info(getdns_tsig_algo tsig_alg)
 {
-	return tsig_alg > n_tsig_infos - 1
+	return ((unsigned) tsig_alg > n_tsig_infos - 1)
 	    || tsig_info[tsig_alg].alg == GETDNS_NO_TSIG ? NULL
 	    : &tsig_info[tsig_alg];
 }
@@ -2200,7 +2212,7 @@ getdns_context_set_suffix(getdns_context *context, getdns_list *value)
 			if (gldns_str2wire_dname_buf(name, dname, &dname_len))
 				return GETDNS_RETURN_GENERIC_ERROR;
 
-			gldns_buffer_write_u8(&gbuf, dname_len);
+			gldns_buffer_write_u8(&gbuf, (uint8_t) dname_len);
 			gldns_buffer_write(&gbuf, dname, dname_len);
 		}
 		if (r == GETDNS_RETURN_NO_SUCH_LIST_ITEM)
@@ -3377,7 +3389,7 @@ _get_context_settings(getdns_context* context)
 		if (!(list = getdns_list_create_with_context(context)))
 			goto error;
 
-		for (i = 0; i < context->namespace_count; ++i) {
+		for (i = 0; (int) i < context->namespace_count; ++i) {
 			if (getdns_list_set_int(list, i,
 			    context->namespaces[i])) {
 				getdns_list_destroy(list);
diff --git a/src/convert.c b/src/convert.c
index 9ce2fa39..353e6abc 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -56,6 +56,14 @@
 /* stuff to make it compile pedantically */
 #define UNUSED_PARAM(x) ((void)(x))
 
+/* strdup is marked deprecated by the Windows compiler */
+#ifndef STRDUP
+#ifdef GETDNS_ON_WINDOWS
+#define STRDUP(x) _strdup(x)
+#else
+#define STRDUP(x) strdup(x)
+#endif
+#endif
 getdns_return_t
 getdns_convert_dns_name_to_fqdn(
     const getdns_bindata *dns_name_wire_fmt, char **fqdn_as_string)
@@ -200,7 +208,7 @@ getdns_display_ip_address(const struct getdns_bindata
 		    buff,
 		    256);
 		if (ipStr) {
-			return strdup(ipStr);
+			return STRDUP(ipStr);
 		}
 	} else if (bindata_of_ipv4_or_ipv6_address->size == 16) {
 		const char *ipStr = inet_ntop(AF_INET6,
@@ -208,7 +216,7 @@ getdns_display_ip_address(const struct getdns_bindata
 		    buff,
 		    256);
 		if (ipStr) {
-			return strdup(ipStr);
+			return STRDUP(ipStr);
 		}
 	}
 	return NULL;
diff --git a/src/dict.c b/src/dict.c
index e7294e62..0ab0c784 100644
--- a/src/dict.c
+++ b/src/dict.c
@@ -65,7 +65,7 @@ static char *_json_ptr_first(const struct mem_funcs *mf,
 	if (!(next_ref = strchr(jptr, '/')))
 		next_ref = strchr(jptr, '\0');
 
-	if (next_ref - jptr + 1 > first_sz || !first)
+	if ((unsigned)(next_ref - jptr + 1) > first_sz || !first)
 		first = GETDNS_XMALLOC(*mf, char, next_ref - jptr + 1);
 
 	for (j = first, k = jptr; k < next_ref; j++, k++)
diff --git a/src/dnssec.c b/src/dnssec.c
index f567b96b..965ee081 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -256,7 +256,7 @@ static uint8_t *_dname_label_copy(uint8_t *dst, const uint8_t *src, size_t dst_l
 {
 	uint8_t *r = dst, i;
 
-	if (!src || *src + 1 > dst_len)
+	if (!src || (unsigned)(*src + 1) > dst_len)
 		return NULL;
 
 	for (i = (*dst++ = *src++); i ; i--)
@@ -559,7 +559,7 @@ static chain_head *add_rrset2val_chain(struct mem_funcs *mf,
 			if (! _dname_is_parent(*label, head->rrset.name))
 				break;
 		}
-		if (label - labels > max_labels) {
+		if ((unsigned)(label - labels) > max_labels) {
 			max_labels = label - labels;
 			max_head = head;
 		}
@@ -1210,7 +1210,7 @@ static size_t _rr_uncompressed_rdata_size(_getdns_rrtype_iter *rr)
 static size_t _rr_rdata_size(_getdns_rrtype_iter *rr)
 {
 	const _getdns_rr_def *rr_def;
-	size_t i;
+	int i;
 
 	rr_def = _getdns_rr_def_lookup(gldns_read_uint16(rr->rr_i.rr_type));
 
@@ -1626,7 +1626,7 @@ static int nsec3_iteration_count_high(_getdns_rrtype_iter *dnskey, _getdns_rrset
 		return gldns_read_uint16(rr->rr_i.rr_type + 12) > 150;
 }
 
-static int check_dates(int32_t now, int32_t skew, int32_t exp, int32_t inc)
+static int check_dates(time_t now, int32_t skew, int32_t exp, int32_t inc)
 {
 	return (exp - inc > 0) && (inc - now < skew) && (now - exp < skew);
 }
diff --git a/src/general.c b/src/general.c
index 99e4cff5..3dd7e493 100644
--- a/src/general.c
+++ b/src/general.c
@@ -420,7 +420,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 	getdns_network_req *netreq, **netreq_p;
 	getdns_dns_req *req;
 	getdns_dict *localnames_response;
-	size_t i;
+	int i;
 
 	if (!context || !name || (!callbackfn && !internal_cb))
 		return GETDNS_RETURN_INVALID_PARAMETER;
diff --git a/src/list.c b/src/list.c
index eec2a1c1..486b227b 100644
--- a/src/list.c
+++ b/src/list.c
@@ -312,7 +312,7 @@ getdns_return_t
 _getdns_list_copy(const struct getdns_list * srclist,
 	struct getdns_list ** dstlist)
 {
-	int i;
+	unsigned int i;
 	getdns_return_t retval;
 
 	if (!dstlist)
diff --git a/src/request-internal.c b/src/request-internal.c
index 797fde50..69166ace 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -260,10 +260,10 @@ _getdns_network_req_clear_upstream_options(getdns_network_req * req)
 {
   size_t pktlen;
   if (req->opt) {
-	  gldns_write_uint16(req->opt + 9, req->base_query_option_sz);
+	  gldns_write_uint16(req->opt + 9, (uint16_t) req->base_query_option_sz);
 	  req->response = req->opt + 11 + req->base_query_option_sz;
 	  pktlen = req->response - req->query;
-	  gldns_write_uint16(req->query - 2, pktlen);
+	  gldns_write_uint16(req->query - 2, (uint16_t) pktlen);
   }
 }
 
@@ -426,7 +426,7 @@ _getdns_network_req_add_tsig(getdns_network_req *req)
 	gldns_buffer_write_u16(&gbuf, GETDNS_RRCLASS_ANY);	/* Class */
 	gldns_buffer_write_u32(&gbuf, 0);			/* TTL */
 	gldns_buffer_write_u16(&gbuf,
-	    tsig_info->dname_len + 10 + md_len + 6);	/* RdLen */
+	    (uint16_t)(tsig_info->dname_len + 10 + md_len + 6));	/* RdLen */
 	gldns_buffer_write(&gbuf,
 	    tsig_info->dname, tsig_info->dname_len);	/* Algorithm Name */
 	gldns_buffer_write_u48(&gbuf, time(NULL));	/* Time Signed */
@@ -563,7 +563,7 @@ _getdns_network_validate_tsig(getdns_network_req *req)
 		return;
 
 	gldns_buffer_write_u16(&gbuf, 0);		/* Other len */
-	other_len = gldns_read_uint16(rdf->pos);
+	other_len = (uint8_t) gldns_read_uint16(rdf->pos);
 	if (other_len != rdf->nxt - rdf->pos - 2)
 		return;
 	if (other_len)
@@ -921,7 +921,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 	    request_type, dnssec_extension_set, with_opt,
 	    edns_maximum_udp_payload_size,
 	    edns_extended_rcode, edns_version, edns_do_bit,
-	    opt_options_size, noptions, options,
+	    (uint16_t) opt_options_size, noptions, options,
 	    netreq_sz - sizeof(getdns_network_req), max_query_sz,
 	    extensions);
 
@@ -932,7 +932,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 		    dnssec_extension_set, with_opt,
 		    edns_maximum_udp_payload_size,
 		    edns_extended_rcode, edns_version, edns_do_bit,
-		    opt_options_size, noptions, options,
+		    (uint16_t) opt_options_size, noptions, options,
 		    netreq_sz - sizeof(getdns_network_req), max_query_sz,
 		    extensions);
 
diff --git a/src/rr-dict.c b/src/rr-dict.c
index 76972997..26504512 100644
--- a/src/rr-dict.c
+++ b/src/rr-dict.c
@@ -429,7 +429,7 @@ hip_hit_2wire(
 		return GETDNS_RETURN_NEED_MORE_SPACE;
 	}
 	*rdf_len = value->size;
-	rdata[0] = value->size;
+	rdata[0] = (uint8_t) value->size;
 	(void)memcpy(rdf, value->data, value->size);
 	return GETDNS_RETURN_GOOD;
 }
@@ -501,7 +501,7 @@ hip_public_key_2wire(
 		return GETDNS_RETURN_NEED_MORE_SPACE;
 	}
 	*rdf_len = value->size;
-	gldns_write_uint16(rdata + 2, value->size);
+	gldns_write_uint16(rdata + 2, (uint16_t) value->size);
 	(void)memcpy(rdf, value->data, value->size);
 	return GETDNS_RETURN_GOOD;
 }
diff --git a/src/rr-iter.c b/src/rr-iter.c
index 9b332603..7c4d4962 100644
--- a/src/rr-iter.c
+++ b/src/rr-iter.c
@@ -75,8 +75,8 @@ find_rrtype(_getdns_rr_iter *i)
 
 	/* Past the last RR in the pkt */
 	if (i->pkt &&
-	    GLDNS_QDCOUNT(i->pkt) + GLDNS_ANCOUNT(i->pkt) +
-	    GLDNS_NSCOUNT(i->pkt) + GLDNS_ARCOUNT(i->pkt) <= i->n)
+	    (unsigned)(GLDNS_QDCOUNT(i->pkt) + GLDNS_ANCOUNT(i->pkt) +
+	               GLDNS_NSCOUNT(i->pkt) + GLDNS_ARCOUNT(i->pkt)) <= i->n)
 		goto done;
 
 	for (pos = i->pos; pos + 4 < i->pkt_end; pos += *pos + 1)
@@ -101,7 +101,7 @@ done:
 }
 
 _getdns_rr_iter *
-_getdns_rr_iter_init(_getdns_rr_iter *i, const uint8_t *pkt, size_t pkt_len)
+_getdns_rr_iter_init(_getdns_rr_iter *i, const uint8_t *pkt, const size_t pkt_len)
 {
 	assert(i);
 
@@ -119,7 +119,7 @@ _getdns_rr_iter_init(_getdns_rr_iter *i, const uint8_t *pkt, size_t pkt_len)
 
 _getdns_rr_iter *
 _getdns_single_rr_iter_init(
-    _getdns_rr_iter *i, const uint8_t *wire, size_t wire_len)
+    _getdns_rr_iter *i, const uint8_t *wire, const size_t wire_len)
 {
 	assert(i);
 
diff --git a/src/rr-iter.h b/src/rr-iter.h
index d657d484..4eae4df1 100644
--- a/src/rr-iter.h
+++ b/src/rr-iter.h
@@ -88,16 +88,16 @@ _getdns_rr_iter_section(_getdns_rr_iter *i)
 {
 	return !i->pkt ? (i->nxt - i->rr_type == 4 ? SECTION_QUESTION
 	                                           : SECTION_ANSWER  )
-             : i->n < GLDNS_QDCOUNT(i->pkt) ? SECTION_QUESTION
-	     : i->n < GLDNS_QDCOUNT(i->pkt)
-	            + GLDNS_ANCOUNT(i->pkt) ? SECTION_ANSWER
-	     : i->n < GLDNS_QDCOUNT(i->pkt)
-	            + GLDNS_ANCOUNT(i->pkt)
-	            + GLDNS_NSCOUNT(i->pkt) ? SECTION_AUTHORITY
-	     : i->n < GLDNS_QDCOUNT(i->pkt)
-	            + GLDNS_ANCOUNT(i->pkt)
-	            + GLDNS_NSCOUNT(i->pkt)
-	            + GLDNS_ARCOUNT(i->pkt) ? SECTION_ADDITIONAL
+         : i->n < GLDNS_QDCOUNT(i->pkt) ? SECTION_QUESTION
+	     : i->n < (unsigned)(GLDNS_QDCOUNT(i->pkt)
+	                       + GLDNS_ANCOUNT(i->pkt)) ? SECTION_ANSWER
+	     : i->n < (unsigned)(GLDNS_QDCOUNT(i->pkt)
+	                       + GLDNS_ANCOUNT(i->pkt)
+	                       + GLDNS_NSCOUNT(i->pkt)) ? SECTION_AUTHORITY
+	     : i->n < (unsigned)(GLDNS_QDCOUNT(i->pkt)
+	                       + GLDNS_ANCOUNT(i->pkt)
+	                       + GLDNS_NSCOUNT(i->pkt)
+	                       + GLDNS_ARCOUNT(i->pkt)) ? SECTION_ADDITIONAL
 	                                    : SECTION_ANY;
 }
 
diff --git a/src/util-internal.c b/src/util-internal.c
index 6934958d..18ca27bf 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -890,7 +890,7 @@ static int _srv_cmp(const void *a, const void *b)
 
 static void _rfc2782_sort(_srv_rr *start, _srv_rr *end)
 {
-	int running_sum, n;
+	unsigned int running_sum, n;
 	_srv_rr *i, *j, swap;
 
 	/* First move all SRVs with weight 0 to the beginning of the list */
@@ -1379,7 +1379,8 @@ static void _getdns_reply2wire_buf(gldns_buffer *buf, getdns_dict *reply)
 {
 	getdns_dict *rr_dict, *q_dict, *h_dict;
 	getdns_list *section;
-	size_t i, pkt_start, ancount, nscount;
+	size_t i, pkt_start;
+	uint16_t ancount, nscount;
 	uint32_t qtype, qclass = GETDNS_RRCLASS_IN, rcode = GETDNS_RCODE_NOERROR;
 	getdns_bindata *qname;
 
@@ -1433,7 +1434,8 @@ static void _getdns_reply2wire_buf(gldns_buffer *buf, getdns_dict *reply)
 static void _getdns_list2wire_buf(gldns_buffer *buf, getdns_list *l)
 {
 	getdns_dict *rr_dict;
-	size_t i, pkt_start, ancount;
+	size_t i, pkt_start;
+	uint16_t ancount;
 	uint32_t qtype, qclass = GETDNS_RRCLASS_IN;
 	getdns_bindata *qname;
 

From 55cdd8fed3f7523d63829d793d99cf8368cd74c6 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 22:33:10 +0100
Subject: [PATCH 057/249] Fix pedantic warnings in unit tests

---
 src/test/check_getdns_address.h         |  9 ++++++---
 src/test/check_getdns_cancel_callback.h | 18 ++++++++++++------
 src/test/check_getdns_common.c          |  2 +-
 src/test/check_getdns_common.h          |  4 ++++
 src/test/check_getdns_context_destroy.h | 12 ++++++++----
 src/test/check_getdns_general.h         | 21 ++++++++++++++-------
 src/test/check_getdns_hostname.h        | 12 ++++++++----
 src/test/check_getdns_service.h         |  3 ++-
 8 files changed, 55 insertions(+), 26 deletions(-)

diff --git a/src/test/check_getdns_address.h b/src/test/check_getdns_address.h
index 65f76b8b..2c59d992 100644
--- a/src/test/check_getdns_address.h
+++ b/src/test/check_getdns_address.h
@@ -149,6 +149,7 @@
        *    rcode = 0
        */
        void verify_getdns_address_6(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_address_6 };
        struct getdns_context *context = NULL;   \
        void* eventloop = NULL;    \
        getdns_transaction_t transaction_id = 0;
@@ -157,7 +158,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_address(context, "google.com", NULL,
-         verify_getdns_address_6, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_address()");
 
        RUN_EVENT_LOOP;
@@ -183,6 +184,7 @@
        *    ancount = 1 (number of records in ANSWER section)
        */
        void verify_getdns_address_7(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_address_7 };
        struct getdns_context *context = NULL;   \
        void* eventloop = NULL;    \
        getdns_transaction_t transaction_id = 0;
@@ -191,7 +193,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_address(context, "localhost", NULL,
-         verify_getdns_address_7, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_address()");
 
        RUN_EVENT_LOOP;
@@ -213,6 +215,7 @@
        *    rcode = 3 (NXDOMAIN)
        */
        void verify_getdns_address_8(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_address_8 };
        struct getdns_context *context = NULL;   \
        void* eventloop = NULL;    \
        getdns_transaction_t transaction_id = 0;
@@ -222,7 +225,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_address(context, "hostnamedoesntexist", NULL,
-         verify_getdns_address_8, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_address()");
 
        RUN_EVENT_LOOP;
diff --git a/src/test/check_getdns_cancel_callback.h b/src/test/check_getdns_cancel_callback.h
index 08331771..facf31bc 100644
--- a/src/test/check_getdns_cancel_callback.h
+++ b/src/test/check_getdns_cancel_callback.h
@@ -55,6 +55,7 @@
        *  expect: GETDNS_RETURN_UNKNOWN_TRANSACTION
        */
        void verify_getdns_cancel_callback(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_cancel_callback };
        struct getdns_context *context = NULL;
        void* eventloop = NULL;
        getdns_transaction_t transaction_id = 0;
@@ -65,7 +66,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_general(context, "google.com", GETDNS_RRTYPE_A, NULL,
-         verify_getdns_cancel_callback, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_general()");
 
        RUN_EVENT_LOOP;
@@ -86,6 +87,7 @@
        *  expect: GETDNS_RETURN_UNKNOWN_TRANSACTION
        */
        void verify_getdns_cancel_callback(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_cancel_callback };
        struct getdns_context *context = NULL;
        void* eventloop = NULL;
        getdns_transaction_t transaction_id = 0;
@@ -96,7 +98,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_general(context, "google.com", GETDNS_RRTYPE_A, NULL,
-         verify_getdns_cancel_callback, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_general()");
 
        RUN_EVENT_LOOP;
@@ -133,7 +135,8 @@
        struct getdns_context *context = NULL;
        void* eventloop = NULL;
        getdns_transaction_t transaction_id = 0;
-       getdns_transaction_t transaction_id_array[10] = {};
+       getdns_transaction_t transaction_id_array[10]
+	       = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
        int i;
        int odd = 0;
        int even = 0;
@@ -212,7 +215,8 @@
        struct getdns_context *context = NULL;
        void* eventloop = NULL;
        getdns_transaction_t transaction_id = 0;
-       getdns_transaction_t transaction_id_array[10] = {};
+       getdns_transaction_t transaction_id_array[10]
+	       = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
        int i;
        int odd = 0;
        int even = 0;
@@ -295,7 +299,8 @@
        struct getdns_bindata address_data = { 4, (void *)"\x08\x08\x08\x08" };
        struct getdns_dict *address = NULL;
        getdns_transaction_t transaction_id = 0;
-       getdns_transaction_t transaction_id_array[10] = {};
+       getdns_transaction_t transaction_id_array[10]
+	       = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
        int i;
        int odd = 0;
        int even = 0;
@@ -381,7 +386,8 @@
        struct getdns_context *context = NULL;
        void* eventloop = NULL;
        getdns_transaction_t transaction_id = 0;
-       getdns_transaction_t transaction_id_array[10] = {};
+       getdns_transaction_t transaction_id_array[10]
+	       = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
        int i;
        int odd = 0;
        int even = 0;
diff --git a/src/test/check_getdns_common.c b/src/test/check_getdns_common.c
index 87f0727e..20310f93 100644
--- a/src/test/check_getdns_common.c
+++ b/src/test/check_getdns_common.c
@@ -339,7 +339,7 @@ void callbackfn(struct getdns_context *context,
                 getdns_transaction_t transaction_id)
 {
   typedef void (*fn_ptr)(struct extracted_response *ex_response);
-  fn_ptr fn = userarg;
+  fn_ptr fn = ((fn_cont *)userarg)->fn;
   (void)context; (void)transaction_id;
 
   /*
diff --git a/src/test/check_getdns_common.h b/src/test/check_getdns_common.h
index e2d77f44..6fb3b555 100644
--- a/src/test/check_getdns_common.h
+++ b/src/test/check_getdns_common.h
@@ -211,6 +211,10 @@
                      struct getdns_dict *response,
                      void *userarg,
                      getdns_transaction_t transaction_id);
+
+     typedef struct fn_cont {
+          void (*fn)(struct extracted_response *ex_response);
+     } fn_cont;
      /*
       *    callbackfn is the callback function given to all
       *    asynchronous query tests.  It is expected to only
diff --git a/src/test/check_getdns_context_destroy.h b/src/test/check_getdns_context_destroy.h
index 381da9f8..65a0a8c3 100644
--- a/src/test/check_getdns_context_destroy.h
+++ b/src/test/check_getdns_context_destroy.h
@@ -68,6 +68,7 @@
        *  expect: callback should be called before getdns_context_destroy() returns
        */
        void verify_getdns_context_destroy(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_context_destroy };
        struct getdns_context *context = NULL;
        void* eventloop = NULL;
        getdns_transaction_t transaction_id = 0;
@@ -78,7 +79,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_general(context, "google.com", GETDNS_RRTYPE_A, NULL,
-         verify_getdns_context_destroy, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_general()");
 
        RUN_EVENT_LOOP;
@@ -95,6 +96,7 @@
        *  expect: callback should be called before getdns_context_destroy() returns
        */
        void verify_getdns_context_destroy(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_context_destroy };
        struct getdns_context *context = NULL;
        void* eventloop = NULL;
        getdns_transaction_t transaction_id = 0;
@@ -105,7 +107,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_address(context, "google.com", NULL,
-         verify_getdns_context_destroy, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_address()");
 
        RUN_EVENT_LOOP;
@@ -122,6 +124,7 @@
        *  expect: callback should be called before getdns_context_destroy() returns
        */
        void verify_getdns_context_destroy(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_context_destroy };
        struct getdns_context *context = NULL;
        void* eventloop = NULL;
        struct getdns_bindata address_type = { 5, (void *)"IPv4" };
@@ -141,7 +144,7 @@
          GETDNS_RETURN_GOOD, "Return code from getdns_dict_set_bindata");
 
        ASSERT_RC(getdns_hostname(context, address, NULL,
-         verify_getdns_context_destroy, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_address()");
 
        RUN_EVENT_LOOP;
@@ -159,6 +162,7 @@
        *  expect: callback should be called before getdns_context_destroy() returns
        */
        void verify_getdns_context_destroy(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_context_destroy };
        struct getdns_context *context = NULL;
        void* eventloop = NULL;
        getdns_transaction_t transaction_id = 0;
@@ -169,7 +173,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_service(context, "google.com", NULL,
-         verify_getdns_context_destroy, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_service()");
 
        RUN_EVENT_LOOP;
diff --git a/src/test/check_getdns_general.h b/src/test/check_getdns_general.h
index 6a19bdfb..f073cd86 100644
--- a/src/test/check_getdns_general.h
+++ b/src/test/check_getdns_general.h
@@ -151,6 +151,7 @@
        *    ancount = 0 (number of records in ANSWER section)
        */
        void verify_getdns_general_6(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_general_6 };
        struct getdns_context *context = NULL;   \
        void* eventloop = NULL;    \
        getdns_transaction_t transaction_id = 0;
@@ -159,7 +160,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_general(context, "google.com", 0, NULL,
-         verify_getdns_general_6, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_general()");
 
        RUN_EVENT_LOOP;
@@ -184,6 +185,7 @@
        *    ancount = 0 (number of records in ANSWER section)
        */
        void verify_getdns_general_7(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_general_7 };
        struct getdns_context *context = NULL;   \
        void* eventloop = NULL;    \
        getdns_transaction_t transaction_id = 0;
@@ -192,7 +194,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_general(context, "google.com", 65279, NULL,
-         verify_getdns_general_7, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_general()");
 
        RUN_EVENT_LOOP;
@@ -218,6 +220,7 @@
        *      and equals number of A records ("type": 1) in "answer" list
        */
        void verify_getdns_general_8(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_general_8 };
        struct getdns_context *context = NULL;   \
        void* eventloop = NULL;    \
        getdns_transaction_t transaction_id = 0;
@@ -226,7 +229,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_general(context, "google.com", GETDNS_RRTYPE_A, NULL,
-         verify_getdns_general_8, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_general()");
 
        RUN_EVENT_LOOP;
@@ -252,6 +255,7 @@
        *      and equals number of AAAA records ("type": 28) in "answer" list
        */
        void verify_getdns_general_9(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_general_9 };
        struct getdns_context *context = NULL;   \
        void* eventloop = NULL;    \
        getdns_transaction_t transaction_id = 0;
@@ -260,7 +264,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_general(context, "google.com", GETDNS_RRTYPE_AAAA, NULL,
-         verify_getdns_general_9, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_general()");
 
        RUN_EVENT_LOOP;
@@ -287,6 +291,7 @@
        *      and SOA record ("type": 6) present in "authority" list
        */
        void verify_getdns_general_10(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_general_10 };
        struct getdns_context *context = NULL;   \
        void* eventloop = NULL;    \
        getdns_transaction_t transaction_id = 0;
@@ -296,7 +301,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_general(context, name, GETDNS_RRTYPE_TXT, NULL,
-         verify_getdns_general_10, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_general()");
 
        RUN_EVENT_LOOP;
@@ -322,6 +327,7 @@
        *    ancount = 0 (number of records in ANSWER section)
        */
        void verify_getdns_general_11(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_general_11 };
        struct getdns_context *context = NULL;   \
        void* eventloop = NULL;    \
        getdns_transaction_t transaction_id = 0;
@@ -330,7 +336,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_general(context, "willem.getdnsapi.net", GETDNS_RRTYPE_MX, NULL,
-         verify_getdns_general_11, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_general()");
 
        RUN_EVENT_LOOP;
@@ -356,6 +362,7 @@
        *      and equals number of A records ("type": 1) in "answer" list
        */
        void verify_getdns_general_12(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_general_12 };
        struct getdns_context *context = NULL;   \
        void* eventloop = NULL;    \
        getdns_transaction_t transaction_id = 0;
@@ -364,7 +371,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_general(context, "google.com", GETDNS_RRTYPE_A, NULL,
-         verify_getdns_general_12, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_general()");
 
        RUN_EVENT_LOOP;
diff --git a/src/test/check_getdns_hostname.h b/src/test/check_getdns_hostname.h
index 461ad373..7193fec9 100644
--- a/src/test/check_getdns_hostname.h
+++ b/src/test/check_getdns_hostname.h
@@ -315,6 +315,7 @@
        *  expect:  response with correct hostname
        */
        void verify_getdns_hostname_10(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_hostname_10 };
        struct getdns_context *context = NULL;
        struct getdns_dict *address = NULL;
        struct getdns_bindata address_type = { 5, (void *)"IPv4" };
@@ -333,7 +334,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_hostname(context, address, NULL,
-         verify_getdns_hostname_10, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_hostname()");
 
        RUN_EVENT_LOOP;
@@ -356,6 +357,7 @@
        *  expect:  response with no hostname
        */
        void verify_getdns_hostname_11(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_hostname_11 };
        struct getdns_context *context = NULL;
        struct getdns_dict *address = NULL;
        struct getdns_bindata address_type = { 5, (void *)"IPv4" };
@@ -374,7 +376,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_hostname(context, address, NULL,
-         verify_getdns_hostname_11, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_hostname()");
 
        RUN_EVENT_LOOP;
@@ -398,6 +400,7 @@
        *  expect:  response with correct hostname
        */
        void verify_getdns_hostname_12(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_hostname_12 };
        struct getdns_context *context = NULL;
        struct getdns_dict *address = NULL;
        struct getdns_bindata address_type = { 5, (void *)"IPv6" };
@@ -419,7 +422,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_hostname(context, address, NULL,
-         verify_getdns_hostname_12, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_hostname()");
 
        RUN_EVENT_LOOP;
@@ -442,6 +445,7 @@
        *  expect:  response with no hostname
        */
        void verify_getdns_hostname_13(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_hostname_13 };
        struct getdns_context *context = NULL;
        struct getdns_dict *address = NULL;
        struct getdns_bindata address_type = { 5, (void *)"IPv6" };
@@ -460,7 +464,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_hostname(context, address, NULL,
-         verify_getdns_hostname_13, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_hostname()");
 
        RUN_EVENT_LOOP;
diff --git a/src/test/check_getdns_service.h b/src/test/check_getdns_service.h
index c9545c0c..c93cab0e 100644
--- a/src/test/check_getdns_service.h
+++ b/src/test/check_getdns_service.h
@@ -148,6 +148,7 @@
        *  expect: NXDOMAIN response (with SOA record)
        */
        void verify_getdns_service_7(struct extracted_response *ex_response);
+       fn_cont fn_ref = { verify_getdns_service_7 };
        struct getdns_context *context = NULL;   \
        void* eventloop = NULL;    \
        getdns_transaction_t transaction_id = 0;
@@ -157,7 +158,7 @@
        EVENT_BASE_CREATE;
 
        ASSERT_RC(getdns_service(context, "nitinsinghit.com", NULL, 
-         verify_getdns_address_8, &transaction_id, callbackfn),
+         &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_service()");
 
        RUN_EVENT_LOOP;

From eeca7b32b1deaea748364cf78240508fb9fec808 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 22:46:53 +0100
Subject: [PATCH 058/249] One more unused variable

---
 src/dnssec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/dnssec.c b/src/dnssec.c
index 961941a4..7d414cd4 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -857,6 +857,7 @@ static getdns_dict *CD_extension(getdns_dns_req *dnsreq)
 	     ? dnssec_ok_checking_disabled_roadblock_avoidance
 	     : dnssec_ok_checking_disabled_avoid_roadblocks;
 #else
+	(void)dnsreq;
 	return dnssec_ok_checking_disabled;
 #endif
 }

From 8de9976a2b7d665fc07c6cfbd633e6a2f118ccb4 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 22:56:02 +0100
Subject: [PATCH 059/249] Some more unused variables in stub only mode

---
 src/context.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/context.c b/src/context.c
index dc3b8b92..a3c7aec4 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1882,11 +1882,13 @@ getdns_context_set_tls_authentication(getdns_context *context,
     return GETDNS_RETURN_GOOD;
 }               /* getdns_context_set_tls_authentication_list */
 
+#ifdef HAVE_LIBUNBOUND
 static void
-set_ub_limit_outstanding_queries(struct getdns_context* context, uint16_t value) {
+set_ub_limit_outstanding_queries(getdns_context* context, uint16_t value) {
     /* num-queries-per-thread */
     set_ub_number_opt(context, "num-queries-per-thread:", value);
 }
+#endif
 /*
  * getdns_context_set_limit_outstanding_queries
  *
@@ -1896,7 +1898,9 @@ getdns_context_set_limit_outstanding_queries(struct getdns_context *context,
     uint16_t limit)
 {
     RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
+#ifdef HAVE_LIBUNBOUND
     set_ub_limit_outstanding_queries(context, limit);
+#endif
     if (limit != context->limit_outstanding_queries) {
         context->limit_outstanding_queries = limit;
         dispatch_updated(context,
@@ -2268,11 +2272,13 @@ getdns_context_set_dnssec_trust_anchors(
 	return GETDNS_RETURN_GOOD;
 }               /* getdns_context_set_dnssec_trust_anchors */
 
+#ifdef HAVE_LIBUNBOUND
 static void
 set_ub_dnssec_allowed_skew(struct getdns_context* context, uint32_t value) {
     set_ub_number_opt(context, "val-sig-skew-min:", value);
     set_ub_number_opt(context, "val-sig-skew-max:", value);
 }
+#endif
 /*
  * getdns_context_set_dnssec_allowed_skew
  *
@@ -2282,7 +2288,9 @@ getdns_context_set_dnssec_allowed_skew(struct getdns_context *context,
     uint32_t value)
 {
     RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
+#ifdef HAVE_LIBUNBOUND
     set_ub_dnssec_allowed_skew(context, value);
+#endif
     if (value != context->dnssec_allowed_skew) {
         context->dnssec_allowed_skew = value;
         dispatch_updated(context, GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW);
@@ -2550,6 +2558,7 @@ error:
 } /* getdns_context_set_upstream_recursive_servers */
 
 
+#ifdef HAVE_LIBUNBOUND
 static void
 set_ub_edns_maximum_udp_payload_size(struct getdns_context* context,
     int value) {
@@ -2557,6 +2566,7 @@ set_ub_edns_maximum_udp_payload_size(struct getdns_context* context,
     if (value >= 512 && value <= 65535)
     	set_ub_number_opt(context, "edns-buffer-size:", (uint16_t)value);
 }
+#endif
 
 /*
  * getdns_context_set_edns_maximum_udp_payload_size
@@ -2573,7 +2583,9 @@ getdns_context_set_edns_maximum_udp_payload_size(struct getdns_context *context,
 	if (value < 512)
 		value = 512;
 
+#ifdef HAVE_LIBUNBOUND
 	set_ub_edns_maximum_udp_payload_size(context, value);
+#endif
 	if (value != context->edns_maximum_udp_payload_size) {
 		context->edns_maximum_udp_payload_size = value;
 		dispatch_updated(context,

From 26db6202a5168e32caf5545d3b673b33a75051e0 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 23:15:56 +0100
Subject: [PATCH 060/249] -Werror fixes for clang

---
 src/context.c          | 2 +-
 src/request-internal.c | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/context.c b/src/context.c
index a3c7aec4..6de1201c 100644
--- a/src/context.c
+++ b/src/context.c
@@ -3472,7 +3472,7 @@ _getdns_context_local_namespace_resolve(
 	getdns_context  *context = dnsreq->context;
 	host_name_addrs *hnas;
 	uint8_t lookup[256];
-	getdns_list    empty_list = { 0 };
+	getdns_list    empty_list = { 0, 0, NULL, { NULL, {{ NULL, NULL, NULL }}}};
 	getdns_bindata bindata;
 	getdns_list   *jaa;
 	size_t         i;
diff --git a/src/request-internal.c b/src/request-internal.c
index 797fde50..fc8f5e12 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -65,20 +65,20 @@
 
 getdns_dict  dnssec_ok_checking_disabled_spc = {
 	{ RBTREE_NULL, 0, (int (*)(const void *, const void *)) strcmp },
-	{ 0 }
+	{ NULL, {{ NULL, NULL, NULL }}}
 };
 getdns_dict *dnssec_ok_checking_disabled = &dnssec_ok_checking_disabled_spc;
 
 getdns_dict  dnssec_ok_checking_disabled_roadblock_avoidance_spc = {
 	{ RBTREE_NULL, 0, (int (*)(const void *, const void *)) strcmp },
-	{ 0 }
+	{ NULL, {{ NULL, NULL, NULL }}}
 };
 getdns_dict *dnssec_ok_checking_disabled_roadblock_avoidance
     = &dnssec_ok_checking_disabled_roadblock_avoidance_spc;
 
 getdns_dict  dnssec_ok_checking_disabled_avoid_roadblocks_spc = {
 	{ RBTREE_NULL, 0, (int (*)(const void *, const void *)) strcmp },
-	{ 0 }
+	{ NULL, {{ NULL, NULL, NULL }}}
 };
 getdns_dict *dnssec_ok_checking_disabled_avoid_roadblocks
     = &dnssec_ok_checking_disabled_avoid_roadblocks_spc;

From 6e9b1b5f53ee53d8bdba74d25c072b9b185195b1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 23:25:53 +0100
Subject: [PATCH 061/249] One more unused when no TCP_FASTOPEN

---
 src/stub.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/stub.c b/src/stub.c
index 9af045ae..ccca6b95 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -379,6 +379,7 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport)
 	if (transport == GETDNS_TRANSPORT_TCP)
 		return fd;
 #elif USE_OSX_TCP_FASTOPEN
+	(void)transport;
 	sa_endpoints_t endpoints;
 	endpoints.sae_srcif = 0;
 	endpoints.sae_srcaddr = NULL;
@@ -394,6 +395,8 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport)
 		}
 	}
 	return fd;
+#else
+	(void)transport;
 #endif
 	if (connect(fd, (struct sockaddr *)&upstream->addr,
 	    upstream->addr_len) == -1) {

From 86341fea0836fbfabff89e14b9e05afcda8edec1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 8 Dec 2016 23:41:49 +0100
Subject: [PATCH 062/249] -Wpedantic -Werror via XTRA_CFLAGS and make

---
 src/Makefile.in                               |  2 +-
 .../tpkg/100-compile.tpkg/100-compile.pre     | 12 +------
 .../tpkg/100-compile.tpkg/100-compile.test    |  2 +-
 .../200-stub-only-compile.pre                 | 12 +------
 .../200-stub-only-compile.test                |  2 +-
 .../300-event-loops-configure.test            | 36 ++++---------------
 .../315-event-loops-compile.dsc               | 16 +++++++++
 .../315-event-loops-compile.post}             |  2 +-
 .../315-event-loops-compile.pre}              |  2 +-
 .../315-event-loops-compile.test}             |  4 +--
 .../320-event-loops-compile.test              |  1 +
 .../323-event-loops-configure.dsc             | 16 ---------
 .../323-event-loops-configure.pre             | 14 --------
 .../323-event-loops-configure.test            | 16 ---------
 .../326-event-loops-compile.dsc               | 16 ---------
 15 files changed, 33 insertions(+), 120 deletions(-)
 create mode 100644 src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.dsc
 rename src/test/tpkg/{326-event-loops-compile.tpkg/326-event-loops-compile.post => 315-event-loops-compile.tpkg/315-event-loops-compile.post} (92%)
 rename src/test/tpkg/{326-event-loops-compile.tpkg/326-event-loops-compile.pre => 315-event-loops-compile.tpkg/315-event-loops-compile.pre} (94%)
 rename src/test/tpkg/{326-event-loops-compile.tpkg/326-event-loops-compile.test => 315-event-loops-compile.tpkg/315-event-loops-compile.test} (75%)
 delete mode 100644 src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.dsc
 delete mode 100644 src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.pre
 delete mode 100644 src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.test
 delete mode 100644 src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.dsc

diff --git a/src/Makefile.in b/src/Makefile.in
index aa5e7fa7..c14afbbb 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -48,7 +48,7 @@ srcdir = @srcdir@
 LIBTOOL = ../libtool
 
 CC=@CC@
-CFLAGS=-I$(srcdir) -I. @CFLAGS@ @CPPFLAGS@
+CFLAGS=-I$(srcdir) -I. @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
 LDFLAGS=@LDFLAGS@ @LIBS@
 
 EXTENSION_LIBEVENT_LIB=@EXTENSION_LIBEVENT_LIB@
diff --git a/src/test/tpkg/100-compile.tpkg/100-compile.pre b/src/test/tpkg/100-compile.tpkg/100-compile.pre
index f0bd9a5c..6b76edba 100644
--- a/src/test/tpkg/100-compile.tpkg/100-compile.pre
+++ b/src/test/tpkg/100-compile.tpkg/100-compile.pre
@@ -25,14 +25,4 @@ done
 rm -fr "${BUILDDIR}/build"
 mkdir  "${BUILDDIR}/build"
 cd "${BUILDDIR}/build"
-if [ -z "$CFLAGS" ]
-then
-	if (echo $*|grep -q CFLAGS)
-	then
-		"${SRCROOT}/configure" $* --prefix "${BUILDDIR}/install"
-	else
-		"${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --prefix "${BUILDDIR}/install"
-	fi
-else
-	"${SRCROOT}/configure" $* --prefix "${BUILDDIR}/install"
-fi
+"${SRCROOT}/configure" $* --prefix "${BUILDDIR}/install"
diff --git a/src/test/tpkg/100-compile.tpkg/100-compile.test b/src/test/tpkg/100-compile.tpkg/100-compile.test
index e527192b..a5539d13 100644
--- a/src/test/tpkg/100-compile.tpkg/100-compile.test
+++ b/src/test/tpkg/100-compile.tpkg/100-compile.test
@@ -5,4 +5,4 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
 cd "${BUILDDIR}/build"
-make
+make XTRA_CFLAGS='-Wpedantic -Werror'
diff --git a/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.pre b/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.pre
index 1aa7252f..46686828 100644
--- a/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.pre
+++ b/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.pre
@@ -25,14 +25,4 @@ done
 rm -fr "${BUILDDIR}/build-stub-only"
 mkdir  "${BUILDDIR}/build-stub-only"
 cd "${BUILDDIR}/build-stub-only"
-if [ -z "$CFLAGS" ]
-then
-	if (echo $*|grep -q CFLAGS)
-	then
-		"${SRCROOT}/configure" $* --enable-stub-only
-	else
-		"${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-stub-only
-	fi
-else
-	"${SRCROOT}/configure" $* --enable-stub-only
-fi
+"${SRCROOT}/configure" $* --enable-stub-only
diff --git a/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.test b/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.test
index 369379c4..421d5483 100644
--- a/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.test
+++ b/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.test
@@ -5,4 +5,4 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
 cd "${BUILDDIR}/build-stub-only"
-make
+make XTRA_CFLAGS='-Wpedantic -Werror'
diff --git a/src/test/tpkg/300-event-loops-configure.tpkg/300-event-loops-configure.test b/src/test/tpkg/300-event-loops-configure.tpkg/300-event-loops-configure.test
index 5242e211..5da09cd9 100644
--- a/src/test/tpkg/300-event-loops-configure.tpkg/300-event-loops-configure.test
+++ b/src/test/tpkg/300-event-loops-configure.tpkg/300-event-loops-configure.test
@@ -7,32 +7,10 @@
 rm -fr "${BUILDDIR}/build-event-loops"
 mkdir  "${BUILDDIR}/build-event-loops"
 cd "${BUILDDIR}/build-event-loops"
-if [ -z "$CFLAGS" ]
-then
-	if (echo $*|grep -q CFLAGS)
-	then
-		"${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
-		    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
-		    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
-		    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
-		    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent \
-		    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev \
-		    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libuv
-	else
-		"${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
-		    || "${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
-		    || "${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
-		    || "${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
-		    || "${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libevent \
-		    || "${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libev \
-		    || "${SRCROOT}/configure" CFLAGS="-Wpedantic -Werror" $* --enable-all-drafts --with-getdns_query --with-libuv
-	fi
-else
-	"${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
-	    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
-	    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
-	    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
-	    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent \
-	    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev \
-	    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libuv
-fi
+"${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev \
+    || "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libuv
diff --git a/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.dsc b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.dsc
new file mode 100644
index 00000000..82cbdb8c
--- /dev/null
+++ b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.dsc
@@ -0,0 +1,16 @@
+BaseName: 315-event-loops-compile
+Version: 1.0
+Description: Compile
+CreationDate: do  8 dec 2016 23:38:18 CET
+Maintainer: Willem Toorop
+Category: 
+Component:
+CmdDepends: 
+Depends: 300-event-loops-configure.tpkg
+Help:
+Pre: 315-event-loops-compile.pre
+Post: 315-event-loops-compile.post
+Test: 315-event-loops-compile.test
+AuxFiles: 
+Passed:
+Failure:
diff --git a/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.post b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.post
similarity index 92%
rename from src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.post
rename to src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.post
index d8029117..4d5f4293 100644
--- a/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.post
+++ b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.post
@@ -1,4 +1,4 @@
-# #-- 326-event-loops-compile.post --#
+# #-- 315-event-loops-compile.post --#
 # source the master var file when it's there
 if [ -f ../.tpkg.var.master ]
 then
diff --git a/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.pre b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.pre
similarity index 94%
rename from src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.pre
rename to src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.pre
index a4ef762d..4ec46299 100644
--- a/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.pre
+++ b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.pre
@@ -1,4 +1,4 @@
-# #-- 326-event-loops-compile.pre--#
+# #-- 315-event-loops-compile.pre--#
 # source the master var file when it's there
 if [ -f ../.tpkg.var.master ]
 then
diff --git a/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.test b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.test
similarity index 75%
rename from src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.test
rename to src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.test
index 217cfd35..227bb1fc 100644
--- a/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.test
+++ b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.test
@@ -1,8 +1,8 @@
-# #-- 326-event-loops-compile.test --#
+# #-- 315-event-loops-compile.test --#
 # source the master var file when it's there
 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
 # use .tpkg.var.test for in test variable passing
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
 cd "${BUILDDIR}/build-event-loops"
-make
+make XTRA_CFLAGS='-Wpedantic -Werror'
diff --git a/src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.test b/src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.test
index 055f8f9b..aa19d023 100644
--- a/src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.test
+++ b/src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.test
@@ -5,4 +5,5 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
 cd "${BUILDDIR}/build-event-loops"
+make clean
 make
diff --git a/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.dsc b/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.dsc
deleted file mode 100644
index 3d1dec87..00000000
--- a/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.dsc
+++ /dev/null
@@ -1,16 +0,0 @@
-BaseName: 323-event-loops-configure
-Version: 1.0
-Description: Configure for maximum coverage
-CreationDate: do  8 dec 2016 16:21:08 CET
-Maintainer: Willem Toorop
-Category: 
-Component:
-CmdDepends: 
-Depends: 
-Help:
-Pre: 323-event-loops-configure.pre
-Post:
-Test: 323-event-loops-configure.test
-AuxFiles: 
-Passed:
-Failure:
diff --git a/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.pre b/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.pre
deleted file mode 100644
index a8423666..00000000
--- a/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.pre
+++ /dev/null
@@ -1,14 +0,0 @@
-# #-- 323-event-loops-configure.pre--#
-# source the master var file when it's there
-if [ -f ../.tpkg.var.master ]
-then
-	source ../.tpkg.var.master
-else
-	(
-		cd ..
-		[ -f  "${TPKG_SRCDIR}/setup-env.sh" ] \
-		    && sh "${TPKG_SRCDIR}/setup-env.sh" 
-	) && source ../.tpkg.var.master
-fi
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
diff --git a/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.test b/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.test
deleted file mode 100644
index b54bd321..00000000
--- a/src/test/tpkg/323-event-loops-configure.tpkg/323-event-loops-configure.test
+++ /dev/null
@@ -1,16 +0,0 @@
-# #-- 323-event-loops-configure.test --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-rm -fr "${BUILDDIR}/build-event-loops"
-mkdir  "${BUILDDIR}/build-event-loops"
-cd "${BUILDDIR}/build-event-loops"
-"${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libevent --with-libev --with-libuv \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libevent --with-libev \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libevent --with-libuv \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libev --with-libuv \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libevent \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libev \
-    || "${SRCROOT}/configure" $* --enable-all-drafts --enable-all-debugging --with-getdns_query --with-libuv
diff --git a/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.dsc b/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.dsc
deleted file mode 100644
index c4760a36..00000000
--- a/src/test/tpkg/326-event-loops-compile.tpkg/326-event-loops-compile.dsc
+++ /dev/null
@@ -1,16 +0,0 @@
-BaseName: 326-event-loops-compile
-Version: 1.0
-Description: Compile
-CreationDate: do  8 dec 2016 16:21:21 CET
-Maintainer: Willem Toorop
-Category: 
-Component:
-CmdDepends: 
-Depends: 300-event-loops-configure.tpkg
-Help:
-Pre: 326-event-loops-compile.pre
-Post: 326-event-loops-compile.post
-Test: 326-event-loops-compile.test
-AuxFiles: 
-Passed:
-Failure:

From 1a26b884ee63f21fa21073843c32432910413538 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 9 Dec 2016 00:16:24 +0100
Subject: [PATCH 063/249] Check for -W* support before use

---
 configure.ac                                  |  8 +++-
 src/Makefile.in                               | 28 +++++++-------
 src/test/Makefile.in                          | 37 ++++++++++---------
 .../tpkg/100-compile.tpkg/100-compile.test    |  2 +-
 .../200-stub-only-compile.test                |  2 +-
 .../315-event-loops-compile.test              |  2 +-
 6 files changed, 44 insertions(+), 35 deletions(-)

diff --git a/configure.ac b/configure.ac
index ea2f1ab7..f68aaf36 100644
--- a/configure.ac
+++ b/configure.ac
@@ -95,10 +95,16 @@ AC_PROG_CPP
 AC_CANONICAL_HOST
 
 CFLAGS="$CFLAGS"
+WPEDANTICFLAG=""
+WNOERRORFLAG=""
 AC_PROG_CC_C99
 AX_CHECK_COMPILE_FLAG([-xc99],[CFLAGS="$CFLAGS -xc99"],[],[])
 AX_CHECK_COMPILE_FLAG([-Wall],[CFLAGS="$CFLAGS -Wall"],[],[])
-AX_CHECK_COMPILE_FLAG([-Wall],[CFLAGS="$CFLAGS -Wextra"],[],[])
+AX_CHECK_COMPILE_FLAG([-Wextra],[CFLAGS="$CFLAGS -Wextra"],[],[])
+AX_CHECK_COMPILE_FLAG([-Wpedantic],[WPEDANTICFLAG="-Wpedantic"],[],[])
+AX_CHECK_COMPILE_FLAG([-Wno-error=unused-parameter],[WNOERRORFLAG="-Wno-error=unused-parameter"],[],[])
+AC_SUBST(WPEDANTICFLAG)
+AC_SUBST(WNOERRORFLAG)
 
 case "$host_os" in
   linux* ) CFLAGS="$CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE"
diff --git a/src/Makefile.in b/src/Makefile.in
index c14afbbb..fb637e3e 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -49,6 +49,8 @@ LIBTOOL = ../libtool
 
 CC=@CC@
 CFLAGS=-I$(srcdir) -I. @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
+WPEDANTICFLAG=@WPEDANTICFLAG@
+WNOERRORFLAG=@WNOERRORFLAG@
 LDFLAGS=@LDFLAGS@ @LIBS@
 
 EXTENSION_LIBEVENT_LIB=@EXTENSION_LIBEVENT_LIB@
@@ -83,35 +85,35 @@ NON_C99_OBJS=context.lo libuv.lo
 .SUFFIXES: .c .o .a .lo .h
 
 .c.o:
-	$(CC) $(CFLAGS) -c $< -o $@
+	$(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $< -o $@
 
 .c.lo:
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $< -o $@
 
 default: all
 
 all: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB)
 
 $(GETDNS_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/$(@:.lo=.c) -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/$(@:.lo=.c) -o $@
 
 $(GLDNS_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/gldns/$(@:.lo=.c) -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/gldns/$(@:.lo=.c) -o $@
 
 $(COMPAT_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -Wno-error=pedantic -c $(srcdir)/compat/$(@:.lo=.c) -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/compat/$(@:.lo=.c) -o $@
 
 $(UTIL_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -Wno-error=pedantic -Wno-error=unused-parameter -c $(srcdir)/util/$(@:.lo=.c) -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WNOERRORFLAG) -c $(srcdir)/util/$(@:.lo=.c) -o $@
 
 $(EXTENSION_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/extension/$(@:.lo=.c) -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/extension/$(@:.lo=.c) -o $@
 
 context.lo:
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(C99COMPATFLAGS) -c $(srcdir)/context.c -o context.lo
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/context.c -o context.lo
 
 libuv.lo:
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(C99COMPATFLAGS) -c $(srcdir)/extension/libuv.c -o libuv.lo
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/extension/libuv.c -o libuv.lo
 
 install:	libgetdns.la
 	$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)
@@ -134,18 +136,18 @@ uninstall:
 	if test $(have_libev) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEV_LIB) ; fi
 
 libgetdns_ext_event.la: libgetdns.la libevent.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ libevent.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libevent.symbols
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libevent.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libevent.symbols
 
 libgetdns_ext_uv.la: libgetdns.la libuv.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ libuv.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBUV_LDFLAGS) $(EXTENSION_LIBUV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libuv.symbols
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libuv.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBUV_LDFLAGS) $(EXTENSION_LIBUV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libuv.symbols
 
 
 libgetdns_ext_ev.la: libgetdns.la libev.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ libev.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libev.symbols
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libev.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libev.symbols
 
 
 libgetdns.la: $(GETDNS_OBJ) version.lo context.lo default_eventloop.lo $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ)
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ $(GETDNS_OBJ) version.lo context.lo default_eventloop.lo $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo default_eventloop.lo $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
 
 
 test:	all
diff --git a/src/test/Makefile.in b/src/test/Makefile.in
index 797f2e6e..ff4e800f 100644
--- a/src/test/Makefile.in
+++ b/src/test/Makefile.in
@@ -57,7 +57,8 @@ CHECK_EVENT_PROG=@CHECK_EVENT_PROG@
 CHECK_EV_PROG=@CHECK_EV_PROG@
 
 CC=@CC@
-CFLAGS=-I$(srcdir)/.. -I$(srcdir) -I.. $(cflags) @CFLAGS@ @CPPFLAGS@
+CFLAGS=-I$(srcdir)/.. -I$(srcdir) -I.. $(cflags) @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
+WPEDANTICFLAG=@WPEDANTICFLAG@
 LDFLAGS=-L.. @LDFLAGS@
 LDLIBS=../libgetdns.la @LIBS@
 CHECK_LIBS=@CHECK_LIBS@
@@ -85,59 +86,59 @@ PROGRAMS=tests_dict tests_list tests_namespaces tests_stub_async tests_stub_sync
 .SUFFIXES: .c .o .a .lo .h
 
 .c.o:
-	$(CC) $(CFLAGS) -c $< -o $@
+	$(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $< -o $@
 
 .c.lo:
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $< -o $@
 
 default: all
 
 all: $(PROGRAMS)
 
 jsmn.lo:
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -DJSMN_GETDNS -c $(srcdir)/jsmn/jsmn.c -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -DJSMN_GETDNS -c $(srcdir)/jsmn/jsmn.c -o $@
 
 $(ALL_OBJS):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/$(@:.lo=.c) -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/$(@:.lo=.c) -o $@
 
 $(NON_C99_OBJS):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -D_POSIX_C_SOURCE=200112L -D_XOPEN_SOURCE=600 -c $(srcdir)/$(@:.lo=.c) -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -D_POSIX_C_SOURCE=200112L -D_XOPEN_SOURCE=600 -c $(srcdir)/$(@:.lo=.c) -o $@
 
 tests_dict: tests_dict.lo testmessages.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) -o $@ tests_dict.lo testmessages.lo
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(LDFLAGS) $(LDLIBS) -o $@ tests_dict.lo testmessages.lo
 
 tests_list: tests_list.lo testmessages.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) -o $@ tests_list.lo testmessages.lo
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(LDFLAGS) $(LDLIBS) -o $@ tests_list.lo testmessages.lo
 
 tests_namespaces: tests_namespaces.lo 
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) -o $@ tests_namespaces.lo 
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(LDFLAGS) $(LDLIBS) -o $@ tests_namespaces.lo 
 
 tests_stub_async: tests_stub_async.lo testmessages.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) -o $@ tests_stub_async.lo testmessages.lo
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(LDFLAGS) $(LDLIBS) -o $@ tests_stub_async.lo testmessages.lo
 
 tests_stub_sync: tests_stub_sync.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) -o $@ tests_stub_sync.lo
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(LDFLAGS) $(LDLIBS) -o $@ tests_stub_sync.lo
 
 check_getdns_common: check_getdns_common.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) -o $@ check_getdns_common.lo
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(LDFLAGS) $(LDLIBS) -o $@ check_getdns_common.lo
 
 check_getdns: check_getdns.lo check_getdns_common.lo check_getdns_context_set_timeout.lo check_getdns_transport.lo check_getdns_selectloop.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) $(CHECK_CFLAGS) $(CHECK_LIBS) -o $@ check_getdns.lo check_getdns_common.lo  check_getdns_context_set_timeout.lo check_getdns_transport.lo check_getdns_selectloop.lo
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(LDFLAGS) $(LDLIBS) $(CHECK_LIBS) -o $@ check_getdns.lo check_getdns_common.lo  check_getdns_context_set_timeout.lo check_getdns_transport.lo check_getdns_selectloop.lo
 
 check_getdns_event: check_getdns.lo check_getdns_common.lo check_getdns_context_set_timeout.lo check_getdns_transport.lo check_getdns_libevent.lo ../libgetdns_ext_event.la
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ check_getdns.lo check_getdns_common.lo check_getdns_context_set_timeout.lo check_getdns_transport.lo check_getdns_libevent.lo $(LDFLAGS) $(LDLIBS) $(CHECK_CFLAGS) $(CHECK_LIBS) ../libgetdns_ext_event.la $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS)
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ check_getdns.lo check_getdns_common.lo check_getdns_context_set_timeout.lo check_getdns_transport.lo check_getdns_libevent.lo $(LDFLAGS) $(LDLIBS) $(CHECK_LIBS) ../libgetdns_ext_event.la $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS)
 
 check_getdns_uv: check_getdns.lo check_getdns_common.lo check_getdns_context_set_timeout.lo check_getdns_transport.lo check_getdns_libuv.lo ../libgetdns_ext_uv.la
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ check_getdns.lo check_getdns_common.lo check_getdns_context_set_timeout.lo check_getdns_transport.lo check_getdns_libuv.lo $(LDFLAGS) $(LDLIBS) $(CHECK_CFLAGS) $(CHECK_LIBS) ../libgetdns_ext_uv.la $(EXTENSION_LIBUV_LDFLAGS) $(EXTENSION_LIBUV_EXT_LIBS)
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ check_getdns.lo check_getdns_common.lo check_getdns_context_set_timeout.lo check_getdns_transport.lo check_getdns_libuv.lo $(LDFLAGS) $(LDLIBS) $(CHECK_LIBS) ../libgetdns_ext_uv.la $(EXTENSION_LIBUV_LDFLAGS) $(EXTENSION_LIBUV_EXT_LIBS)
 
 check_getdns_ev: check_getdns.lo check_getdns_common.lo check_getdns_context_set_timeout.lo check_getdns_transport.lo check_getdns_libev.lo ../libgetdns_ext_ev.la
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ check_getdns.lo check_getdns_common.lo check_getdns_context_set_timeout.lo check_getdns_transport.lo check_getdns_libev.lo $(LDFLAGS) $(LDLIBS) $(CHECK_CFLAGS) $(CHECK_LIBS) ../libgetdns_ext_ev.la $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS)
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ check_getdns.lo check_getdns_common.lo check_getdns_context_set_timeout.lo check_getdns_transport.lo check_getdns_libev.lo $(LDFLAGS) $(LDLIBS) $(CHECK_LIBS) ../libgetdns_ext_ev.la $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS)
 
 getdns_query: getdns_query.lo $(DECOMPOSED_OBJS)
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(DECOMPOSED_OBJS) $(LDFLAGS) $(LDLIBS)
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ getdns_query.lo $(DECOMPOSED_OBJS) $(LDFLAGS) $(LDLIBS)
 
 scratchpad: scratchpad.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ scratchpad.lo $(LDFLAGS) $(LDLIBS)
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ scratchpad.lo $(LDFLAGS) $(LDLIBS)
 
 scratchpad.lo: scratchpad.c
 
diff --git a/src/test/tpkg/100-compile.tpkg/100-compile.test b/src/test/tpkg/100-compile.tpkg/100-compile.test
index a5539d13..819c1bb3 100644
--- a/src/test/tpkg/100-compile.tpkg/100-compile.test
+++ b/src/test/tpkg/100-compile.tpkg/100-compile.test
@@ -5,4 +5,4 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
 cd "${BUILDDIR}/build"
-make XTRA_CFLAGS='-Wpedantic -Werror'
+make XTRA_CFLAGS='-Werror'
diff --git a/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.test b/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.test
index 421d5483..144fea4b 100644
--- a/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.test
+++ b/src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.test
@@ -5,4 +5,4 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
 cd "${BUILDDIR}/build-stub-only"
-make XTRA_CFLAGS='-Wpedantic -Werror'
+make XTRA_CFLAGS='-Werror'
diff --git a/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.test b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.test
index 227bb1fc..7a420026 100644
--- a/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.test
+++ b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.test
@@ -5,4 +5,4 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
 cd "${BUILDDIR}/build-event-loops"
-make XTRA_CFLAGS='-Wpedantic -Werror'
+make XTRA_CFLAGS='-Werror'

From 3428412629470117da1c0755822cf6b1f292b971 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 9 Dec 2016 12:13:36 +0100
Subject: [PATCH 064/249] Some more minor merge fixes

---
 src/context.c | 2 +-
 src/dnssec.c  | 2 +-
 src/general.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/context.c b/src/context.c
index 17e4fb2d..7fcca880 100644
--- a/src/context.c
+++ b/src/context.c
@@ -3404,7 +3404,7 @@ _get_context_settings(getdns_context* context)
 		if (!(list = getdns_list_create_with_context(context)))
 			goto error;
 
-		for (i = 0; (int) i < context->namespace_count; ++i) {
+		for (i = 0; i < context->namespace_count; ++i) {
 			if (getdns_list_set_int(list, i,
 			    context->namespaces[i])) {
 				getdns_list_destroy(list);
diff --git a/src/dnssec.c b/src/dnssec.c
index ec4c9199..2312a286 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1211,7 +1211,7 @@ static size_t _rr_uncompressed_rdata_size(_getdns_rrtype_iter *rr)
 static size_t _rr_rdata_size(_getdns_rrtype_iter *rr)
 {
 	const _getdns_rr_def *rr_def;
-	int i;
+	size_t i;
 
 	rr_def = _getdns_rr_def_lookup(gldns_read_uint16(rr->rr_i.rr_type));
 
diff --git a/src/general.c b/src/general.c
index 3dd7e493..99e4cff5 100644
--- a/src/general.c
+++ b/src/general.c
@@ -420,7 +420,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 	getdns_network_req *netreq, **netreq_p;
 	getdns_dns_req *req;
 	getdns_dict *localnames_response;
-	int i;
+	size_t i;
 
 	if (!context || !name || (!callbackfn && !internal_cb))
 		return GETDNS_RETURN_INVALID_PARAMETER;

From 4345905a81f683b98d2b356e05032cb2f2ce072b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 9 Dec 2016 12:57:47 +0100
Subject: [PATCH 065/249] Address things that came out of VS static analysis

Except for the stack usage cases
---
 src/context.c                     | 2 +-
 src/dnssec.c                      | 8 ++++++++
 src/extension/default_eventloop.c | 2 +-
 src/list.c                        | 3 +++
 4 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/context.c b/src/context.c
index 7fcca880..7d542c45 100644
--- a/src/context.c
+++ b/src/context.c
@@ -419,7 +419,7 @@ sockaddr_dict(getdns_context *context, struct sockaddr *sa)
 			break;
 
 		port = ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
-		if (port != GETDNS_PORT_DNS && port != GETDNS_PORT_DNS &&
+		if (port != GETDNS_PORT_ZERO && port != GETDNS_PORT_DNS &&
 		    getdns_dict_set_int(address, "port", (uint32_t)port))
 			break;
 
diff --git a/src/dnssec.c b/src/dnssec.c
index 2312a286..51d566f2 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -616,6 +616,11 @@ static chain_head *add_rrset2val_chain(struct mem_funcs *mf,
 	head->node_count = node_count;
 
 	if (!node_count) {
+		/* When this head has no nodes of itself, it must have found
+		 * another head which has nodes for its labels (i.e. max_head)
+		 */
+		assert(max_head != NULL);
+
 		head->parent = max_head->parent;
 		return head;
 	}
@@ -1090,6 +1095,9 @@ static void val_chain_node_soa_cb(getdns_dns_req *dnsreq)
 	_getdns_rrset *rrset;
 
 	_getdns_context_clear_outbound_request(dnsreq);
+	/* A SOA query is always scheduled with a node as the user argument.
+	 */
+	assert(node != NULL);
 
 	for ( i = _getdns_rrset_iter_init(&i_spc, netreq->response
 	                                        , netreq->response_len
diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index ce010bc0..c27dacde 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -126,7 +126,7 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 	DEBUG_SCHED( "%s(loop: %p, event: %p)\n", __FUNCTION__, loop, event);
 
 	i = (intptr_t)event->ev - 1;
-	if (i < 0 || i > FD_SETSIZE) {
+	if (i < 0 || i >= FD_SETSIZE) {
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
 	if (event->timeout_cb && !event->read_cb && !event->write_cb) {
diff --git a/src/list.c b/src/list.c
index 4a73b63f..7a7d3e38 100644
--- a/src/list.c
+++ b/src/list.c
@@ -353,6 +353,9 @@ _getdns_list_copy(const struct getdns_list * srclist,
 			retval = _getdns_list_append_dict(*dstlist,
 			    srclist->items[i].data.dict);
 			break;
+		default:
+			retval = GETDNS_RETURN_WRONG_TYPE_REQUESTED;
+			break;
 		}
 		if (retval != GETDNS_RETURN_GOOD) {
 			getdns_list_destroy(*dstlist);

From 9fb11368a5cf8f8ba7a389302f10f4e8343786c1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 9 Dec 2016 13:52:00 +0100
Subject: [PATCH 066/249] dependencies

---
 src/Makefile.in      | 8 +++++---
 src/test/Makefile.in | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index fb637e3e..02e8a0b7 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -318,6 +318,7 @@ getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c conf
 getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h
 getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
 getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
+gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c config.h
 inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
 inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
 sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
@@ -326,9 +327,10 @@ rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcd
  $(srcdir)/util/fptr_wlist.h $(srcdir)/util/rbtree.h
 val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/log.h \
  $(srcdir)/debug.h config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/gbuffer.h
-default_eventloop.lo default_eventloop.o: $(srcdir)/extension/default_eventloop.c \
- $(srcdir)/extension/default_eventloop.h config.h getdns/getdns.h \
- getdns/getdns_extra.h $(srcdir)/debug.h config.h
+default_eventloop.lo default_eventloop.o: $(srcdir)/extension/default_eventloop.c config.h \
+ $(srcdir)/extension/default_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/debug.h config.h $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h
 libev.lo libev.o: $(srcdir)/extension/libev.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
  getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
  $(srcdir)/getdns/getdns_ext_libev.h getdns/getdns_extra.h
diff --git a/src/test/Makefile.in b/src/test/Makefile.in
index ff4e800f..afb807c5 100644
--- a/src/test/Makefile.in
+++ b/src/test/Makefile.in
@@ -280,7 +280,7 @@ getdns_context_set_listen_addresses.lo getdns_context_set_listen_addresses.o: \
  $(srcdir)/getdns_context_set_listen_addresses.c ../config.h \
  $(srcdir)/getdns_context_set_listen_addresses.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h $(srcdir)/../types-internal.h ../getdns/getdns.h \
- ../getdns/getdns_extra.h $(srcdir)/../util/rbtree.h
+ ../getdns/getdns_extra.h $(srcdir)/../util/rbtree.h $(srcdir)/../debug.h ../config.h
 getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c ../config.h $(srcdir)/../debug.h ../config.h \
  $(srcdir)/getdns_str2dict.h ../getdns/getdns.h $(srcdir)/getdns_context_config.h \
  $(srcdir)/getdns_context_set_listen_addresses.h ../getdns/getdns_extra.h

From bb9ae2dfa16388800f1b333bb1a95e6147d0067c Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 9 Dec 2016 13:53:22 +0100
Subject: [PATCH 067/249] Fix use of potentially uninitialized variable next

---
 src/pubkey-pinning.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/pubkey-pinning.c b/src/pubkey-pinning.c
index 53c15fdf..d9c57fcd 100644
--- a/src/pubkey-pinning.c
+++ b/src/pubkey-pinning.c
@@ -407,7 +407,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 
 	/* TODO: how do we handle raw public keys? */
 
-	for (i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++) {
+	for (i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++, prev = x) {
 
 		x = sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i);
 #if defined(STUB_DEBUG) && STUB_DEBUG
@@ -459,7 +459,6 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 			} else
 				DEBUG_STUB("%s %-35s: Pubkey %d did not match pin %p\n",
 					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, p);
-		prev = x;
 	}
 
 	return ret;

From 8b454afb80209431e7de98521fa26048f4bc73fa Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 9 Dec 2016 13:57:42 +0100
Subject: [PATCH 068/249] dependencies

---
 spec/example/Makefile.in | 24 ++++++++----------------
 src/tools/Makefile.in    |  7 ++-----
 2 files changed, 10 insertions(+), 21 deletions(-)

diff --git a/spec/example/Makefile.in b/spec/example/Makefile.in
index 8ff7f2d1..7bf5e016 100644
--- a/spec/example/Makefile.in
+++ b/spec/example/Makefile.in
@@ -149,24 +149,16 @@ depend:
 
 # Dependencies for the examples
 example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
-example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/config.h ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
+example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h ../../src/config.h \
+ ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
 example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
+ ../../src/config.h ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
 example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
  ../../src/getdns/getdns.h
-example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h ../../src/config.h \
+ ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index b1a25720..219753ac 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -112,8 +112,5 @@ depend:
 .PHONY: clean test
 
 # Dependencies for getdns_query
-getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c \
- ../config.h \
- $(srcdir)/../debug.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
+getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c ../config.h $(srcdir)/../debug.h ../config.h \
+ ../getdns/getdns.h ../getdns/getdns_extra.h

From 1264099be76955caf255cfb48cc6a7a0f2dcbf4b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 9 Dec 2016 14:02:27 +0100
Subject: [PATCH 069/249] Pedantic warnings and XTRA_CFLAGS for tools too

---
 src/tools/Makefile.in | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index 219753ac..d98cf437 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -40,7 +40,8 @@ LIBTOOL = ../../libtool
 srcdir = @srcdir@
 
 CC=@CC@
-CFLAGS=-I$(srcdir)/.. -I$(srcdir) -I.. $(cflags) @CFLAGS@ @CPPFLAGS@
+WPEDANTICFLAG=@WPEDANTICFLAG@
+CFLAGS=-I$(srcdir)/.. -I$(srcdir) -I.. $(cflags) @CFLAGS@ @CPPFLAGS@ $(WPEDANTICFLAG) $(XTRA_CFLAGS)
 LDFLAGS=-L.. @LDFLAGS@
 LDLIBS=../libgetdns.la @LIBS@
 

From 7b58dc25a6324227a2795845e178dd5d2150cad3 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Wed, 7 Dec 2016 17:01:03 +0000
Subject: [PATCH 070/249] - Fix bug where a self signed cert + only a pinset
 would not authenticate - Add OARC servers with pinset only to stubby.conf -
 Move Authentication strings to types_internal for use in call_debugging - Add
 connection counts to call_debugging -

---
 src/context.c         |  9 ---------
 src/stub.c            | 43 +++++++++++++++++++++++++++++--------------
 src/tools/stubby.conf | 12 ++++++++++++
 src/types-internal.h  |  7 +++++++
 src/util-internal.c   | 38 +++++++++++++++++++++++++++++++++++---
 5 files changed, 83 insertions(+), 26 deletions(-)

diff --git a/src/context.c b/src/context.c
index 20dea912..275faaca 100644
--- a/src/context.c
+++ b/src/context.c
@@ -699,15 +699,6 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
 	GETDNS_FREE(upstreams->mf, upstreams);
 }
 
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-static char*
-getdns_auth_str_array[] = {
-	GETDNS_STR_AUTH_NONE,
-	GETDNS_STR_AUTH_FAILED,
-	GETDNS_STR_AUTH_OK
-};
-#endif
-
 void
 _getdns_upstream_shutdown(getdns_upstream *upstream)
 {
diff --git a/src/stub.c b/src/stub.c
index 30915709..4f3cff73 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -862,29 +862,30 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	if (!upstream)
 		return 0;
 
-#if defined(STUB_DEBUG) && STUB_DEBUG || defined(X509_V_ERR_HOSTNAME_MISMATCH)
-	int     err = X509_STORE_CTX_get_error(ctx);
-
+	int err = X509_STORE_CTX_get_error(ctx);
+#if defined(STUB_DEBUG) && STUB_DEBUG
 	DEBUG_STUB("%s %-35s: FD:  %d Verify result: (%d) \"%s\"\n",
 	            STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd, err,
 	            X509_verify_cert_error_string(err));
 #endif
 
+	/* First deal with the hostname authentication done by OpenSSL. */
 #ifdef X509_V_ERR_HOSTNAME_MISMATCH
 	/*Report if error is hostname mismatch*/
-	if (err == X509_V_ERR_HOSTNAME_MISMATCH) {
-		upstream->tls_auth_state = GETDNS_AUTH_FAILED;
-		if (upstream->tls_fallback_ok) 
-			DEBUG_STUB("%s %-35s: FD:  %d WARNING: Proceeding even though hostname validation failed!\n",
-			           STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd);
-	}
+	if (err == X509_V_ERR_HOSTNAME_MISMATCH && upstream->tls_fallback_ok)
+		DEBUG_STUB("%s %-35s: FD:  %d WARNING: Proceeding even though hostname validation failed!\n",
+		           STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd);
 #else
 	/* if we weren't built against OpenSSL with hostname matching we
 	 * could not have matched the hostname, so this would be an automatic
 	 * tls_auth_fail if there is a hostname provided*/
-	if (upstream->tls_auth_name[0])
+	if (upstream->tls_auth_name[0]) {
 		upstream->tls_auth_state = GETDNS_AUTH_FAILED;
+		preverify_ok == 0;
+	}
 #endif
+
+	/* Now deal with the pinset validation*/
 	if (upstream->tls_pubkey_pinset)
 		pinset_ret = _getdns_verify_pinset_match(upstream->tls_pubkey_pinset, ctx);
 
@@ -896,10 +897,23 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 		if (upstream->tls_fallback_ok)
 			DEBUG_STUB("%s %-35s: FD:  %d, WARNING: Proceeding even though pinset validation failed!\n",
 			            STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd);
+	} else {
+		/* If we _only_ had a pinset and it is good then force succesful
+		   authentication when the cert self-signed */
+		if ((upstream->tls_pubkey_pinset && upstream->tls_auth_name[0] == '\0') &&
+		     (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
+		      err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)) {
+			preverify_ok = 1;
+			DEBUG_STUB("%s %-35s: FD:  %d, Allowing self-signed (%d) cert since pins match\n",
+		           STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd, err);
+		}
 	}
+
 	/* If nothing has failed yet and we had credentials, we have succesfully authenticated*/
-	if (upstream->tls_auth_state == GETDNS_AUTH_NONE &&
-	   (upstream->tls_pubkey_pinset || upstream->tls_auth_name[0]))
+	if (preverify_ok == 0)
+		upstream->tls_auth_state = GETDNS_AUTH_FAILED;
+	else if (upstream->tls_auth_state == GETDNS_AUTH_NONE &&
+	         (upstream->tls_pubkey_pinset || upstream->tls_auth_name[0]))
 		upstream->tls_auth_state = GETDNS_AUTH_OK;
 	/* If fallback is allowed, proceed regardless of what the auth error is
 	   (might not be hostname or pinset related) */
@@ -1044,8 +1058,9 @@ tls_do_handshake(getdns_upstream *upstream)
 	/* A re-used session is not verified so need to fix up state in that case */
 	if (SSL_session_reused(upstream->tls_obj))
 		upstream->tls_auth_state = upstream->last_tls_auth_state;
-	DEBUG_STUB("%s %-35s: FD:  %d Handshake succeeded with auth state %d. Session is %s.\n", 
-		         STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd, upstream->tls_auth_state,
+	DEBUG_STUB("%s %-35s: FD:  %d Handshake succeeded with auth state %s. Session is %s.\n", 
+		         STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd, 
+		         getdns_auth_str_array[upstream->tls_auth_state],
 		         SSL_session_reused(upstream->tls_obj) ?"re-used":"new");
 	if (upstream->tls_session != NULL)
 	    SSL_SESSION_free(upstream->tls_session);
diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf
index 3d3fd30e..5deb03db 100644
--- a/src/tools/stubby.conf
+++ b/src/tools/stubby.conf
@@ -42,6 +42,18 @@
       [ { digest: "sha256"
         , value: 0x7e8c59467221f606695a797ecc488a6b4109dab7421aba0c5a6d3681ac5273d4
       } ]
+    },
+    { address_data: 184.105.193.78
+    , tls_pubkey_pinset:
+      [ { digest: "sha256"
+        , value: 0xA4E5EBA54B7D9203E06D6C411457014DB447DA17A8DB01F05E9D5F7780045572
+      } ]
+    },
+    { address_data: 2620:ff:c000:0:1::64:25
+    , tls_pubkey_pinset:
+      [ { digest: "sha256"
+        , value: 0xA4E5EBA54B7D9203E06D6C411457014DB447DA17A8DB01F05E9D5F7780045572
+      } ]
     }
   ]
 , tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
diff --git a/src/types-internal.h b/src/types-internal.h
index 06eea0da..068cf282 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -67,6 +67,13 @@ typedef enum getdns_auth_state {
 #define GETDNS_STR_AUTH_FAILED "Failed"
 #define GETDNS_STR_AUTH_OK "Success"
 
+static char*
+getdns_auth_str_array[] = {
+	GETDNS_STR_AUTH_NONE,
+	GETDNS_STR_AUTH_FAILED,
+	GETDNS_STR_AUTH_OK
+};
+
 struct getdns_context;
 struct getdns_upstreams;
 struct getdns_upstream;
diff --git a/src/util-internal.c b/src/util-internal.c
index 1fbd9632..a7c588ba 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -838,6 +838,16 @@ _getdns_create_call_reporting_dict(
 	   was actually used for the last successful query.*/
 	if (transport == GETDNS_TRANSPORT_TCP && netreq->debug_udp == 1) {
 		transport = GETDNS_TRANSPORT_UDP;
+		if (getdns_dict_set_int( netreq_debug, "udp_responses_for_this_upstream",
+		                         netreq->upstream->udp_responses)) {
+			getdns_dict_destroy(netreq_debug);
+			return NULL;
+		}
+		if (getdns_dict_set_int( netreq_debug, "udp_timeouts_for_this_upstream",
+		                         netreq->upstream->udp_timeouts)) {
+			getdns_dict_destroy(netreq_debug);
+			return NULL;
+		}
 	}
 	if (getdns_dict_set_int( netreq_debug, "transport", transport)) {
 		getdns_dict_destroy(netreq_debug);
@@ -858,16 +868,38 @@ _getdns_create_call_reporting_dict(
 				return NULL;
 			}
 		}
+		/* The running totals are only updated when a connection is closed.
+		   Since it is open as we have just used it, calcualte the value on the fly */
+		if (getdns_dict_set_int( netreq_debug, "responses_on_this_connection",
+		                         netreq->upstream->responses_received)) {
+			getdns_dict_destroy(netreq_debug);
+			return NULL;
+		}
+		if (getdns_dict_set_int( netreq_debug, "timeouts_on_this_connection",
+		                         netreq->upstream->responses_timeouts)) {
+			getdns_dict_destroy(netreq_debug);
+			return NULL;
+		}
+		if (getdns_dict_set_int( netreq_debug, "responses_for_this_upstream",
+		                         netreq->upstream->responses_received + 
+		                         netreq->upstream->total_responses)) {
+			getdns_dict_destroy(netreq_debug);
+			return NULL;
+		}
+		if (getdns_dict_set_int( netreq_debug, "timeouts_for_this_upstream",
+		                         netreq->upstream->responses_timeouts +
+		                         netreq->upstream->total_timeouts)) {
+			getdns_dict_destroy(netreq_debug);
+			return NULL;
+		}
 	}
 
 	if (netreq->upstream->transport != GETDNS_TRANSPORT_TLS)
 		return netreq_debug;
 	
 	/* Only include the auth status if TLS was used */
-	/* TODO: output all 3 options */
 	if (getdns_dict_util_set_string(netreq_debug, "tls_auth_status",
-	    netreq->debug_tls_auth_status == GETDNS_AUTH_OK ?
-	    "OK: Server authenticated":"FAILED or NOT TRIED: Server not authenticated")){
+	    getdns_auth_str_array[netreq->debug_tls_auth_status])){
 
 		getdns_dict_destroy(netreq_debug);
 		return NULL;

From 7567869f2c2e016a218d1c881274eb49fde33bd1 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 9 Dec 2016 16:28:58 +0000
Subject: [PATCH 071/249] Improve transport tests by using the calll_reporting
 output to check the transport and authentication status Add cases for
 self-signed certs.

---
 src/test/tests_transports.sh | 123 +++++++++++++++++++++++++----------
 1 file changed, 90 insertions(+), 33 deletions(-)

diff --git a/src/test/tests_transports.sh b/src/test/tests_transports.sh
index 13e5b6b6..e6d981ef 100755
--- a/src/test/tests_transports.sh
+++ b/src/test/tests_transports.sh
@@ -5,25 +5,74 @@ SERVER_IP="8.8.8.8"
 SERVER_IPv6="2001:4860:4860::8888"
 TLS_SERVER_IP="185.49.141.38~getdnsapi.net"
 TLS_SERVER_IPv6="2a04:b900:0:100::38~getdnsapi.net"
+TLS_SERVER_SS_IP="184.105.193.78~tls-dns-u.odvr.dns-oarc.net"  #Self signed cert
 TLS_SERVER_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S="
+TLS_SERVER_SS_KEY="pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI="
 TLS_SERVER_WRONG_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc1S="
 GOOD_RESULT_SYNC="Status was: At least one response was returned"
 GOOD_RESULT_ASYNC="successfull"
 BAD_RESULT_SYNC="1 'Generic error'"
 BAD_RESULT_ASYNC="callback_type of 703"
+NUM_ARGS=3
 GOOD_COUNT=0
 FAIL_COUNT=0
 
+
+check_auth () {
+	local my_auth_ok=0;
+	auth_result=`echo $1 | sed 's/.*tls_auth_status\": <bindata of "//' | sed 's/\">.*//'`
+	if [[ $2 == "-" ]] ; then
+		my_auth_ok=1;
+	fi
+	if [[ $2 == "N" ]] && [[ $auth_result == "None" ]]; then
+		my_auth_ok=1;
+	fi
+	if [[ $2 == "F" ]] && [[ $auth_result == "Failed" ]]; then
+		my_auth_ok=1;
+	fi
+	if [[ $2 == "S" ]] && [[ $auth_result == "Success" ]]; then
+		my_auth_ok=1;
+	fi
+	echo $my_auth_ok;
+}
+
+check_trans () {
+	local my_trans_ok=0;
+	trans_result=`echo $1 | sed "s/.*\"transport\": GETDNS_TRANSPORT_//" | sed 's/ }.*//' | sed 's/,.*//'`
+	if [[ $2 == "U" ]] && [[ $trans_result == "UDP" ]]; then
+		my_trans_ok=1;
+	fi
+	if [[ $2 == "T" ]] && [[ $trans_result == "TCP" ]]; then
+		my_trans_ok=1;
+	fi
+	if [[ $2 == "L" ]] && [[ $trans_result == "TLS" ]]; then
+		my_trans_ok=1;
+	fi
+	echo $my_trans_ok;
+}
+
 check_good () {
-	result=`echo $1 | grep "Response code was: GOOD." | tail -1 | sed 's/ All done.'// | sed 's/Response code was: GOOD. '//`
+	auth_ok=0;
+	result_ok=0;
+	trans_ok=0;
+	result=`echo $1 | sed 's/ All done.'// | sed 's/.*Response code was: GOOD. '//`
 	async_success=`echo $result | grep -c "$GOOD_RESULT_ASYNC"`
 	if [[ $result =~ $GOOD_RESULT_SYNC ]] || [[ $async_success =~ 1 ]]; then
-			(( GOOD_COUNT++ ))
-			echo -n "PASS: "
-		else
-			(( FAIL_COUNT++ ))
-			echo "FAIL (RESULT): " $1
-			echo -n "FAIL: "
+		result_ok=1;
+	fi
+	if [[ $result_ok == 1 ]] ; then
+		trans_ok=$(check_trans "$1" "$2")
+	fi
+	if [[ $result_ok == 1 ]] ; then
+		auth_ok=$(check_auth "$1" "$3")
+	fi
+	if [[ $result_ok == 1 ]] && [[ $auth_ok == 1 ]] && [[ $trans_ok == 1 ]]; then
+		(( GOOD_COUNT++ ))
+		echo -n "PASS: "
+	else
+		(( FAIL_COUNT++ ))
+		echo "FAIL (RESULT): Result: $result  Auth: $auth_ok  Trans: $trans_ok"
+		echo -n "FAIL: "
 	fi
 }
 
@@ -80,30 +129,38 @@ while getopts ":p:s:t:k:idh" opt; do
 done
 
 TLS_SERVER_IP_NO_NAME=`echo ${TLS_SERVER_IP%~*}`
+TLS_SERVER_SS_IP_NO_NAME=`echo ${TLS_SERVER_SS_IP%~*}`
 TLS_SERVER_IP_WRONG_NAME=`echo ${TLS_SERVER_IP::${#TLS_SERVER_IP}-1}`
 
+NUM_GOOD_QUERIES=7
 GOOD_QUERIES=(
-"-s -A -q getdnsapi.net -l U      @${SERVER_IP}    "
-"-s -A -q getdnsapi.net -l T      @${SERVER_IP}    "
-"-s -A -q getdnsapi.net -l L      @${TLS_SERVER_IP_NO_NAME}"
-"-s -A -q getdnsapi.net -l L -m   @${TLS_SERVER_IP}"
-"-s -A -q getdnsapi.net -l L -m   @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\""
-"-s -A -q getdnsapi.net -l L -m   @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\""
-"-s -G -q DNSKEY getdnsapi.net -l U   @${SERVER_IP} -b 512 -D")
+"-s -A  getdnsapi.net -l U        @${SERVER_IP}"              "U" "-"
+"-s -A  getdnsapi.net -l T        @${SERVER_IP}"              "T" "-"
+"-s -A  getdnsapi.net -l L        @${TLS_SERVER_IP_NO_NAME}"  "L" "N"
+"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP}"          "L" "S"
+"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
+"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
+"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_SS_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"" "L" "S"
+"-s -G DNSKEY getdnsapi.net -l U  @${SERVER_IP} -b 512 -D" "U" "-")
 
+NUM_GOOD_FB_QUERIES=6
 GOOD_FALLBACK_QUERIES=(
-"-s -A -q getdnsapi.net -l LT     @${SERVER_IP}"
-"-s -A -q getdnsapi.net -l LT     @${SERVER_IP}"
-"-s -A -q getdnsapi.net -l LT     @${TLS_SERVER_IP_NO_NAME}"
-"-s -A -q getdnsapi.net -l LT -m  @${TLS_SERVER_IP_NO_NAME}"
-"-s -A -q getdnsapi.net -l L      @${SERVER_IP} @${TLS_SERVER_IP_NO_NAME}"
-"-s -G -q DNSKEY getdnsapi.net -l UT  @${SERVER_IP} -b 512 -D")
+"-s -A getdnsapi.net -l LU     @${SERVER_IP}" "U" "-"
+"-s -A getdnsapi.net -l LT     @${SERVER_IP}" "T" "-" 
+"-s -A getdnsapi.net -l LT     @${TLS_SERVER_IP_NO_NAME}" "L" "N"
+"-s -A getdnsapi.net -l LT -m  @${TLS_SERVER_IP_NO_NAME}" "L" "N"
+"-s -A getdnsapi.net -l L      @${SERVER_IP} @${TLS_SERVER_IP_NO_NAME}" "L" "-"
+"-s -G DNSKEY getdnsapi.net -l UT  @${SERVER_IP} -b 512 -D" "T" "-")
 
 NOT_AVAILABLE_QUERIES=(
-"-s -A -q getdnsapi.net -l L      @${SERVER_IP}"
-"-s -A -q getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME}"
-"-s -A -q getdnsapi.net -l L -m   @${TLS_SERVER_IP_NO_NAME}"
-"-s -A -q getdnsapi.net -l L -m   @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\"")
+"-s -A getdnsapi.net -l L      @${SERVER_IP}"
+"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME}"
+"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_NO_NAME}"
+"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_NO_NAME}    -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
+"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP}            -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
+"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\""
+"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
+"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_SS_IP}         -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"")
 
 
 echo "Starting transport test"
@@ -118,19 +175,19 @@ for (( i = 0; i < 2; i+=1 )); do
 	fi
 
 	echo "*Success cases:"
-	for (( j = 0; j < ${#GOOD_QUERIES[@]}; j+=1 )); do
-		check_good "`$DIR/getdns_query $SYNC_MODE ${GOOD_QUERIES[${j}]} 2>/dev/null`"
-		echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[${j}]}"
-		(( COUNT++ ))
+	for (( j = 0; j < $NUM_GOOD_QUERIES; j+=1 )); do
+	  check_good "`$DIR/getdns_query +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
+	  echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]}"
+	  (( COUNT++ ))
 	done
 	
 	echo "*Success fallback cases:"
-	for (( j = 0; j < ${#GOOD_FALLBACK_QUERIES[@]}; j+=1 )); do
-		check_good "`$DIR/getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[${j}]} 2>/dev/null`"
-		echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[${j}]}"
-		(( COUNT++ ))
+	for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do
+	    check_good "`$DIR/getdns_query +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
+	    echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]}  TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}"
+	    (( COUNT++ ))
 	done
-
+	
 	echo "*Transport not available cases:"
 	for (( j = 0; j < ${#NOT_AVAILABLE_QUERIES[@]}; j+=1 )); do
 		check_bad "`$DIR/getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"

From 5d8894495acb3580c49f052e3b27f63815215ccb Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 9 Dec 2016 17:03:36 +0000
Subject: [PATCH 072/249] Remove unnecessary test

---
 src/test/tests_transports.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/test/tests_transports.sh b/src/test/tests_transports.sh
index e6d981ef..0cb0947b 100755
--- a/src/test/tests_transports.sh
+++ b/src/test/tests_transports.sh
@@ -62,8 +62,6 @@ check_good () {
 	fi
 	if [[ $result_ok == 1 ]] ; then
 		trans_ok=$(check_trans "$1" "$2")
-	fi
-	if [[ $result_ok == 1 ]] ; then
 		auth_ok=$(check_auth "$1" "$3")
 	fi
 	if [[ $result_ok == 1 ]] && [[ $auth_ok == 1 ]] && [[ $trans_ok == 1 ]]; then

From ef12b0e764e5759bf765e591028ee1ed05712d5a Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 9 Dec 2016 17:15:28 +0000
Subject: [PATCH 073/249] Fix some compiler warnings on OS X

---
 src/stub.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index 4f3cff73..7d4ca12d 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -385,7 +385,7 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport)
 {
 	int fd = -1;
 	DEBUG_STUB("%s %-35s: Creating TCP connection:      %p\n", STUB_DEBUG_SETUP, 
-	           __FUNCTION__, upstream);
+	           __FUNCTION__, (void*)upstream);
 	if ((fd = socket(upstream->addr.ss_family, SOCK_STREAM, IPPROTO_TCP)) == -1)
 		return -1;
 
@@ -481,7 +481,7 @@ static void
 stub_cleanup(getdns_network_req *netreq)
 {
 	DEBUG_STUB("%s %-35s: MSG: %p\n",
-	           STUB_DEBUG_CLEANUP, __FUNCTION__, netreq);
+	           STUB_DEBUG_CLEANUP, __FUNCTION__, (void*)netreq);
 	getdns_dns_req *dnsreq = netreq->owner;
 	getdns_network_req *r, *prev_r;
 	getdns_upstream *upstream;
@@ -562,7 +562,7 @@ void
 _getdns_cancel_stub_request(getdns_network_req *netreq)
 {
 	DEBUG_STUB("%s %-35s: MSG:  %p\n",
-	           STUB_DEBUG_CLEANUP, __FUNCTION__, netreq);
+	           STUB_DEBUG_CLEANUP, __FUNCTION__, (void*)netreq);
 	stub_cleanup(netreq);
 	if (netreq->fd >= 0) {
 #ifdef USE_WINSOCK
@@ -578,7 +578,7 @@ stub_timeout_cb(void *userarg)
 {
 	getdns_network_req *netreq = (getdns_network_req *)userarg;
 	DEBUG_STUB("%s %-35s: MSG:  %p\n",
-	           STUB_DEBUG_CLEANUP, __FUNCTION__, netreq);
+	           STUB_DEBUG_CLEANUP, __FUNCTION__, (void*)netreq);
 	stub_cleanup(netreq);
 	netreq->state = NET_REQ_TIMED_OUT;
 	/* Handle upstream*/
@@ -1297,7 +1297,7 @@ stub_udp_read_cb(void *userarg)
 	getdns_upstream *upstream = netreq->upstream;
 	ssize_t       read;
 	DEBUG_STUB("%s %-35s: MSG: %p \n", STUB_DEBUG_READ, 
-	             __FUNCTION__, netreq);
+	             __FUNCTION__, (void*)netreq);
 
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 
@@ -1330,7 +1330,7 @@ stub_udp_read_cb(void *userarg)
 #endif
 	while (GLDNS_TC_WIRE(netreq->response)) {
 		DEBUG_STUB("%s %-35s: MSG: %p TC bit set in response \n", STUB_DEBUG_READ, 
-		             __FUNCTION__, netreq);
+		             __FUNCTION__, (void*)netreq);
 		if (!(netreq->transport_current < netreq->transport_count))
 			break;
 		getdns_transport_list_t next_transport = 
@@ -1372,7 +1372,7 @@ stub_udp_write_cb(void *userarg)
 	getdns_dns_req     *dnsreq = netreq->owner;
 	size_t             pkt_len;
 	DEBUG_STUB("%s %-35s: MSG: %p \n", STUB_DEBUG_WRITE, 
-	             __FUNCTION__, netreq);
+	             __FUNCTION__, (void*)netreq);
 
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 
@@ -1479,7 +1479,7 @@ upstream_read_cb(void *userarg)
 		}
 
 		DEBUG_STUB("%s %-35s: MSG: %p (read)\n",
-		    STUB_DEBUG_READ, __FUNCTION__, netreq);
+		    STUB_DEBUG_READ, __FUNCTION__, (void*)netreq);
 		netreq->state = NET_REQ_FINISHED;
 		netreq->response = upstream->tcp.read_buf;
 		netreq->response_len =
@@ -1560,7 +1560,7 @@ upstream_write_cb(void *userarg)
 
 	netreq->debug_start_time = _getdns_get_time_as_uintt64();
 	DEBUG_STUB("%s %-35s: MSG: %p (writing)\n", STUB_DEBUG_WRITE,
-	            __FUNCTION__, netreq);
+	            __FUNCTION__, (void*)netreq);
 
 	/* Health checks on current connection */
 	if (upstream->conn_state == GETDNS_CONN_TEARDOWN)
@@ -1585,7 +1585,7 @@ upstream_write_cb(void *userarg)
 	case STUB_SETUP_ERROR:
 		/* Could not complete the set up. Need to fallback.*/
 		DEBUG_STUB("%s %-35s: Upstream: %p ERROR = %d\n", STUB_DEBUG_WRITE,
-		             __FUNCTION__, ((getdns_network_req *)userarg), q);
+		             __FUNCTION__, (void*)userarg, q);
 		upstream_failed(upstream, (q == STUB_TCP_ERROR ? 0:1));
 		/* Fall through */
 	case STUB_CONN_GONE:
@@ -1800,7 +1800,7 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
                     getdns_dns_req *dnsreq) 
 {
 	DEBUG_STUB("%s %-35s: Getting upstream connection:  %p\n", STUB_DEBUG_SETUP, 
-	           __FUNCTION__, upstream);
+	           __FUNCTION__, (void*)upstream);
 	int fd = -1;
 	switch(transport) {
 	case GETDNS_TRANSPORT_UDP:
@@ -1874,7 +1874,7 @@ upstream_find_for_transport(getdns_network_req *netreq,
 			*fd = upstream_connect(upstream, transport, netreq->owner);
 		} while (*fd == -1);
 		DEBUG_STUB("%s %-35s: FD:  %d Connecting to upstream: %p   No: %d\n", 
-	           STUB_DEBUG_SETUP, __FUNCTION__, *fd, upstream,
+	           STUB_DEBUG_SETUP, __FUNCTION__, *fd, (void*)upstream,
 	           (int)(upstream - netreq->owner->context->upstreams->upstreams));
 	}
 	return upstream;
@@ -1898,7 +1898,7 @@ upstream_find_for_netreq(getdns_network_req *netreq)
 		return fd;
 	}
 	/* Handle better, will give generic error*/
-	DEBUG_STUB("%s %-35s: MSG: %p No valid upstream! \n", STUB_DEBUG_SCHEDULE, __FUNCTION__, netreq);
+	DEBUG_STUB("%s %-35s: MSG: %p No valid upstream! \n", STUB_DEBUG_SCHEDULE, __FUNCTION__, (void*)netreq);
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 	DEBUG_DAEMON("%s *FAILURE* no valid transports or upstreams available!\n",
 	              STUB_DEBUG_DAEMON);
@@ -1915,7 +1915,7 @@ fallback_on_write(getdns_network_req *netreq)
 {
 
 	/* Deal with UDP one day*/
-	DEBUG_STUB("%s %-35s: MSG: %p FALLING BACK \n", STUB_DEBUG_SCHEDULE, __FUNCTION__, netreq);
+	DEBUG_STUB("%s %-35s: MSG: %p FALLING BACK \n", STUB_DEBUG_SCHEDULE, __FUNCTION__, (void*)netreq);
 
 	/* Try to find a fallback transport*/
 	getdns_return_t result = _getdns_submit_stub_request(netreq);
@@ -1963,7 +1963,7 @@ upstream_reschedule_events(getdns_upstream *upstream, uint64_t idle_timeout) {
 static void
 upstream_schedule_netreq(getdns_upstream *upstream, getdns_network_req *netreq)
 {
-	DEBUG_STUB("%s %-35s: MSG: %p (schedule event)\n", STUB_DEBUG_SCHEDULE, __FUNCTION__, netreq);
+	DEBUG_STUB("%s %-35s: MSG: %p (schedule event)\n", STUB_DEBUG_SCHEDULE, __FUNCTION__, (void*)netreq);
 	/* We have a connected socket and a global event loop */
 	assert(upstream->fd >= 0);
 	assert(upstream->loop);
@@ -2015,7 +2015,7 @@ getdns_return_t
 _getdns_submit_stub_request(getdns_network_req *netreq)
 {
 	DEBUG_STUB("%s %-35s: MSG: %p TYPE: %d\n", STUB_DEBUG_ENTRY, __FUNCTION__,
-	           netreq, netreq->request_type);
+	           (void*)netreq, netreq->request_type);
 	int fd = -1;
 	getdns_dns_req *dnsreq = netreq->owner;
 

From b91e13b13b7ae7254f1d994d8d69de1d1954e404 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Sat, 10 Dec 2016 16:03:17 -0800
Subject: [PATCH 074/249] Fixing VS studio analysis issues in Get DNS code.

---
 src/compat/arc4random.c | 9 +++++++++
 src/dnssec.c            | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/compat/arc4random.c b/src/compat/arc4random.c
index bd5f6e3a..7c9570b9 100644
--- a/src/compat/arc4random.c
+++ b/src/compat/arc4random.c
@@ -117,6 +117,9 @@ _rs_stir(void)
 #ifdef SIGKILL
 		raise(SIGKILL);
 #else
+#ifdef GETDNS_ON_WINDOWS
+		DebugBreak();
+#endif
 		exit(9); /* windows */
 #endif
 	}
@@ -128,6 +131,9 @@ _rs_stir(void)
 	explicit_bzero(rnd, sizeof(rnd));	/* discard source seed */
 
 	/* invalidate rs_buf */
+#ifdef GETDNS_ON_WINDOWS
+	_Analysis_assume_(rs != NULL);
+#endif
 	rs->rs_have = 0;
 	memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
 
@@ -158,6 +164,9 @@ _rs_stir_if_needed(size_t len)
 #endif
 	if (!rs || rs->rs_count <= len)
 		_rs_stir();
+#ifdef GETDNS_ON_WINDOWS
+	_Analysis_assume_(rs != NULL);
+#endif
 	if (rs->rs_count <= len)
 		rs->rs_count = 0;
 	else
diff --git a/src/dnssec.c b/src/dnssec.c
index 51d566f2..87e2943b 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1323,7 +1323,7 @@ static int _rr_iter_rdata_cmp(const void *a, const void *b)
  * When the rrset was a wildcard expansion (rrsig labels < labels owner name),
  * nc_name will be set to the next closer (within rrset->name).
  */
-#define VAL_RRSET_SPC_SZ 1024
+#define VAL_RRSET_SPC_SZ 256
 static int _getdns_verify_rrsig(struct mem_funcs *mf,
     _getdns_rrset *rrset, _getdns_rrsig_iter *rrsig, _getdns_rrtype_iter *key, const uint8_t **nc_name)
 {

From cfc7d18c85edbc93e101008b8411330d46f932c3 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Sun, 11 Dec 2016 16:57:52 +0000
Subject: [PATCH 075/249] Ug. Fix stupid mistake with string array.

---
 src/context.c        |  4 ++--
 src/stub.c           |  2 +-
 src/types-internal.h |  9 ++-------
 src/util-internal.c  | 12 +++++++++++-
 4 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/src/context.c b/src/context.c
index 275faaca..b6b07e66 100644
--- a/src/context.c
+++ b/src/context.c
@@ -717,12 +717,12 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->responses_received, (int)upstream->responses_timeouts,
-	             getdns_auth_str_array[upstream->tls_auth_state], (int)upstream->keepalive_timeout);
+	             _getdns_auth_str(upstream->tls_auth_state), (int)upstream->keepalive_timeout);
 	DEBUG_DAEMON("%s %s : Upstream stats: Transport=%s - Resp=%d,Timeouts=%d,Best_auth=%s\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->total_responses, (int)upstream->total_timeouts,
-	             getdns_auth_str_array[upstream->best_tls_auth_state]);
+	             _getdns_auth_str(upstream->best_tls_auth_state));
 	DEBUG_DAEMON("%s %s : Upstream stats: Transport=%s - Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
diff --git a/src/stub.c b/src/stub.c
index 7d4ca12d..795c5542 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1060,7 +1060,7 @@ tls_do_handshake(getdns_upstream *upstream)
 		upstream->tls_auth_state = upstream->last_tls_auth_state;
 	DEBUG_STUB("%s %-35s: FD:  %d Handshake succeeded with auth state %s. Session is %s.\n", 
 		         STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd, 
-		         getdns_auth_str_array[upstream->tls_auth_state],
+		         _getdns_auth_str(upstream->tls_auth_state),
 		         SSL_session_reused(upstream->tls_obj) ?"re-used":"new");
 	if (upstream->tls_session != NULL)
 	    SSL_SESSION_free(upstream->tls_session);
diff --git a/src/types-internal.h b/src/types-internal.h
index 068cf282..2ac85581 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -67,13 +67,6 @@ typedef enum getdns_auth_state {
 #define GETDNS_STR_AUTH_FAILED "Failed"
 #define GETDNS_STR_AUTH_OK "Success"
 
-static char*
-getdns_auth_str_array[] = {
-	GETDNS_STR_AUTH_NONE,
-	GETDNS_STR_AUTH_FAILED,
-	GETDNS_STR_AUTH_OK
-};
-
 struct getdns_context;
 struct getdns_upstreams;
 struct getdns_upstream;
@@ -430,5 +423,7 @@ void _getdns_network_validate_tsig(getdns_network_req *req);
 
 void _getdns_netreq_reinit(getdns_network_req *netreq);
 
+const char * _getdns_auth_str(getdns_auth_state_t auth);
+
 #endif
 /* types-internal.h */
diff --git a/src/util-internal.c b/src/util-internal.c
index a7c588ba..c25cf5ce 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -899,7 +899,7 @@ _getdns_create_call_reporting_dict(
 	
 	/* Only include the auth status if TLS was used */
 	if (getdns_dict_util_set_string(netreq_debug, "tls_auth_status",
-	    getdns_auth_str_array[netreq->debug_tls_auth_status])){
+	    _getdns_auth_str(netreq->debug_tls_auth_status))){
 
 		getdns_dict_destroy(netreq_debug);
 		return NULL;
@@ -1562,4 +1562,14 @@ void _getdns_wire2list(uint8_t *pkt, size_t pkt_len, getdns_list *l)
 	}
 }
 
+const char * _getdns_auth_str(getdns_auth_state_t auth) {
+	static const char*
+	getdns_auth_str_array[] = {
+		GETDNS_STR_AUTH_NONE,
+		GETDNS_STR_AUTH_FAILED,
+		GETDNS_STR_AUTH_OK
+	};
+	return getdns_auth_str_array[auth];
+}
+
 /* util-internal.c */

From d584c6e3f5f4ea809d77bff567128090ddc339f5 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Sun, 11 Dec 2016 16:58:18 +0000
Subject: [PATCH 076/249] Clean more compile warnings.

---
 src/pubkey-pinning.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/pubkey-pinning.c b/src/pubkey-pinning.c
index d9c57fcd..d59a26d4 100644
--- a/src/pubkey-pinning.c
+++ b/src/pubkey-pinning.c
@@ -422,14 +422,14 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 			int verified;
 			if (!pkey) {
 				DEBUG_STUB("%s %-35s: Could not get pubkey from cert %d (%p)\n",
-					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, x);
+					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, (void*)x);
 				return GETDNS_RETURN_GENERIC_ERROR;
 			}
 			verified = X509_verify(prev, pkey);
 			EVP_PKEY_free(pkey);
 			if (!verified) {
 				DEBUG_STUB("%s %-35s: cert %d (%p) was not signed by cert %d\n",
-					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i-1, prev, i);
+					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i-1, (void*)prev, i);
 				return GETDNS_RETURN_GENERIC_ERROR;
 			}
 		}
@@ -454,11 +454,11 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 		for (p = pinset; p; p = p->next)
 			if (0 == memcmp(buf, p->pin, sizeof(p->pin))) {
 				DEBUG_STUB("%s %-35s: Pubkey %d matched pin %p ("PRIsz")\n",
-					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, p, sizeof(p->pin));
+					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, (void*)p, sizeof(p->pin));
 				return GETDNS_RETURN_GOOD;
 			} else
 				DEBUG_STUB("%s %-35s: Pubkey %d did not match pin %p\n",
-					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, p);
+					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, (void*)p);
 	}
 
 	return ret;

From 83a0b944b58722c5ba3a5a87e0998da1fd87aabf Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Sun, 11 Dec 2016 17:10:44 +0000
Subject: [PATCH 077/249] Fix another stupid error....

---
 src/stub.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/stub.c b/src/stub.c
index 795c5542..b04cb6bb 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -881,7 +881,7 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	 * tls_auth_fail if there is a hostname provided*/
 	if (upstream->tls_auth_name[0]) {
 		upstream->tls_auth_state = GETDNS_AUTH_FAILED;
-		preverify_ok == 0;
+		preverify_ok = 0;
 	}
 #endif
 

From 5f6b93f7f260cadc82ce1a077e173e1628dbea7c Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 12 Dec 2016 13:55:10 +0100
Subject: [PATCH 078/249] Use __func__ var when supported

And let debugging messages compile with -Wpedantic -Werror too
---
 configure.ac                                  | 14 +++
 src/context.c                                 | 12 +--
 src/extension/default_eventloop.c             | 18 ++--
 src/pubkey-pinning.c                          | 10 +-
 src/request-internal.c                        | 10 +-
 src/stub.c                                    | 94 +++++++++----------
 .../getdns_context_set_listen_addresses.c     | 11 ++-
 src/test/getdns_query.c                       |  4 +-
 .../315-event-loops-compile.dsc               | 16 ----
 .../315-event-loops-compile.post              | 20 ----
 .../315-event-loops-compile.pre               | 24 -----
 .../315-event-loops-compile.test              |  8 --
 .../320-event-loops-compile.test              |  3 +-
 src/ub_loop.c                                 | 10 +-
 14 files changed, 100 insertions(+), 154 deletions(-)
 delete mode 100644 src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.dsc
 delete mode 100644 src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.post
 delete mode 100644 src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.pre
 delete mode 100644 src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.test

diff --git a/configure.ac b/configure.ac
index f68aaf36..fb9bf546 100644
--- a/configure.ac
+++ b/configure.ac
@@ -945,6 +945,14 @@ fi
 #---- check for pthreads library
 AC_SEARCH_LIBS([pthread_mutex_init],[pthread],[AC_DEFINE([HAVE_PTHREADS], [1], [Have pthreads library])], [AC_MSG_WARN([pthreads not available])])
 
+AC_MSG_CHECKING([whether the C compiler (${CC-cc}) supports the __func__ variable])
+AC_LANG_PUSH(C)
+AC_COMPILE_IFELSE(
+	[AC_LANG_PROGRAM([[char*s=__func__;]],[[]])],
+	[AC_MSG_RESULT([yes])
+	 AC_DEFINE(HAVE___FUNC__, [1], [Whether the C compiler support the __func__ variable])],
+	[AC_MSG_RESULT([no])])
+AC_LANG_POP(C)
 
 dnl -----
 dnl ----- Start of "Things needed for gldns" section
@@ -1061,6 +1069,12 @@ AC_DEFINE_UNQUOTED([MAX_CNAME_REFERRALS], [100], [The maximum number of cname re
 
 AH_BOTTOM([
 
+#ifdef HAVE___FUNC__
+#define __FUNC__ __func__
+#else
+#define __FUNC__ __FUNCTION__
+#endif
+
 #ifdef GETDNS_ON_WINDOWS
 /* On windows it is allowed to increase the FD_SETSIZE
  * (and nescessary to make our custom eventloop work)
diff --git a/src/context.c b/src/context.c
index 7d542c45..a8c661c3 100644
--- a/src/context.c
+++ b/src/context.c
@@ -152,7 +152,7 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 	HCERTSTORE      hSystemStore;
 	PCCERT_CONTEXT  pTargetCert = NULL;
 
-	DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNCTION__,
+	DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
 		"Adding Windows certificates to CA store");
 
 	/* load just once per context lifetime for this version of getdns
@@ -181,7 +181,7 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 	/* failure if the CA store is empty or the call fails */
 	if ((pTargetCert = CertEnumCertificatesInStore(
 		hSystemStore, pTargetCert)) == 0) {
-		DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNCTION__,
+		DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
 			"CA certificate store for Windows is empty.");
 			return 0;
 	}
@@ -193,7 +193,7 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 			pTargetCert->cbCertEncoded);
 		if (!cert1) {
 			/* return error if a cert fails */
-			DEBUG_STUB("%s %-35s: %s %d:%s\n", STUB_DEBUG_SETUP_TLS, __FUNCTION__,
+			DEBUG_STUB("%s %-35s: %s %d:%s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
 				"Unable to parse certificate in memory",
 				ERR_get_error(), ERR_error_string(ERR_get_error(), NULL));
 			return 0;
@@ -201,7 +201,7 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 		else {
 			/* return error if a cert add to store fails */
 			if (X509_STORE_add_cert(store, cert1) == 0) {
-				DEBUG_STUB("%s %-35s: %s %d:%s\n", STUB_DEBUG_SETUP_TLS, __FUNCTION__,
+				DEBUG_STUB("%s %-35s: %s %d:%s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
 					"Error adding certificate", ERR_get_error(),
 					ERR_error_string(ERR_get_error(), NULL));
 				return 0;
@@ -1525,7 +1525,7 @@ getdns_context_request_count_changed(getdns_context *context)
 		if (context->outbound_requests.count && ! context->ub_event.ev){
 			DEBUG_SCHED("gc_request_count_changed "
 			    "-> ub schedule(el_ev = %p, el_ev->ev = %p)\n",
-			    &context->ub_event, context->ub_event.ev);
+			    (void *)&context->ub_event, (void *)context->ub_event.ev);
 #ifndef USE_WINSOCK
 #ifdef HAVE_UNBOUND_EVENT_API
 			if (!_getdns_ub_loop_enabled(&context->ub_loop))
@@ -1539,7 +1539,7 @@ getdns_context_request_count_changed(getdns_context *context)
 		    context->ub_event.ev) {
 			DEBUG_SCHED("gc_request_count_changed "
 			    "-> ub clear(el_ev = %p, el_ev->ev = %p)\n",
-			    &context->ub_event, context->ub_event.ev);
+			    (void *)&context->ub_event, (void *)context->ub_event.ev);
 
 #ifndef USE_WINSOCK
 #ifdef HAVE_UNBOUND_EVENT_API
diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index c27dacde..0344f447 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -54,7 +54,7 @@ default_eventloop_schedule(getdns_eventloop *loop,
 	size_t i;
 
 	DEBUG_SCHED( "%s(loop: %p, fd: %d, timeout: %"PRIu64", event: %p, FD_SETSIZE: %d)\n"
-	        , __FUNCTION__, loop, fd, timeout, event, FD_SETSIZE);
+	        , __FUNC__, (void *)loop, fd, timeout, (void *)event, FD_SETSIZE);
 
 	if (!loop || !event)
 		return GETDNS_RETURN_INVALID_PARAMETER;
@@ -75,11 +75,11 @@ default_eventloop_schedule(getdns_eventloop *loop,
 			if (default_loop->fd_events[fd] == event) {
 				DEBUG_SCHED("WARNING: Event %p not cleared "
 				            "before being rescheduled!\n"
-				           , default_loop->fd_events[fd]);
+				           , (void *)default_loop->fd_events[fd]);
 			} else {
 				DEBUG_SCHED("ERROR: A different event is "
 				            "already present at fd slot: %p!\n"
-				           , default_loop->fd_events[fd]);
+				           , (void *)default_loop->fd_events[fd]);
 			}
 		}
 #endif
@@ -123,7 +123,7 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 	if (!loop || !event)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	DEBUG_SCHED( "%s(loop: %p, event: %p)\n", __FUNCTION__, loop, event);
+	DEBUG_SCHED( "%s(loop: %p, event: %p)\n", __FUNC__, (void *)loop, (void *)event);
 
 	i = (intptr_t)event->ev - 1;
 	if (i < 0 || i >= FD_SETSIZE) {
@@ -134,7 +134,7 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 		if (default_loop->timeout_events[i] != event)
 			DEBUG_SCHED( "ERROR: Different/wrong event present at "
 			             "timeout slot: %p!\n"
-			           , default_loop->timeout_events[i]);
+			           , (void *)default_loop->timeout_events[i]);
 #endif
 		default_loop->timeout_events[i] = NULL;
 	} else {
@@ -142,7 +142,7 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 		if (default_loop->fd_events[i] != event)
 			DEBUG_SCHED( "ERROR: Different/wrong event present at "
 			             "fd slot: %p!\n"
-			           , default_loop->fd_events[i]);
+			           , (void *)default_loop->fd_events[i]);
 #endif
 		default_loop->fd_events[i] = NULL;
 	}
@@ -162,7 +162,7 @@ default_read_cb(int fd, getdns_eventloop_event *event)
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
 	(void)fd;
 #endif
-	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNCTION__, fd, event);
+	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	event->read_cb(event->userarg);
 }
 
@@ -172,7 +172,7 @@ default_write_cb(int fd, getdns_eventloop_event *event)
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
 	(void)fd;
 #endif
-	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNCTION__, fd, event);
+	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	event->write_cb(event->userarg);
 }
 
@@ -182,7 +182,7 @@ default_timeout_cb(int fd, getdns_eventloop_event *event)
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
 	(void)fd;
 #endif
-	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNCTION__, fd, event);
+	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	event->timeout_cb(event->userarg);
 }
 
diff --git a/src/pubkey-pinning.c b/src/pubkey-pinning.c
index db60fbc8..1dd67080 100644
--- a/src/pubkey-pinning.c
+++ b/src/pubkey-pinning.c
@@ -419,7 +419,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 		x = sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i);
 #if defined(STUB_DEBUG) && STUB_DEBUG
 		DEBUG_STUB("%s %-35s: Name of cert: %d ",
-		           STUB_DEBUG_SETUP_TLS, __FUNCTION__, i);
+		           STUB_DEBUG_SETUP_TLS, __FUNC__, i);
 		X509_NAME_print_ex_fp(stderr, X509_get_subject_name(x), 1, XN_FLAG_ONELINE);
 		fprintf(stderr, "\n");
 #endif
@@ -427,13 +427,13 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 		len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), NULL);
 		if (len > (int)sizeof(raw)) {
 			DEBUG_STUB("%s %-35s: Pubkey %d is larger than "PRIsz" octets\n",
-			           STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, sizeof(raw));
+			           STUB_DEBUG_SETUP_TLS, __FUNC__, i, sizeof(raw));
 			continue;
 		}
 		i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &next);
 		if (next - raw != len) {
 			DEBUG_STUB("%s %-35s: Pubkey %d claimed it needed %d octets, really needed "PRIsz"\n",
-			           STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, len, next - raw);
+			           STUB_DEBUG_SETUP_TLS, __FUNC__, i, len, next - raw);
 			continue;
 		}
 		SHA256(raw, len, buf);
@@ -442,11 +442,11 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 		for (p = pinset; p; p = p->next)
 			if (0 == memcmp(buf, p->pin, sizeof(p->pin))) {
 				DEBUG_STUB("%s %-35s: Pubkey %d matched pin %p ("PRIsz")\n",
-					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, p, sizeof(p->pin));
+					   STUB_DEBUG_SETUP_TLS, __FUNC__, i, (void *)p, sizeof(p->pin));
 				return GETDNS_RETURN_GOOD;
 			} else
 				DEBUG_STUB("%s %-35s: Pubkey %d did not match pin %p\n",
-					   STUB_DEBUG_SETUP_TLS, __FUNCTION__, i, p);
+					   STUB_DEBUG_SETUP_TLS, __FUNC__, i, (void *)p);
 	}
 
 	return ret;
diff --git a/src/request-internal.c b/src/request-internal.c
index 4f2e7773..ad33b4b4 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -472,7 +472,7 @@ _getdns_network_validate_tsig(getdns_network_req *req)
 	HMAC_CTX ctx_space;
 #endif
 
-	DEBUG_STUB("%s %-35s: Validate TSIG\n", STUB_DEBUG_TSIG, __FUNCTION__);
+	DEBUG_STUB("%s %-35s: Validate TSIG\n", STUB_DEBUG_TSIG, __FUNC__);
 	for ( rr = _getdns_rr_iter_init(&rr_spc, req->query,
 	                                (req->response - req->query))
 	    ; rr
@@ -489,7 +489,7 @@ _getdns_network_validate_tsig(getdns_network_req *req)
 	if (request_mac_len != rdf->nxt - rdf->pos - 2)
 		return;
 	DEBUG_STUB("%s %-35s: Request MAC found length %d\n",
-	           STUB_DEBUG_TSIG, __FUNCTION__, (int)(request_mac_len));
+	           STUB_DEBUG_TSIG, __FUNC__, (int)(request_mac_len));
 	
 	request_mac = rdf->pos + 2;
 
@@ -546,7 +546,7 @@ _getdns_network_validate_tsig(getdns_network_req *req)
 	if (response_mac_len != rdf->nxt - rdf->pos - 2)
 		return;
 	DEBUG_STUB("%s %-35s: Response MAC found length: %d\n",
-	           STUB_DEBUG_TSIG, __FUNCTION__, (int)(response_mac_len));
+	           STUB_DEBUG_TSIG, __FUNC__, (int)(response_mac_len));
 	response_mac = rdf->pos + 2;
 
 	if (!(rdf = _getdns_rdf_iter_next(rdf)) ||
@@ -571,7 +571,7 @@ _getdns_network_validate_tsig(getdns_network_req *req)
 
 	/* TSIG found */
 	DEBUG_STUB("%s %-35s: TSIG found, original ID: %d\n",
-	           STUB_DEBUG_TSIG, __FUNCTION__, (int)original_id);
+	           STUB_DEBUG_TSIG, __FUNC__, (int)original_id);
 
 	gldns_write_uint16(req->response + 10,
 	    gldns_read_uint16(req->response + 10) - 1);
@@ -612,7 +612,7 @@ _getdns_network_validate_tsig(getdns_network_req *req)
 	HMAC_Final(ctx, result_mac, &result_mac_len);
 
 	DEBUG_STUB("%s %-35s: Result MAC length: %d\n",
-	           STUB_DEBUG_TSIG, __FUNCTION__, (int)(result_mac_len));
+	           STUB_DEBUG_TSIG, __FUNC__, (int)(result_mac_len));
 	if (result_mac_len == response_mac_len &&
 	    memcmp(result_mac, response_mac, result_mac_len) == 0)
 		req->tsig_status = GETDNS_DNSSEC_SECURE;
diff --git a/src/stub.c b/src/stub.c
index ed666368..d4c24e93 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -247,7 +247,7 @@ match_edns_opt_rr(uint16_t code, uint8_t *response, size_t response_len,
 	(void) gldns_wire2str_rr_scan(
 	    &data, &data_len, &str, &str_len, (uint8_t *)rr_iter->pkt, rr_iter->pkt_end - rr_iter->pkt);
 	DEBUG_STUB("%s %-35s: OPT RR: %s\n",
-	           STUB_DEBUG_CLEANUP, __FUNCTION__, str_spc);
+	           STUB_DEBUG_CLEANUP, __FUNC__, str_spc);
 #endif
 
 	/* OPT found, now search for the specified option */
@@ -339,7 +339,7 @@ process_keepalive(
 	else {
 		upstream->keepalive_timeout = server_keepalive;
 		DEBUG_STUB("%s %-35s: FD:  %d Server Keepalive used: %d ms\n",
-		           STUB_DEBUG_CLEANUP, __FUNCTION__, upstream->fd, 
+		           STUB_DEBUG_CLEANUP, __FUNC__, upstream->fd, 
 		           (int)server_keepalive);
 	}
 }
@@ -369,7 +369,7 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport)
 {
 	int fd = -1;
 	DEBUG_STUB("%s %-35s: Creating TCP connection:       %p\n", STUB_DEBUG_SETUP, 
-	           __FUNCTION__, upstream);
+	           __FUNC__, (void *)upstream);
 	if ((fd = socket(upstream->addr.ss_family, SOCK_STREAM, IPPROTO_TCP)) == -1)
 		return -1;
 
@@ -464,7 +464,7 @@ static void
 stub_cleanup(getdns_network_req *netreq)
 {
 	DEBUG_STUB("%s %-35s: MSG: %p\n",
-	           STUB_DEBUG_CLEANUP, __FUNCTION__, netreq);
+	           STUB_DEBUG_CLEANUP, __FUNC__, (void *)netreq);
 	getdns_dns_req *dnsreq = netreq->owner;
 	getdns_network_req *r, *prev_r;
 	getdns_upstream *upstream;
@@ -506,7 +506,7 @@ static int
 tls_cleanup(getdns_upstream *upstream, int handshake_fail)
 {
 	DEBUG_STUB("%s %-35s: FD:  %d\n",
-	           STUB_DEBUG_CLEANUP, __FUNCTION__, upstream->fd);
+	           STUB_DEBUG_CLEANUP, __FUNC__, upstream->fd);
 	if (upstream->tls_obj != NULL)
 		SSL_free(upstream->tls_obj);
 	upstream->tls_obj = NULL;
@@ -526,7 +526,7 @@ static void
 upstream_erred(getdns_upstream *upstream)
 {
 	DEBUG_STUB("%s %-35s: FD:  %d\n",
-	           STUB_DEBUG_CLEANUP, __FUNCTION__, upstream->fd);
+	           STUB_DEBUG_CLEANUP, __FUNC__, upstream->fd);
 	getdns_network_req *netreq;
 
 	while ((netreq = upstream->write_queue)) {
@@ -561,7 +561,7 @@ _getdns_cancel_stub_request(getdns_network_req *netreq)
 /*static void
 stub_erred(getdns_network_req *netreq)
 {
-	DEBUG_STUB("*** %s\n", __FUNCTION__);
+	DEBUG_STUB("*** %s\n", __FUNC__);
 	stub_next_upstream(netreq);
 	stub_cleanup(netreq);
 	if (netreq->fd >= 0) close(netreq->fd);
@@ -574,7 +574,7 @@ stub_timeout_cb(void *userarg)
 {
 	getdns_network_req *netreq = (getdns_network_req *)userarg;
 	DEBUG_STUB("%s %-35s: MSG:  %p\n",
-	           STUB_DEBUG_CLEANUP, __FUNCTION__, netreq);
+	           STUB_DEBUG_CLEANUP, __FUNC__, (void *)netreq);
 	stub_next_upstream(netreq);
 	stub_cleanup(netreq);
 	if (netreq->fd >= 0)
@@ -597,7 +597,7 @@ upstream_idle_timeout_cb(void *userarg)
 {
 	getdns_upstream *upstream = (getdns_upstream *)userarg;
 	DEBUG_STUB("%s %-35s: FD:  %d Closing connection\n",
-	           STUB_DEBUG_CLEANUP, __FUNCTION__, upstream->fd);
+	           STUB_DEBUG_CLEANUP, __FUNC__, upstream->fd);
 	GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
 	upstream->event.timeout_cb = NULL;
 	upstream->event.read_cb = NULL;
@@ -610,7 +610,7 @@ upstream_tls_timeout_cb(void *userarg)
 {
 	getdns_upstream *upstream = (getdns_upstream *)userarg;
 	DEBUG_STUB("%s %-35s: FD:  %d\n",
-	           STUB_DEBUG_CLEANUP, __FUNCTION__, upstream->fd);
+	           STUB_DEBUG_CLEANUP, __FUNC__, upstream->fd);
 	/* Clean up and trigger a write to let the fallback code to its job */
 	tls_cleanup(upstream, 1);
 
@@ -638,7 +638,7 @@ stub_tls_timeout_cb(void *userarg)
 	getdns_network_req *netreq = (getdns_network_req *)userarg;
 	getdns_upstream *upstream = netreq->upstream;
 	DEBUG_STUB("%s %-35s: MSG: %p\n",
-	           STUB_DEBUG_CLEANUP, __FUNCTION__, netreq);
+	           STUB_DEBUG_CLEANUP, __FUNC__, (void *)netreq);
 	/* Clean up and trigger a write to let the fallback code to its job */
 	tls_cleanup(upstream, 0);
 
@@ -773,7 +773,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 				netreq->owner->context->idle_timeout != 0) {
 				/* Add the keepalive option to the first query on this connection*/
 				DEBUG_STUB("%s %-35s: FD:  %d Requesting keepalive \n",
-				           STUB_DEBUG_WRITE, __FUNCTION__, fd);
+				           STUB_DEBUG_WRITE, __FUNC__, fd);
 				if (attach_edns_keepalive(netreq))
 					return STUB_OUT_OF_OPTIONS;
 				netreq->keepalive_sent = 1;
@@ -904,7 +904,7 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	int     err = X509_STORE_CTX_get_error(ctx);
 
 	DEBUG_STUB("%s %-35s: FD:  %d Verify result: (%d) \"%s\"\n",
-	            STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd, err,
+	            STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd, err,
 	            X509_verify_cert_error_string(err));
 #endif
 
@@ -912,19 +912,19 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	/*Report if error is hostname mismatch*/
 	if (upstream && upstream->tls_fallback_ok && err == X509_V_ERR_HOSTNAME_MISMATCH)
 		DEBUG_STUB("%s %-35s: FD:  %d WARNING: Proceeding even though hostname validation failed!\n",
-		           STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd);
+		           STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
 #endif
 	if (upstream && upstream->tls_pubkey_pinset)
 		pinset_ret = _getdns_verify_pinset_match(upstream->tls_pubkey_pinset, ctx);
 
 	if (pinset_ret != GETDNS_RETURN_GOOD) {
 		DEBUG_STUB("%s %-35s: FD:  %d, WARNING: Pinset validation failure!\n",
-	           STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd);
+	           STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
 		preverify_ok = 0;
 		upstream->tls_auth_failed = 1;
 		if (upstream->tls_fallback_ok)
 			DEBUG_STUB("%s %-35s: FD:  %d, WARNING: Proceeding even though pinset validation failed!\n",
-			            STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd);
+			            STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
 	}
 	/* If fallback is allowed, proceed regardless of what the auth error is
 	   (might not be hostname or pinset related) */
@@ -961,7 +961,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
 	if (upstream->tls_auth_name[0] != '\0') {
 		/*Request certificate for the auth_name*/
 		DEBUG_STUB("%s %-35s: Hostname verification requested for: %s\n",
-		           STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->tls_auth_name);
+		           STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->tls_auth_name);
 		SSL_set_tlsext_host_name(ssl, upstream->tls_auth_name);
 #ifdef HAVE_SSL_HN_AUTH
 		/* Set up native OpenSSL hostname verification*/
@@ -973,7 +973,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
 		if (dnsreq->netreqs[0]->tls_auth_min == GETDNS_AUTHENTICATION_REQUIRED) {
 			/* TODO: Trigger post-handshake custom validation*/
 			DEBUG_STUB("%s %-35s: ERROR: TLS Authentication functionality not available\n",
-		           STUB_DEBUG_SETUP_TLS, __FUNCTION__);
+		           STUB_DEBUG_SETUP_TLS, __FUNC__);
 			upstream->tls_hs_state = GETDNS_HS_FAILED;
 			upstream->tls_auth_failed = 1;
 			return NULL;
@@ -988,10 +988,10 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
 		if (dnsreq->netreqs[0]->tls_auth_min == GETDNS_AUTHENTICATION_REQUIRED) {
 			if (upstream->tls_pubkey_pinset) {
 				DEBUG_STUB("%s %-35s: Proceeding with only pubkey pinning authentication\n",
-			           STUB_DEBUG_SETUP_TLS, __FUNCTION__);
+			           STUB_DEBUG_SETUP_TLS, __FUNC__);
 			} else {
 				DEBUG_STUB("%s %-35s: ERROR: No host name or pubkey pinset provided for TLS authentication\n",
-			           STUB_DEBUG_SETUP_TLS, __FUNCTION__);
+			           STUB_DEBUG_SETUP_TLS, __FUNC__);
 				upstream->tls_hs_state = GETDNS_HS_FAILED;
 				upstream->tls_auth_failed = 1;
 				return NULL;
@@ -999,7 +999,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
 		} else {
 			/* no hostname verification, so we will make opportunistic connections */
 			DEBUG_STUB("%s %-35s: Proceeding even though no hostname provided!\n",
-			           STUB_DEBUG_SETUP_TLS, __FUNCTION__);
+			           STUB_DEBUG_SETUP_TLS, __FUNC__);
 			upstream->tls_auth_failed = 1;
 			upstream->tls_fallback_ok = 1;
 		}
@@ -1007,10 +1007,10 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
 	if (upstream->tls_fallback_ok) {
 		SSL_set_cipher_list(ssl, "DEFAULT");
 		DEBUG_STUB("%s %-35s: WARNING: Using Oppotunistic TLS (fallback allowed)!\n",
-		           STUB_DEBUG_SETUP_TLS, __FUNCTION__);
+		           STUB_DEBUG_SETUP_TLS, __FUNC__);
 	} else
 		DEBUG_STUB("%s %-35s: Using Strict TLS \n", STUB_DEBUG_SETUP_TLS, 
-		             __FUNCTION__);
+		             __FUNC__);
 	SSL_set_verify(ssl, SSL_VERIFY_PEER, tls_verify_callback);
 
 	SSL_set_connect_state(ssl);
@@ -1022,7 +1022,7 @@ static int
 tls_do_handshake(getdns_upstream *upstream)
 {
 	DEBUG_STUB("%s %-35s: FD:  %d \n", STUB_DEBUG_SETUP_TLS, 
-	             __FUNCTION__, upstream->fd);
+	             __FUNC__, upstream->fd);
 	int r;
 	int want;
 	ERR_clear_error();
@@ -1048,14 +1048,14 @@ tls_do_handshake(getdns_upstream *upstream)
 				return STUB_TCP_AGAIN;
 			default:
 				DEBUG_STUB("%s %-35s: FD:  %d Handshake failed %d\n", 
-				            STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd,
+				            STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd,
 				            want);
 				return tls_cleanup(upstream, 1);
 	   }
 	}
 	upstream->tls_hs_state = GETDNS_HS_DONE;
 	DEBUG_STUB("%s %-35s: FD:  %d Handshake succeeded\n", 
-	            STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd);
+	            STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
 	r = SSL_get_verify_result(upstream->tls_obj);
 	if (upstream->tls_auth_name[0])
 #ifdef X509_V_ERR_HOSTNAME_MISMATCH
@@ -1067,7 +1067,7 @@ tls_do_handshake(getdns_upstream *upstream)
 #endif
 			upstream->tls_auth_failed = 1;
 	DEBUG_STUB("%s %-35s: FD:  %d Session is %s\n", 
-		         STUB_DEBUG_SETUP_TLS, __FUNCTION__, upstream->fd,
+		         STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd,
 		         SSL_session_reused(upstream->tls_obj) ?"re-used":"new");
 	if (upstream->tls_session != NULL)
 	    SSL_SESSION_free(upstream->tls_session);
@@ -1242,7 +1242,7 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
 				/* Add the keepalive option to every nth query on this 
 				   connection */
 				DEBUG_STUB("%s %-35s: FD:  %d Requesting keepalive \n",  
-			             STUB_DEBUG_SETUP, __FUNCTION__, upstream->fd);
+			             STUB_DEBUG_SETUP, __FUNC__, upstream->fd);
 				if (attach_edns_keepalive(netreq))
 					return STUB_OUT_OF_OPTIONS;
 				netreq->keepalive_sent = 1;
@@ -1304,7 +1304,7 @@ stub_udp_read_cb(void *userarg)
 	getdns_upstream *upstream = netreq->upstream;
 	ssize_t       read;
 	DEBUG_STUB("%s %-35s: MSG: %p \n", STUB_DEBUG_READ, 
-	             __FUNCTION__, netreq);
+	             __FUNC__, (void *)netreq);
 
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 
@@ -1336,7 +1336,7 @@ stub_udp_read_cb(void *userarg)
 #endif
 	while (GLDNS_TC_WIRE(netreq->response)) {
 		DEBUG_STUB("%s %-35s: MSG: %p TC bit set in response \n", STUB_DEBUG_READ, 
-		             __FUNCTION__, netreq);
+		             __FUNC__, (void *)netreq);
 		if (!(netreq->transport_current < netreq->transport_count))
 			break;
 		getdns_transport_list_t next_transport = 
@@ -1370,7 +1370,7 @@ stub_udp_write_cb(void *userarg)
 	getdns_dns_req     *dnsreq = netreq->owner;
 	size_t             pkt_len;
 	DEBUG_STUB("%s %-35s: MSG: %p \n", STUB_DEBUG_WRITE, 
-	             __FUNCTION__, netreq);
+	             __FUNC__, (void *)netreq);
 
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 
@@ -1436,7 +1436,7 @@ static void
 upstream_read_cb(void *userarg)
 {
 	getdns_upstream *upstream = (getdns_upstream *)userarg;
-	DEBUG_STUB("%s %-35s: FD:  %d \n", STUB_DEBUG_READ, __FUNCTION__,
+	DEBUG_STUB("%s %-35s: FD:  %d \n", STUB_DEBUG_READ, __FUNC__,
 	            upstream->fd);
 	getdns_network_req *netreq;
 	int q;
@@ -1477,7 +1477,7 @@ upstream_read_cb(void *userarg)
 		}
 
 		DEBUG_STUB("%s %-35s: MSG: %p (read)\n",
-		    STUB_DEBUG_READ, __FUNCTION__, netreq);
+		    STUB_DEBUG_READ, __FUNC__, (void *)netreq);
 		netreq->state = NET_REQ_FINISHED;
 		netreq->response = upstream->tcp.read_buf;
 		netreq->response_len =
@@ -1561,7 +1561,7 @@ upstream_write_cb(void *userarg)
 	/* TODO: think about TCP AGAIN */
 	netreq->debug_start_time = _getdns_get_time_as_uintt64();
 	DEBUG_STUB("%s %-35s: MSG: %p (writing)\n", STUB_DEBUG_WRITE,
-	            __FUNCTION__, netreq);
+	            __FUNC__, (void *)netreq);
 
 	if (tls_requested(netreq) && tls_should_write(upstream))
 		q = stub_tls_write(upstream, &upstream->tcp, netreq);
@@ -1579,7 +1579,7 @@ upstream_write_cb(void *userarg)
 	case STUB_TCP_ERROR:
 		/* Problem with the TCP connection itself. Need to fallback.*/
 		DEBUG_STUB("%s %-35s: MSG: %p ERROR!\n", STUB_DEBUG_WRITE,
-		             __FUNCTION__, ((getdns_network_req *)userarg));
+		             __FUNC__, userarg);
 		upstream->tcp.write_error = 1;
 		/* Use policy of trying next upstream in this case. Need more work on
 		 * TCP connection re-use.*/
@@ -1672,14 +1672,14 @@ upstream_select(getdns_network_req *netreq, getdns_transport_list_t transport)
 	/*  transport type and/or maintain separate current for transports?*/
 	i = upstreams->current;
 	DEBUG_STUB("%s %-35s: Starting from upstream: %d of %d available \n", STUB_DEBUG_SETUP,
-	            __FUNCTION__, (int)i, (int)upstreams->count);
+	            __FUNC__, (int)i, (int)upstreams->count);
 	do {
 		if (upstreams->upstreams[i].to_retry > 0 &&
 		    upstream_transport_valid(&upstreams->upstreams[i], transport, netreq)) {
 			upstreams->current = i;
 			DEBUG_STUB("%s %-35s: Selected upstream:      %d      %p transport: %d\n",
-			           STUB_DEBUG_SETUP, __FUNCTION__, (int)i, 
-			           &upstreams->upstreams[i], transport);
+			           STUB_DEBUG_SETUP, __FUNC__, (int)i, 
+			           (void *)&upstreams->upstreams[i], transport);
 			return &upstreams->upstreams[i];
 		}
 		if (++i >= upstreams->count)
@@ -1695,7 +1695,7 @@ upstream_select(getdns_network_req *netreq, getdns_transport_list_t transport)
 	/* Need to check again that the transport is valid */
 	if (!upstream_transport_valid(upstream, transport, netreq)) {
 		DEBUG_STUB("%s %-35s: No valid upstream available for transport %d!\n",
-		           STUB_DEBUG_SETUP, __FUNCTION__, transport);
+		           STUB_DEBUG_SETUP, __FUNC__, transport);
 		return NULL;
 	}
 	upstream->back_off++;
@@ -1710,7 +1710,7 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
                     getdns_dns_req *dnsreq) 
 {
 	DEBUG_STUB("%s %-35s: Checking upstream connection:  %p\n", STUB_DEBUG_SETUP, 
-	           __FUNCTION__, upstream);
+	           __FUNC__, (void *)upstream);
 	int fd = -1;
 	switch(transport) {
 	case GETDNS_TRANSPORT_UDP:
@@ -1771,7 +1771,7 @@ upstream_find_for_transport(getdns_network_req *netreq,
 		return NULL;
 	*fd = upstream_connect(upstream, transport, netreq->owner);
 	DEBUG_STUB("%s %-35s: FD:  %d Connected for upstream: %p\n", 
-	           STUB_DEBUG_SETUP, __FUNCTION__, *fd, upstream);
+	           STUB_DEBUG_SETUP, __FUNC__, *fd, (void *)upstream);
 	return upstream;
 }
 
@@ -1805,7 +1805,7 @@ fallback_on_write(getdns_network_req *netreq)
 
 	/* Deal with UDP and change error code*/
 
-	DEBUG_STUB("%s %-35s: MSG: %p FALLING BACK \n", STUB_DEBUG_SCHEDULE, __FUNCTION__, netreq);
+	DEBUG_STUB("%s %-35s: MSG: %p FALLING BACK \n", STUB_DEBUG_SCHEDULE, __FUNC__, (void *)netreq);
 
 	/* Try to find a fallback transport*/
 	getdns_return_t result = _getdns_submit_stub_request(netreq);
@@ -1822,7 +1822,7 @@ static void
 upstream_reschedule_events(getdns_upstream *upstream, uint64_t idle_timeout) {
 
 	DEBUG_STUB("%s %-35s: FD:  %d \n", STUB_DEBUG_SCHEDULE, 
-	             __FUNCTION__, upstream->fd);
+	             __FUNC__, upstream->fd);
 	GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
 	if (!upstream->write_queue && upstream->event.write_cb) {
 		upstream->event.write_cb = NULL;
@@ -1841,7 +1841,7 @@ upstream_reschedule_events(getdns_upstream *upstream, uint64_t idle_timeout) {
 		    upstream->fd, TIMEOUT_FOREVER, &upstream->event);
 	else {
 		DEBUG_STUB("%s %-35s: FD:  %d Connection idle - timeout is %d\n", 
-			    STUB_DEBUG_SCHEDULE, __FUNCTION__, upstream->fd, (int)idle_timeout);
+			    STUB_DEBUG_SCHEDULE, __FUNC__, upstream->fd, (int)idle_timeout);
 		upstream->event.timeout_cb = upstream_idle_timeout_cb;
 		if (upstream->tcp.write_error != 0)
 			idle_timeout = 0;
@@ -1853,7 +1853,7 @@ upstream_reschedule_events(getdns_upstream *upstream, uint64_t idle_timeout) {
 static void
 upstream_schedule_netreq(getdns_upstream *upstream, getdns_network_req *netreq)
 {
-	DEBUG_STUB("%s %-35s: MSG: %p (schedule event)\n", STUB_DEBUG_SCHEDULE, __FUNCTION__, netreq);
+	DEBUG_STUB("%s %-35s: MSG: %p (schedule event)\n", STUB_DEBUG_SCHEDULE, __FUNC__, (void *)netreq);
 	/* We have a connected socket and a global event loop */
 	assert(upstream->fd >= 0);
 	assert(upstream->loop);
@@ -1906,8 +1906,8 @@ upstream_schedule_netreq(getdns_upstream *upstream, getdns_network_req *netreq)
 getdns_return_t
 _getdns_submit_stub_request(getdns_network_req *netreq)
 {
-	DEBUG_STUB("%s %-35s: MSG: %p TYPE: %d\n", STUB_DEBUG_ENTRY, __FUNCTION__,
-	           netreq, netreq->request_type);
+	DEBUG_STUB("%s %-35s: MSG: %p TYPE: %d\n", STUB_DEBUG_ENTRY, __FUNC__,
+	           (void *)netreq, netreq->request_type);
 	int fd = -1;
 	getdns_dns_req *dnsreq = netreq->owner;
 
diff --git a/src/test/getdns_context_set_listen_addresses.c b/src/test/getdns_context_set_listen_addresses.c
index 03ac6340..0f432dd7 100644
--- a/src/test/getdns_context_set_listen_addresses.c
+++ b/src/test/getdns_context_set_listen_addresses.c
@@ -616,7 +616,7 @@ static void free_listen_set_when_done(listen_set *set)
 	if (!(mf = priv_getdns_context_mf(set->context)))
 		return;
 
-	DEBUG_SERVER("To free listen set: %p\n", set);
+	DEBUG_SERVER("To free listen set: %p\n", (void *)set);
 	for (i = 0; i < set->count; i++) {
 		listener *l = &set->items[i];
 
@@ -627,7 +627,7 @@ static void free_listen_set_when_done(listen_set *set)
 			return;
 	}
 	GETDNS_FREE(*mf, set);
-	DEBUG_SERVER("Listen set: %p freed\n", set);
+	DEBUG_SERVER("Listen set: %p freed\n", (void *)set);
 }
 
 static void remove_listeners(listen_set *set)
@@ -761,8 +761,8 @@ getdns_return_t getdns_context_set_listen_addresses(getdns_context *context,
 	size_t i;
 	struct addrinfo hints;
 
-	DEBUG_SERVER("getdns_context_set_listen_addresses(%p, %p, %p)\n", context, request_handler,
-	    listen_addresses);
+	DEBUG_SERVER("getdns_context_set_listen_addresses(%p, <func>, %p)\n",
+	    (void *)context, (void *)listen_addresses);
 	if (!(mf = priv_getdns_context_mf(context)))
 		return GETDNS_RETURN_GENERIC_ERROR;
 
@@ -796,7 +796,8 @@ getdns_return_t getdns_context_set_listen_addresses(getdns_context *context,
 	    sizeof(listener) * new_set_count * n_transports)))
 		return GETDNS_RETURN_MEMORY_ERROR;
 
-	DEBUG_SERVER("New listen set: %p, current_set: %p\n", new_set, current_set);
+	DEBUG_SERVER("New listen set: %p, current_set: %p\n",
+	    (void *)new_set, (void *)current_set);
 
 	new_set->context = context;
 	new_set->next = root;
diff --git a/src/test/getdns_query.c b/src/test/getdns_query.c
index 8230b7ef..86d8f143 100644
--- a/src/test/getdns_query.c
+++ b/src/test/getdns_query.c
@@ -1288,7 +1288,7 @@ static void request_cb(
 	(void)transaction_id;
 #endif
 	DEBUG_SERVER("reply for: %p %"PRIu64" %d (edns0: %d, do: %d, ad: %d,"
-	    " cd: %d)\n", msg, transaction_id, (int)callback_type,
+	    " cd: %d)\n", (void *)msg, transaction_id, (int)callback_type,
 	    msg->has_edns0, msg->do_bit, msg->ad_bit, msg->cd_bit);
 	assert(msg);
 
@@ -1498,7 +1498,7 @@ static void incoming_request_handler(getdns_context *context,
 		    getdns_get_errorstr_by_id(r));
 	else {
 		DEBUG_SERVER("scheduled: %p %"PRIu64" for %s %d\n",
-		    msg, transaction_id, qname_str, (int)qtype);
+		    (void *)msg, transaction_id, qname_str, (int)qtype);
 		free(qname_str);
 		return;
 	}
diff --git a/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.dsc b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.dsc
deleted file mode 100644
index 82cbdb8c..00000000
--- a/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.dsc
+++ /dev/null
@@ -1,16 +0,0 @@
-BaseName: 315-event-loops-compile
-Version: 1.0
-Description: Compile
-CreationDate: do  8 dec 2016 23:38:18 CET
-Maintainer: Willem Toorop
-Category: 
-Component:
-CmdDepends: 
-Depends: 300-event-loops-configure.tpkg
-Help:
-Pre: 315-event-loops-compile.pre
-Post: 315-event-loops-compile.post
-Test: 315-event-loops-compile.test
-AuxFiles: 
-Passed:
-Failure:
diff --git a/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.post b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.post
deleted file mode 100644
index 4d5f4293..00000000
--- a/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.post
+++ /dev/null
@@ -1,20 +0,0 @@
-# #-- 315-event-loops-compile.post --#
-# source the master var file when it's there
-if [ -f ../.tpkg.var.master ]
-then
-	source ../.tpkg.var.master
-else
-	(
-		cd ..
-		[ -f  "${TPKG_SRCDIR}/setup-env.sh" ] \
-		    && sh "${TPKG_SRCDIR}/setup-env.sh"
-	) && source ../.tpkg.var.master
-fi
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-for f in `cat restore-srcdir-configure-settings`
-do
-	mv "${SRCROOT}/${f}.build-event-loops" "${SRCROOT}/${f}"
-done
-
diff --git a/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.pre b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.pre
deleted file mode 100644
index 4ec46299..00000000
--- a/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.pre
+++ /dev/null
@@ -1,24 +0,0 @@
-# #-- 315-event-loops-compile.pre--#
-# source the master var file when it's there
-if [ -f ../.tpkg.var.master ]
-then
-	source ../.tpkg.var.master
-else
-	(
-		cd ..
-		[ -f  "${TPKG_SRCDIR}/setup-env.sh" ] \
-		    && sh "${TPKG_SRCDIR}/setup-env.sh" 
-	) && source ../.tpkg.var.master
-fi
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-echo "" > restore-srcdir-configure-settings
-for f in `grep 'CONFIG_[FH][IE][LA][ED][SE]' "${SRCROOT}/configure.ac" | sed -e 's/^.*(\[//g' -e 's/\])//g'`
-do
-	if [ -f "${SRCROOT}/$f" ]
-	then
-		mv "${SRCROOT}/${f}" "${SRCROOT}/${f}.build-event-loops" && \
-			echo "$f" >> restore-srcdir-configure-settings
-	fi
-done
diff --git a/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.test b/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.test
deleted file mode 100644
index 7a420026..00000000
--- a/src/test/tpkg/315-event-loops-compile.tpkg/315-event-loops-compile.test
+++ /dev/null
@@ -1,8 +0,0 @@
-# #-- 315-event-loops-compile.test --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-cd "${BUILDDIR}/build-event-loops"
-make XTRA_CFLAGS='-Werror'
diff --git a/src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.test b/src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.test
index aa19d023..1be03f3d 100644
--- a/src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.test
+++ b/src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.test
@@ -5,5 +5,4 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
 cd "${BUILDDIR}/build-event-loops"
-make clean
-make
+make XTRA_CFLAGS=-Werror
diff --git a/src/ub_loop.c b/src/ub_loop.c
index 1fc9daa7..eaf55490 100644
--- a/src/ub_loop.c
+++ b/src/ub_loop.c
@@ -149,7 +149,7 @@ static int my_event_base_loopexit(struct ub_event_base* base, struct timeval* tv
 static void clear_my_event(my_event *ev)
 {
 	DEBUG_SCHED("UB_LOOP: to clear %p(%d, %d, %"PRIu64"), total: %d\n"
-	           , ev, ev->fd, ev->bits, ev->timeout, ev->loop->n_events);
+	           , (void *)ev, ev->fd, ev->bits, ev->timeout, ev->loop->n_events);
 	(ev)->loop->extension->vmt->clear((ev)->loop->extension, &(ev)->gev);
 	(ev)->added = 0;
 	if ((ev)->active) {
@@ -157,7 +157,7 @@ static void clear_my_event(my_event *ev)
 		(ev)->active = NULL;
 	}
 	DEBUG_SCHED("UB_LOOP: %p(%d, %d, %"PRIu64") cleared, total: %d\n"
-	           , ev, ev->fd, ev->bits, ev->timeout, --ev->loop->n_events);
+	           , (void *)ev, ev->fd, ev->bits, ev->timeout, --ev->loop->n_events);
 }
 
 static getdns_return_t schedule_my_event(my_event *ev)
@@ -165,16 +165,16 @@ static getdns_return_t schedule_my_event(my_event *ev)
 	getdns_return_t r;
 
 	DEBUG_SCHED("UB_LOOP: to schedule %p(%d, %d, %"PRIu64"), total: %d\n"
-	           , ev, ev->fd, ev->bits, ev->timeout, ev->loop->n_events);
+	           , (void *)ev, ev->fd, ev->bits, ev->timeout, ev->loop->n_events);
 	if (ev->gev.read_cb || ev->gev.write_cb || ev->gev.timeout_cb) {
 		if ((r = ev->loop->extension->vmt->schedule(
 		    ev->loop->extension, ev->fd, ev->timeout, &ev->gev))) {
-			DEBUG_SCHED("UB_LOOP ERROR: scheduling event: %p\n", ev);
+			DEBUG_SCHED("UB_LOOP ERROR: scheduling event: %p\n", (void *)ev);
 			return r;
 		}
 		ev->added = 1;
 		DEBUG_SCHED("UB_LOOP: event %p(%d, %d, %"PRIu64") scheduled, "
-		            "total: %d\n", ev, ev->fd, ev->bits, ev->timeout
+		            "total: %d\n", (void *)ev, ev->fd, ev->bits, ev->timeout
 		           , ++ev->loop->n_events);
 	}
 	return GETDNS_RETURN_GOOD;

From e01c85ef2f9f7acebbd18ef6e2eda0031af50fe1 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Mon, 12 Dec 2016 12:25:10 -0800
Subject: [PATCH 079/249] Implementing the ARC4_LOCK/UNLOCK functions for
 Windows.

---
 src/compat/arc4_lock.c | 58 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

diff --git a/src/compat/arc4_lock.c b/src/compat/arc4_lock.c
index facf9575..34b85974 100644
--- a/src/compat/arc4_lock.c
+++ b/src/compat/arc4_lock.c
@@ -48,9 +48,65 @@ void _ARC4_UNLOCK(void)
 {
     pthread_mutex_unlock(&arc_lock);
 }
+#elif defined(GETDNS_ON_WINDOWS)
+ /*
+ * There is no explicit arc4random_init call, and thus
+ * the critical section must be allocated on the first call to
+ * ARC4_LOCK(). The interlocked test is used to verify that
+ * the critical section will be allocated only once.
+ *
+ * The work around is for the main program to call arc4random()
+ * at the beginning of execution, before spinning new threads.
+ *
+ * There is also no explicit arc4random_close call, and thus
+ * the critical section is never deleted. It will remain allocated
+ * as long as the program runs.
+ */
+static CRITICAL_SECTION arc_critical_section;
+static volatile long arc_critical_section_initialized = 0;
+
+void _ARC4_LOCK(void)
+{
+	long r = InterlockedCompareExchange(&arc_critical_section_initialized, 1, 0);
+
+	if (r != 2)
+	{
+		if (r == 0)
+		{
+			InitializeCriticalSection(&arc_critical_section);
+			arc_critical_section_initialized = 2;
+		}
+		else if (r == 1)
+		{
+			/*
+			* If the critical section is initialized, the first test
+			* will return the value 2.
+			*
+			* If several threads try to initialize the arc4random
+			* state "at the same time", the first one will find
+			* the "initialized" variable at 0, the other ones at 1.
+			*
+			* Since this is a fairly rare event, we resolve it with a
+			* simple active wait loop.
+			*/
+
+			while (arc_critical_section_initialized != 2)
+			{
+				Sleep(1);
+			}
+		}
+	}
+
+	EnterCriticalSection(&arc_critical_section);
+}
+
+void _ARC4_UNLOCK(void)
+{
+	LeaveCriticalSection(&arc_critical_section);
+}
 
 #else
-/* XXX - add windows-(or at least non pthread) specific lock routines here */
+ /* XXX - add non pthread specific lock routines here */
 void _ARC4_LOCK(void)
 {
 }

From 8b4c90eaf418a2a206c29ec5587f0f04afd0ec00 Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Thu, 17 Nov 2016 17:21:04 +0000
Subject: [PATCH 080/249] move default eventloop from select to poll, make max
 fds dependent on value from getrlimit not FD_SETSIZE

---
 src/extension/default_eventloop.c | 117 +++++++++++++++++++++---------
 src/extension/default_eventloop.h |  17 ++---
 2 files changed, 86 insertions(+), 48 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index c27dacde..ec1b1e19 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -27,10 +27,15 @@
 
 #include "config.h"
 
+#include <poll.h>
+#include <sys/resource.h>
 #include "extension/default_eventloop.h"
 #include "debug.h"
 #include "types-internal.h"
 
+static int max_fds = 0;
+static int max_timeouts = 0;
+
 static uint64_t get_now_plus(uint64_t amount)
 {
 	struct timeval tv;
@@ -53,15 +58,15 @@ default_eventloop_schedule(getdns_eventloop *loop,
 	_getdns_default_eventloop *default_loop  = (_getdns_default_eventloop *)loop;
 	size_t i;
 
-	DEBUG_SCHED( "%s(loop: %p, fd: %d, timeout: %"PRIu64", event: %p, FD_SETSIZE: %d)\n"
-	        , __FUNCTION__, loop, fd, timeout, event, FD_SETSIZE);
+	DEBUG_SCHED( "%s(loop: %p, fd: %d, timeout: %"PRIu64", event: %p, max_fds: %d)\n"
+	        , __FUNCTION__, loop, fd, timeout, event, max_fds);
 
 	if (!loop || !event)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	if (fd >= (int)FD_SETSIZE) {
-		DEBUG_SCHED( "ERROR: fd %d >= FD_SETSIZE: %d!\n"
-		           , fd, FD_SETSIZE);
+	if (fd >= (int)max_fds) {
+		DEBUG_SCHED( "ERROR: fd %d >= max_fds: %d!\n"
+		           , fd, max_fds);
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
 	if (fd >= 0 && !(event->read_cb || event->write_cb)) {
@@ -101,7 +106,7 @@ default_eventloop_schedule(getdns_eventloop *loop,
 		DEBUG_SCHED("ERROR: timeout event with write_cb! Clearing.\n");
 		event->write_cb = NULL;
 	}
-	for (i = 0; i < MAX_TIMEOUTS; i++) {
+	for (i = 0; i < max_timeouts; i++) {
 		if (default_loop->timeout_events[i] == NULL) {
 			default_loop->timeout_events[i] = event;
 			default_loop->timeout_times[i] = get_now_plus(timeout);		
@@ -126,7 +131,7 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 	DEBUG_SCHED( "%s(loop: %p, event: %p)\n", __FUNCTION__, loop, event);
 
 	i = (intptr_t)event->ev - 1;
-	if (i < 0 || i >= FD_SETSIZE) {
+	if (i < 0 || i > max_fds) {
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
 	if (event->timeout_cb && !event->read_cb && !event->write_cb) {
@@ -153,7 +158,15 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 static void
 default_eventloop_cleanup(getdns_eventloop *loop)
 {
-	(void)loop;
+	_getdns_default_eventloop *default_loop  = (_getdns_default_eventloop *)loop;
+	if (default_loop->fd_events)
+		free(default_loop->fd_events);
+	if (default_loop->fd_timeout_times)
+		free(default_loop->fd_timeout_times);
+	if (default_loop->timeout_events)
+		free(default_loop->timeout_events);
+	if (default_loop->timeout_times)
+		free(default_loop->timeout_times);
 }
 
 static void
@@ -191,20 +204,19 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 {
 	_getdns_default_eventloop *default_loop  = (_getdns_default_eventloop *)loop;
 
-	fd_set   readfds, writefds;
 	int      fd, max_fd = -1;
 	uint64_t now, timeout = TIMEOUT_FOREVER;
 	size_t   i;
-	struct timeval tv;
-
+	int poll_timeout = 0;
+	struct pollfd* pfds = NULL;
+	int num_pfds = 0;
+	
 	if (!loop)
 		return;
-
-	FD_ZERO(&readfds);
-	FD_ZERO(&writefds);
+	
 	now = get_now_plus(0);
 
-	for (i = 0; i < MAX_TIMEOUTS; i++) {
+	for (i = 0; i < max_timeouts; i++) {
 		if (!default_loop->timeout_events[i])
 			continue;
 		if (now > default_loop->timeout_times[i])
@@ -212,50 +224,65 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		else if (default_loop->timeout_times[i] < timeout)
 			timeout = default_loop->timeout_times[i];
 	}
-	for (fd = 0; fd < FD_SETSIZE; fd++) {
+	// first we count the number of fds that will be active
+	for (fd = 0; fd < max_fds; fd++) {
 		if (!default_loop->fd_events[fd])
 			continue;
-		if (default_loop->fd_events[fd]->read_cb)
-			FD_SET(fd, &readfds);
-		if (default_loop->fd_events[fd]->write_cb)
-			FD_SET(fd, &writefds);
+		if (default_loop->fd_events[fd]->read_cb ||
+		    default_loop->fd_events[fd]->write_cb)
+			num_pfds++;
 		if (fd > max_fd)
 			max_fd = fd;
 		if (default_loop->fd_timeout_times[fd] < timeout)
 			timeout = default_loop->fd_timeout_times[fd];
 	}
-	if (max_fd == -1 && timeout == TIMEOUT_FOREVER)
+
+	if ((max_fd == -1 && timeout == (uint64_t)-1) || (num_pfds == 0))
 		return;
 
-	if (! blocking || now > timeout) {
-		tv.tv_sec = 0;
-		tv.tv_usec = 0;
-	} else {
-		tv.tv_sec  = (long)((timeout - now) / 1000000);
-		tv.tv_usec = (long)((timeout - now) % 1000000);
+	pfds = calloc(num_pfds, sizeof(struct pollfd));
+	for (fd = 0, i=0; fd < max_fds; fd++) {
+		if (!default_loop->fd_events[fd])
+			continue;
+		if (default_loop->fd_events[fd]->read_cb) {
+			pfds[i].fd = fd;
+			pfds[i].events |= POLLIN;
+		}	
+		if (default_loop->fd_events[fd]->write_cb) {
+			pfds[i].fd = fd;
+			pfds[i].events |= POLLOUT;
+		}
 	}
-	if (select(max_fd + 1, &readfds, &writefds, NULL,
-	    (timeout == TIMEOUT_FOREVER ? NULL : &tv)) < 0) {
-		perror("select() failed");
+
+	if (! blocking || now > timeout) {
+		poll_timeout = 0;
+	} else {
+		poll_timeout = (timeout - now) * 1000; /* turn seconds in millseconds */
+	}
+	if (poll(pfds, num_pfds, poll_timeout) < 0) {
+		perror("poll() failed");
 		exit(EXIT_FAILURE);
 	}
 	now = get_now_plus(0);
-	for (fd = 0; fd < FD_SETSIZE; fd++) {
+	for (int i = 0; i < num_pfds; i++) {
+		int fd = pfds[i].fd;
 		if (default_loop->fd_events[fd] &&
 		    default_loop->fd_events[fd]->read_cb &&
-		    FD_ISSET(fd, &readfds))
+		    (pfds[i].revents & POLLIN))
 			default_read_cb(fd, default_loop->fd_events[fd]);
 
 		if (default_loop->fd_events[fd] &&
 		    default_loop->fd_events[fd]->write_cb &&
-		    FD_ISSET(fd, &writefds))
+		    (pfds[i].revents & POLLOUT))
 			default_write_cb(fd, default_loop->fd_events[fd]);
-
+	}
+	if (pfds)
+		free(pfds);
+	for (int fd=0; fd < max_fds; fd++) {
 		if (default_loop->fd_events[fd] &&
 		    default_loop->fd_events[fd]->timeout_cb &&
 		    now > default_loop->fd_timeout_times[fd])
 			default_timeout_cb(fd, default_loop->fd_events[fd]);
-
 		i = fd;
 		if (default_loop->timeout_events[i] &&
 		    default_loop->timeout_events[i]->timeout_cb &&
@@ -274,7 +301,7 @@ default_eventloop_run(getdns_eventloop *loop)
 		return;
 
 	i = 0;
-	while (i < MAX_TIMEOUTS) {
+	while (i < max_timeouts) {
 		if (default_loop->fd_events[i] || default_loop->timeout_events[i]) {
 			default_eventloop_run_once(loop, 1);
 			i = 0;
@@ -297,4 +324,22 @@ _getdns_default_eventloop_init(_getdns_default_eventloop *loop)
 
 	(void) memset(loop, 0, sizeof(_getdns_default_eventloop));
 	loop->loop.vmt = &default_eventloop_vmt;
+
+	struct rlimit rl;
+	if (getrlimit(RLIMIT_NOFILE, &rl) == 0) {
+		max_fds = rl.rlim_cur;
+		max_timeouts = max_fds;
+	} else {
+		DEBUG_SCHED("ERROR: could not obtain RLIMIT_NOFILE from getrlimit()\n");
+		max_fds = 0;
+		max_timeouts = max_fds;
+	}
+	if (max_fds) {
+		loop->fd_events = calloc(max_fds, sizeof(getdns_eventloop_event *));
+		loop->fd_timeout_times = calloc(max_fds, sizeof(uint64_t));
+	}
+	if (max_timeouts) {
+		loop->timeout_events = calloc(max_timeouts, sizeof(getdns_eventloop_event *));
+		loop->timeout_times = calloc(max_timeouts, sizeof(uint64_t));
+	}
 }
diff --git a/src/extension/default_eventloop.h b/src/extension/default_eventloop.h
index 7f6b78f0..67b2eda8 100644
--- a/src/extension/default_eventloop.h
+++ b/src/extension/default_eventloop.h
@@ -35,20 +35,13 @@
 #include "getdns/getdns.h"
 #include "getdns/getdns_extra.h"
 
-/* No more than select's capability queries can be outstanding,
- * The number of outstanding timeouts should be less or equal then
- * the number of outstanding queries, so MAX_TIMEOUTS equal to
- * FD_SETSIZE should be safe.
- */
-#define MAX_TIMEOUTS FD_SETSIZE
-
-/* Eventloop based on select */
+/* Eventloop based on poll */
 typedef struct _getdns_default_eventloop {
 	getdns_eventloop        loop;
-	getdns_eventloop_event *fd_events[FD_SETSIZE];
-	uint64_t                fd_timeout_times[FD_SETSIZE];
-	getdns_eventloop_event *timeout_events[MAX_TIMEOUTS];
-	uint64_t                timeout_times[MAX_TIMEOUTS];
+	getdns_eventloop_event **fd_events;
+	uint64_t                *fd_timeout_times;
+	getdns_eventloop_event **timeout_events;
+	uint64_t                *timeout_times;
 } _getdns_default_eventloop;
 
 

From a9386e621af226a6b2dbc5d1c2b44573ecef2390 Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Thu, 17 Nov 2016 18:26:11 +0000
Subject: [PATCH 081/249] max_fds and max_timeouts part of default eventloop
 structure

---
 src/extension/default_eventloop.c | 43 ++++++++++++++-----------------
 src/extension/default_eventloop.h |  2 ++
 2 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index ec1b1e19..83a1d956 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -33,9 +33,6 @@
 #include "debug.h"
 #include "types-internal.h"
 
-static int max_fds = 0;
-static int max_timeouts = 0;
-
 static uint64_t get_now_plus(uint64_t amount)
 {
 	struct timeval tv;
@@ -59,14 +56,14 @@ default_eventloop_schedule(getdns_eventloop *loop,
 	size_t i;
 
 	DEBUG_SCHED( "%s(loop: %p, fd: %d, timeout: %"PRIu64", event: %p, max_fds: %d)\n"
-	        , __FUNCTION__, loop, fd, timeout, event, max_fds);
+	        , __FUNCTION__, loop, fd, timeout, event, default_loop->max_fds);
 
 	if (!loop || !event)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	if (fd >= (int)max_fds) {
+	if (fd >= (int)default_loop->max_fds) {
 		DEBUG_SCHED( "ERROR: fd %d >= max_fds: %d!\n"
-		           , fd, max_fds);
+		           , fd, default_loop->max_fds);
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
 	if (fd >= 0 && !(event->read_cb || event->write_cb)) {
@@ -106,7 +103,7 @@ default_eventloop_schedule(getdns_eventloop *loop,
 		DEBUG_SCHED("ERROR: timeout event with write_cb! Clearing.\n");
 		event->write_cb = NULL;
 	}
-	for (i = 0; i < max_timeouts; i++) {
+	for (i = 0; i < default_loop->max_timeouts; i++) {
 		if (default_loop->timeout_events[i] == NULL) {
 			default_loop->timeout_events[i] = event;
 			default_loop->timeout_times[i] = get_now_plus(timeout);		
@@ -131,7 +128,7 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 	DEBUG_SCHED( "%s(loop: %p, event: %p)\n", __FUNCTION__, loop, event);
 
 	i = (intptr_t)event->ev - 1;
-	if (i < 0 || i > max_fds) {
+	if (i < 0 || i > default_loop->max_fds) {
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
 	if (event->timeout_cb && !event->read_cb && !event->write_cb) {
@@ -216,7 +213,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	
 	now = get_now_plus(0);
 
-	for (i = 0; i < max_timeouts; i++) {
+	for (i = 0; i < default_loop->max_timeouts; i++) {
 		if (!default_loop->timeout_events[i])
 			continue;
 		if (now > default_loop->timeout_times[i])
@@ -225,7 +222,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 			timeout = default_loop->timeout_times[i];
 	}
 	// first we count the number of fds that will be active
-	for (fd = 0; fd < max_fds; fd++) {
+	for (fd = 0; fd < default_loop->max_fds; fd++) {
 		if (!default_loop->fd_events[fd])
 			continue;
 		if (default_loop->fd_events[fd]->read_cb ||
@@ -241,7 +238,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		return;
 
 	pfds = calloc(num_pfds, sizeof(struct pollfd));
-	for (fd = 0, i=0; fd < max_fds; fd++) {
+	for (fd = 0, i=0; fd < default_loop->max_fds; fd++) {
 		if (!default_loop->fd_events[fd])
 			continue;
 		if (default_loop->fd_events[fd]->read_cb) {
@@ -278,7 +275,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	}
 	if (pfds)
 		free(pfds);
-	for (int fd=0; fd < max_fds; fd++) {
+	for (int fd=0; fd < default_loop->max_fds; fd++) {
 		if (default_loop->fd_events[fd] &&
 		    default_loop->fd_events[fd]->timeout_cb &&
 		    now > default_loop->fd_timeout_times[fd])
@@ -301,7 +298,7 @@ default_eventloop_run(getdns_eventloop *loop)
 		return;
 
 	i = 0;
-	while (i < max_timeouts) {
+	while (i < default_loop->max_timeouts) {
 		if (default_loop->fd_events[i] || default_loop->timeout_events[i]) {
 			default_eventloop_run_once(loop, 1);
 			i = 0;
@@ -327,19 +324,19 @@ _getdns_default_eventloop_init(_getdns_default_eventloop *loop)
 
 	struct rlimit rl;
 	if (getrlimit(RLIMIT_NOFILE, &rl) == 0) {
-		max_fds = rl.rlim_cur;
-		max_timeouts = max_fds;
+		loop->max_fds = rl.rlim_cur;
+		loop->max_timeouts = loop->max_fds;
 	} else {
 		DEBUG_SCHED("ERROR: could not obtain RLIMIT_NOFILE from getrlimit()\n");
-		max_fds = 0;
-		max_timeouts = max_fds;
+		loop->max_fds = 0;
+		loop->max_timeouts = loop->max_fds;
 	}
-	if (max_fds) {
-		loop->fd_events = calloc(max_fds, sizeof(getdns_eventloop_event *));
-		loop->fd_timeout_times = calloc(max_fds, sizeof(uint64_t));
+	if (loop->max_fds) {
+		loop->fd_events = calloc(loop->max_fds, sizeof(getdns_eventloop_event *));
+		loop->fd_timeout_times = calloc(loop->max_fds, sizeof(uint64_t));
 	}
-	if (max_timeouts) {
-		loop->timeout_events = calloc(max_timeouts, sizeof(getdns_eventloop_event *));
-		loop->timeout_times = calloc(max_timeouts, sizeof(uint64_t));
+	if (loop->max_timeouts) {
+		loop->timeout_events = calloc(loop->max_timeouts, sizeof(getdns_eventloop_event *));
+		loop->timeout_times = calloc(loop->max_timeouts, sizeof(uint64_t));
 	}
 }
diff --git a/src/extension/default_eventloop.h b/src/extension/default_eventloop.h
index 67b2eda8..285bbc11 100644
--- a/src/extension/default_eventloop.h
+++ b/src/extension/default_eventloop.h
@@ -38,6 +38,8 @@
 /* Eventloop based on poll */
 typedef struct _getdns_default_eventloop {
 	getdns_eventloop        loop;
+	int			max_fds;
+	int			max_timeouts;
 	getdns_eventloop_event **fd_events;
 	uint64_t                *fd_timeout_times;
 	getdns_eventloop_event **timeout_events;

From d3b097fffe11a8fc15ce92af63c0dfb227493057 Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Wed, 14 Dec 2016 15:45:39 +0000
Subject: [PATCH 082/249] Rewrite default_eventloop to use hash tables instead
 of arrays

---
 src/extension/default_eventloop.c |  216 +++---
 src/extension/default_eventloop.h |   16 +-
 src/util/uthash.h                 | 1074 +++++++++++++++++++++++++++++
 3 files changed, 1212 insertions(+), 94 deletions(-)
 create mode 100644 src/util/uthash.h

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 83a1d956..1ae37adc 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -27,12 +27,41 @@
 
 #include "config.h"
 
+#ifdef USE_WINSOCK
+
+#else
 #include <poll.h>
+#endif
 #include <sys/resource.h>
 #include "extension/default_eventloop.h"
 #include "debug.h"
 #include "types-internal.h"
 
+_getdns_eventloop_info *find_event(_getdns_eventloop_info** events, int id)
+{
+	_getdns_eventloop_info* ev;
+
+	DEBUG_SCHED("finding event in events ptr %p with id %d", *events, id);
+	
+	HASH_FIND_INT(*events, &id, ev);
+
+	DEBUG_SCHED("found event in events ptr %p with id %d and ptr %p", *events, id, ev);
+
+	return ev;
+}
+
+void add_event(_getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
+{
+	DEBUG_SCHED("adding event in events ptr %p with id %d and ptr %p", *events, id, ev);
+	HASH_ADD_INT(*events, id, ev);
+}
+
+void delete_event(_getdns_eventloop_info** events, _getdns_eventloop_info* ev)
+{
+	DEBUG_SCHED("deleting event in events ptr %p and ptr %p", *events, ev);
+	HASH_DEL(*events, ev);
+}
+
 static uint64_t get_now_plus(uint64_t amount)
 {
 	struct timeval tv;
@@ -72,22 +101,33 @@ default_eventloop_schedule(getdns_eventloop *loop,
 		fd = -1;
 	}
 	if (fd >= 0) {
+		DEBUG_SCHED("default_eventloop_schedule: find_event(default_loop->fd_events)");
+		_getdns_eventloop_info* fd_event = find_event(&default_loop->fd_events, fd);
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
-		if (default_loop->fd_events[fd]) {
-			if (default_loop->fd_events[fd] == event) {
+		if (fd_event) {
+			if (fd_event->event == event) {
 				DEBUG_SCHED("WARNING: Event %p not cleared "
 				            "before being rescheduled!\n"
-				           , default_loop->fd_events[fd]);
+				           , fd_event->event);
 			} else {
 				DEBUG_SCHED("ERROR: A different event is "
 				            "already present at fd slot: %p!\n"
-				           , default_loop->fd_events[fd]);
+				           , fd_event->event);
 			}
 		}
 #endif
-		default_loop->fd_events[fd] = event;
-		default_loop->fd_timeout_times[fd] = get_now_plus(timeout);
-		event->ev = (void *)(intptr_t)(fd + 1);
+		/* cleanup the old event if it exists */
+		if (fd_event) {
+			delete_event(&default_loop->fd_events, fd_event);
+			free(fd_event);
+		}
+		fd_event = calloc(1, sizeof(_getdns_eventloop_info));
+		fd_event->id = fd;
+		fd_event->event = event;
+		fd_event->timeout_time = get_now_plus(timeout);
+		add_event(&default_loop->fd_events, fd, fd_event);
+		event->ev = (void *) (intptr_t) fd + 1;
+
 		DEBUG_SCHED( "scheduled read/write at %d\n", fd);
 		return GETDNS_RETURN_GOOD;
 	}
@@ -104,10 +144,16 @@ default_eventloop_schedule(getdns_eventloop *loop,
 		event->write_cb = NULL;
 	}
 	for (i = 0; i < default_loop->max_timeouts; i++) {
-		if (default_loop->timeout_events[i] == NULL) {
-			default_loop->timeout_events[i] = event;
-			default_loop->timeout_times[i] = get_now_plus(timeout);		
-			event->ev = (void *)(intptr_t)(i + 1);
+		_getdns_eventloop_info* timeout_event = NULL;
+		DEBUG_SCHED("default_eventloop_schedule: find_event(default_loop->timeout_events)");
+		if ((timeout_event = find_event(&default_loop->timeout_events, i)) == NULL) {
+			timeout_event = calloc(1, sizeof(_getdns_eventloop_info));
+			timeout_event->id = i;
+			timeout_event->event = event;
+			timeout_event->timeout_time = get_now_plus(timeout);
+			add_event(&default_loop->timeout_events, i, timeout_event);
+			event->ev = (void *) (intptr_t) i + 1;
+
 			DEBUG_SCHED( "scheduled timeout at %d\n", (int)i);
 			return GETDNS_RETURN_GOOD;
 		}
@@ -132,21 +178,31 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
 	if (event->timeout_cb && !event->read_cb && !event->write_cb) {
+		DEBUG_SCHED("default_eventloop_clear: find_event(default_loop->timeout_events)");
+		_getdns_eventloop_info* timeout_event = find_event(&default_loop->timeout_events, i);
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
-		if (default_loop->timeout_events[i] != event)
+		if (timeout_event && timeout_event->event != event)
 			DEBUG_SCHED( "ERROR: Different/wrong event present at "
 			             "timeout slot: %p!\n"
-			           , default_loop->timeout_events[i]);
+				     , timeout_event);
 #endif
-		default_loop->timeout_events[i] = NULL;
+		if (timeout_event) {
+			delete_event(&default_loop->timeout_events, timeout_event);
+			free(timeout_event);
+		}
 	} else {
+		DEBUG_SCHED("default_eventloop_clear: find_event(default_loop->fd_events)");
+		_getdns_eventloop_info* fd_event = find_event(&default_loop->fd_events, i);
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
-		if (default_loop->fd_events[i] != event)
+		if (fd_event && fd_event->event != event)
 			DEBUG_SCHED( "ERROR: Different/wrong event present at "
 			             "fd slot: %p!\n"
-			           , default_loop->fd_events[i]);
+			           , fd_event);
 #endif
-		default_loop->fd_events[i] = NULL;
+		if (fd_event) {
+			delete_event(&default_loop->fd_events, fd_event);
+			free(fd_event);
+		}
 	}
 	event->ev = NULL;
 	return GETDNS_RETURN_GOOD;
@@ -156,14 +212,8 @@ static void
 default_eventloop_cleanup(getdns_eventloop *loop)
 {
 	_getdns_default_eventloop *default_loop  = (_getdns_default_eventloop *)loop;
-	if (default_loop->fd_events)
-		free(default_loop->fd_events);
-	if (default_loop->fd_timeout_times)
-		free(default_loop->fd_timeout_times);
-	if (default_loop->timeout_events)
-		free(default_loop->timeout_events);
-	if (default_loop->timeout_times)
-		free(default_loop->timeout_times);
+	HASH_CLEAR(hh, default_loop->fd_events);
+	HASH_CLEAR(hh, default_loop->timeout_events);
 }
 
 static void
@@ -200,91 +250,93 @@ static void
 default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 {
 	_getdns_default_eventloop *default_loop  = (_getdns_default_eventloop *)loop;
-
-	int      fd, max_fd = -1;
+	_getdns_eventloop_info *s, *tmp;
 	uint64_t now, timeout = TIMEOUT_FOREVER;
-	size_t   i;
+	size_t   i=0;
 	int poll_timeout = 0;
 	struct pollfd* pfds = NULL;
 	int num_pfds = 0;
-	
+
 	if (!loop)
 		return;
 	
 	now = get_now_plus(0);
 
-	for (i = 0; i < default_loop->max_timeouts; i++) {
-		if (!default_loop->timeout_events[i])
-			continue;
-		if (now > default_loop->timeout_times[i])
-			default_timeout_cb(-1, default_loop->timeout_events[i]);
-		else if (default_loop->timeout_times[i] < timeout)
-			timeout = default_loop->timeout_times[i];
+	HASH_ITER(hh, default_loop->timeout_events, s, tmp) {
+		if (now > s->timeout_time)
+			default_timeout_cb(-1, s->event);
+		else if (s->timeout_time < timeout)
+			timeout = s->timeout_time;
 	}
 	// first we count the number of fds that will be active
-	for (fd = 0; fd < default_loop->max_fds; fd++) {
-		if (!default_loop->fd_events[fd])
-			continue;
-		if (default_loop->fd_events[fd]->read_cb ||
-		    default_loop->fd_events[fd]->write_cb)
+	HASH_ITER(hh, default_loop->fd_events, s, tmp) {
+		if (s->event->read_cb ||
+		    s->event->write_cb)
 			num_pfds++;
-		if (fd > max_fd)
-			max_fd = fd;
-		if (default_loop->fd_timeout_times[fd] < timeout)
-			timeout = default_loop->fd_timeout_times[fd];
+		if (s->timeout_time < timeout)
+			timeout = s->timeout_time;
 	}
 
-	if ((max_fd == -1 && timeout == (uint64_t)-1) || (num_pfds == 0))
+	if ((timeout == (uint64_t)-1) && (num_pfds == 0))
 		return;
 
 	pfds = calloc(num_pfds, sizeof(struct pollfd));
-	for (fd = 0, i=0; fd < default_loop->max_fds; fd++) {
-		if (!default_loop->fd_events[fd])
-			continue;
-		if (default_loop->fd_events[fd]->read_cb) {
-			pfds[i].fd = fd;
+	i = 0;
+	HASH_ITER(hh, default_loop->fd_events, s, tmp) {
+		if (s->event->read_cb) {
+			pfds[i].fd = s->id;
 			pfds[i].events |= POLLIN;
 		}	
-		if (default_loop->fd_events[fd]->write_cb) {
-			pfds[i].fd = fd;
+		if (s->event->write_cb) {
+			pfds[i].fd = s->id;
 			pfds[i].events |= POLLOUT;
 		}
+		i++;
 	}
 
 	if (! blocking || now > timeout) {
 		poll_timeout = 0;
 	} else {
-		poll_timeout = (timeout - now) * 1000; /* turn seconds in millseconds */
+		poll_timeout = (timeout - now) * 1000; /* turn seconds into millseconds */
 	}
+#ifdef USE_WINSOCK
+	if (WSAPoll(pfds, num_pfds, poll_timeout) < 0) {
+#else	
 	if (poll(pfds, num_pfds, poll_timeout) < 0) {
+#endif
 		perror("poll() failed");
 		exit(EXIT_FAILURE);
 	}
 	now = get_now_plus(0);
-	for (int i = 0; i < num_pfds; i++) {
+	for (i = 0; i < num_pfds; i++) {
 		int fd = pfds[i].fd;
-		if (default_loop->fd_events[fd] &&
-		    default_loop->fd_events[fd]->read_cb &&
+		DEBUG_SCHED("default_eventloop_runonce: find_event(default_loop->fd_events)");
+		_getdns_eventloop_info* fd_event = find_event(&default_loop->fd_events, fd);
+		if (fd_event &&
+		    fd_event->event &&
+		    fd_event->event->read_cb &&
 		    (pfds[i].revents & POLLIN))
-			default_read_cb(fd, default_loop->fd_events[fd]);
+			default_read_cb(fd, fd_event->event);
 
-		if (default_loop->fd_events[fd] &&
-		    default_loop->fd_events[fd]->write_cb &&
+		if (fd_event &&
+		    fd_event->event &&
+		    fd_event->event->write_cb &&
 		    (pfds[i].revents & POLLOUT))
-			default_write_cb(fd, default_loop->fd_events[fd]);
+			default_write_cb(fd, fd_event->event);
 	}
 	if (pfds)
 		free(pfds);
-	for (int fd=0; fd < default_loop->max_fds; fd++) {
-		if (default_loop->fd_events[fd] &&
-		    default_loop->fd_events[fd]->timeout_cb &&
-		    now > default_loop->fd_timeout_times[fd])
-			default_timeout_cb(fd, default_loop->fd_events[fd]);
-		i = fd;
-		if (default_loop->timeout_events[i] &&
-		    default_loop->timeout_events[i]->timeout_cb &&
-		    now > default_loop->timeout_times[i])
-			default_timeout_cb(-1, default_loop->timeout_events[i]);
+	HASH_ITER(hh, default_loop->fd_events, s, tmp) {
+		if (s->event &&
+		    s->event->timeout_cb &&
+		    now > s->timeout_time)
+			default_timeout_cb(s->id, s->event);
+	}
+	HASH_ITER(hh, default_loop->timeout_events, s, tmp) {
+		if (s->event &&
+		    s->event->timeout_cb &&
+		    now > s->timeout_time)
+			default_timeout_cb(s->id, s->event);
 	}
 }
 
@@ -292,19 +344,13 @@ static void
 default_eventloop_run(getdns_eventloop *loop)
 {
 	_getdns_default_eventloop *default_loop  = (_getdns_default_eventloop *)loop;
-	size_t        i;
 
 	if (!loop)
 		return;
 
-	i = 0;
-	while (i < default_loop->max_timeouts) {
-		if (default_loop->fd_events[i] || default_loop->timeout_events[i]) {
-			default_eventloop_run_once(loop, 1);
-			i = 0;
-		} else {
-			i++;
-		}
+	/* keep going until all the events are cleared */
+	while (default_loop->fd_events && default_loop->timeout_events) {
+		default_eventloop_run_once(loop, 1);
 	}
 }
 
@@ -325,18 +371,10 @@ _getdns_default_eventloop_init(_getdns_default_eventloop *loop)
 	struct rlimit rl;
 	if (getrlimit(RLIMIT_NOFILE, &rl) == 0) {
 		loop->max_fds = rl.rlim_cur;
-		loop->max_timeouts = loop->max_fds;
+		loop->max_timeouts = loop->max_fds; /* this is somewhat arbitrary */
 	} else {
 		DEBUG_SCHED("ERROR: could not obtain RLIMIT_NOFILE from getrlimit()\n");
 		loop->max_fds = 0;
 		loop->max_timeouts = loop->max_fds;
 	}
-	if (loop->max_fds) {
-		loop->fd_events = calloc(loop->max_fds, sizeof(getdns_eventloop_event *));
-		loop->fd_timeout_times = calloc(loop->max_fds, sizeof(uint64_t));
-	}
-	if (loop->max_timeouts) {
-		loop->timeout_events = calloc(loop->max_timeouts, sizeof(getdns_eventloop_event *));
-		loop->timeout_times = calloc(loop->max_timeouts, sizeof(uint64_t));
-	}
 }
diff --git a/src/extension/default_eventloop.h b/src/extension/default_eventloop.h
index 285bbc11..bc1d881b 100644
--- a/src/extension/default_eventloop.h
+++ b/src/extension/default_eventloop.h
@@ -34,19 +34,25 @@
 #include "config.h"
 #include "getdns/getdns.h"
 #include "getdns/getdns_extra.h"
+#include "util/uthash.h"
 
 /* Eventloop based on poll */
+
+typedef struct _getdns_eventloop_info {
+	int			id;
+	getdns_eventloop_event *event;
+	uint64_t                timeout_time;
+	UT_hash_handle		hh;
+} _getdns_eventloop_info;
+
 typedef struct _getdns_default_eventloop {
 	getdns_eventloop        loop;
 	int			max_fds;
 	int			max_timeouts;
-	getdns_eventloop_event **fd_events;
-	uint64_t                *fd_timeout_times;
-	getdns_eventloop_event **timeout_events;
-	uint64_t                *timeout_times;
+	_getdns_eventloop_info  *fd_events;
+	_getdns_eventloop_info  *timeout_events;
 } _getdns_default_eventloop;
 
-
 void
 _getdns_default_eventloop_init(_getdns_default_eventloop *loop);
 
diff --git a/src/util/uthash.h b/src/util/uthash.h
new file mode 100644
index 00000000..45d1f9fc
--- /dev/null
+++ b/src/util/uthash.h
@@ -0,0 +1,1074 @@
+/*
+Copyright (c) 2003-2016, Troy D. Hanson     http://troydhanson.github.com/uthash/
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef UTHASH_H
+#define UTHASH_H
+
+#define UTHASH_VERSION 2.0.1
+
+#include <string.h>   /* memcmp,strlen */
+#include <stddef.h>   /* ptrdiff_t */
+#include <stdlib.h>   /* exit() */
+
+/* These macros use decltype or the earlier __typeof GNU extension.
+   As decltype is only available in newer compilers (VS2010 or gcc 4.3+
+   when compiling c++ source) this code uses whatever method is needed
+   or, for VS2008 where neither is available, uses casting workarounds. */
+#if defined(_MSC_VER)   /* MS compiler */
+#if _MSC_VER >= 1600 && defined(__cplusplus)  /* VS2010 or newer in C++ mode */
+#define DECLTYPE(x) (decltype(x))
+#else                   /* VS2008 or older (or VS2010 in C mode) */
+#define NO_DECLTYPE
+#define DECLTYPE(x)
+#endif
+#elif defined(__BORLANDC__) || defined(__LCC__) || defined(__WATCOMC__)
+#define NO_DECLTYPE
+#define DECLTYPE(x)
+#else                   /* GNU, Sun and other compilers */
+#define DECLTYPE(x) (__typeof(x))
+#endif
+
+#ifdef NO_DECLTYPE
+#define DECLTYPE_ASSIGN(dst,src)                                                 \
+do {                                                                             \
+  char **_da_dst = (char**)(&(dst));                                             \
+  *_da_dst = (char*)(src);                                                       \
+} while (0)
+#else
+#define DECLTYPE_ASSIGN(dst,src)                                                 \
+do {                                                                             \
+  (dst) = DECLTYPE(dst)(src);                                                    \
+} while (0)
+#endif
+
+/* a number of the hash function use uint32_t which isn't defined on Pre VS2010 */
+#if defined(_WIN32)
+#if defined(_MSC_VER) && _MSC_VER >= 1600
+#include <stdint.h>
+#elif defined(__WATCOMC__) || defined(__MINGW32__) || defined(__CYGWIN__)
+#include <stdint.h>
+#else
+typedef unsigned int uint32_t;
+typedef unsigned char uint8_t;
+#endif
+#elif defined(__GNUC__) && !defined(__VXWORKS__)
+#include <stdint.h>
+#else
+typedef unsigned int uint32_t;
+typedef unsigned char uint8_t;
+#endif
+
+#ifndef uthash_fatal
+#define uthash_fatal(msg) exit(-1)        /* fatal error (out of memory,etc) */
+#endif
+#ifndef uthash_malloc
+#define uthash_malloc(sz) malloc(sz)      /* malloc fcn                      */
+#endif
+#ifndef uthash_free
+#define uthash_free(ptr,sz) free(ptr)     /* free fcn                        */
+#endif
+#ifndef uthash_strlen
+#define uthash_strlen(s) strlen(s)
+#endif
+#ifndef uthash_memcmp
+#define uthash_memcmp(a,b,n) memcmp(a,b,n)
+#endif
+
+#ifndef uthash_noexpand_fyi
+#define uthash_noexpand_fyi(tbl)          /* can be defined to log noexpand  */
+#endif
+#ifndef uthash_expand_fyi
+#define uthash_expand_fyi(tbl)            /* can be defined to log expands   */
+#endif
+
+/* initial number of buckets */
+#define HASH_INITIAL_NUM_BUCKETS 32U     /* initial number of buckets        */
+#define HASH_INITIAL_NUM_BUCKETS_LOG2 5U /* lg2 of initial number of buckets */
+#define HASH_BKT_CAPACITY_THRESH 10U     /* expand when bucket count reaches */
+
+/* calculate the element whose hash handle address is hhp */
+#define ELMT_FROM_HH(tbl,hhp) ((void*)(((char*)(hhp)) - ((tbl)->hho)))
+/* calculate the hash handle from element address elp */
+#define HH_FROM_ELMT(tbl,elp) ((UT_hash_handle *)(((char*)(elp)) + ((tbl)->hho)))
+
+#define HASH_VALUE(keyptr,keylen,hashv)                                          \
+do {                                                                             \
+  HASH_FCN(keyptr, keylen, hashv);                                               \
+} while (0)
+
+#define HASH_FIND_BYHASHVALUE(hh,head,keyptr,keylen,hashval,out)                 \
+do {                                                                             \
+  (out) = NULL;                                                                  \
+  if (head) {                                                                    \
+    unsigned _hf_bkt;                                                            \
+    HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _hf_bkt);                  \
+    if (HASH_BLOOM_TEST((head)->hh.tbl, hashval) != 0) {                         \
+      HASH_FIND_IN_BKT((head)->hh.tbl, hh, (head)->hh.tbl->buckets[ _hf_bkt ], keyptr, keylen, hashval, out); \
+    }                                                                            \
+  }                                                                              \
+} while (0)
+
+#define HASH_FIND(hh,head,keyptr,keylen,out)                                     \
+do {                                                                             \
+  unsigned _hf_hashv;                                                            \
+  HASH_VALUE(keyptr, keylen, _hf_hashv);                                         \
+  HASH_FIND_BYHASHVALUE(hh, head, keyptr, keylen, _hf_hashv, out);               \
+} while (0)
+
+#ifdef HASH_BLOOM
+#define HASH_BLOOM_BITLEN (1UL << HASH_BLOOM)
+#define HASH_BLOOM_BYTELEN (HASH_BLOOM_BITLEN/8UL) + (((HASH_BLOOM_BITLEN%8UL)!=0UL) ? 1UL : 0UL)
+#define HASH_BLOOM_MAKE(tbl)                                                     \
+do {                                                                             \
+  (tbl)->bloom_nbits = HASH_BLOOM;                                               \
+  (tbl)->bloom_bv = (uint8_t*)uthash_malloc(HASH_BLOOM_BYTELEN);                 \
+  if (!((tbl)->bloom_bv))  { uthash_fatal( "out of memory"); }                   \
+  memset((tbl)->bloom_bv, 0, HASH_BLOOM_BYTELEN);                                \
+  (tbl)->bloom_sig = HASH_BLOOM_SIGNATURE;                                       \
+} while (0)
+
+#define HASH_BLOOM_FREE(tbl)                                                     \
+do {                                                                             \
+  uthash_free((tbl)->bloom_bv, HASH_BLOOM_BYTELEN);                              \
+} while (0)
+
+#define HASH_BLOOM_BITSET(bv,idx) (bv[(idx)/8U] |= (1U << ((idx)%8U)))
+#define HASH_BLOOM_BITTEST(bv,idx) (bv[(idx)/8U] & (1U << ((idx)%8U)))
+
+#define HASH_BLOOM_ADD(tbl,hashv)                                                \
+  HASH_BLOOM_BITSET((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1U)))
+
+#define HASH_BLOOM_TEST(tbl,hashv)                                               \
+  HASH_BLOOM_BITTEST((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1U)))
+
+#else
+#define HASH_BLOOM_MAKE(tbl)
+#define HASH_BLOOM_FREE(tbl)
+#define HASH_BLOOM_ADD(tbl,hashv)
+#define HASH_BLOOM_TEST(tbl,hashv) (1)
+#define HASH_BLOOM_BYTELEN 0U
+#endif
+
+#define HASH_MAKE_TABLE(hh,head)                                                 \
+do {                                                                             \
+  (head)->hh.tbl = (UT_hash_table*)uthash_malloc(                                \
+                  sizeof(UT_hash_table));                                        \
+  if (!((head)->hh.tbl))  { uthash_fatal( "out of memory"); }                    \
+  memset((head)->hh.tbl, 0, sizeof(UT_hash_table));                              \
+  (head)->hh.tbl->tail = &((head)->hh);                                          \
+  (head)->hh.tbl->num_buckets = HASH_INITIAL_NUM_BUCKETS;                        \
+  (head)->hh.tbl->log2_num_buckets = HASH_INITIAL_NUM_BUCKETS_LOG2;              \
+  (head)->hh.tbl->hho = (char*)(&(head)->hh) - (char*)(head);                    \
+  (head)->hh.tbl->buckets = (UT_hash_bucket*)uthash_malloc(                      \
+          HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket));               \
+  if (! (head)->hh.tbl->buckets) { uthash_fatal( "out of memory"); }             \
+  memset((head)->hh.tbl->buckets, 0,                                             \
+          HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket));               \
+  HASH_BLOOM_MAKE((head)->hh.tbl);                                               \
+  (head)->hh.tbl->signature = HASH_SIGNATURE;                                    \
+} while (0)
+
+#define HASH_REPLACE_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,replaced,cmpfcn) \
+do {                                                                             \
+  (replaced) = NULL;                                                             \
+  HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \
+  if (replaced) {                                                                \
+     HASH_DELETE(hh, head, replaced);                                            \
+  }                                                                              \
+  HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn); \
+} while (0)
+
+#define HASH_REPLACE_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add,replaced) \
+do {                                                                             \
+  (replaced) = NULL;                                                             \
+  HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \
+  if (replaced) {                                                                \
+     HASH_DELETE(hh, head, replaced);                                            \
+  }                                                                              \
+  HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add); \
+} while (0)
+
+#define HASH_REPLACE(hh,head,fieldname,keylen_in,add,replaced)                   \
+do {                                                                             \
+  unsigned _hr_hashv;                                                            \
+  HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv);                         \
+  HASH_REPLACE_BYHASHVALUE(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced); \
+} while (0)
+
+#define HASH_REPLACE_INORDER(hh,head,fieldname,keylen_in,add,replaced,cmpfcn)    \
+do {                                                                             \
+  unsigned _hr_hashv;                                                            \
+  HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv);                         \
+  HASH_REPLACE_BYHASHVALUE_INORDER(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced, cmpfcn); \
+} while (0)
+
+#define HASH_APPEND_LIST(hh, head, add)                                          \
+do {                                                                             \
+  (add)->hh.next = NULL;                                                         \
+  (add)->hh.prev = ELMT_FROM_HH((head)->hh.tbl, (head)->hh.tbl->tail);           \
+  (head)->hh.tbl->tail->next = (add);                                            \
+  (head)->hh.tbl->tail = &((add)->hh);                                           \
+} while (0)
+
+#define HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh,head,keyptr,keylen_in,hashval,add,cmpfcn) \
+do {                                                                             \
+  unsigned _ha_bkt;                                                              \
+  (add)->hh.hashv = (hashval);                                                   \
+  (add)->hh.key = (char*) (keyptr);                                              \
+  (add)->hh.keylen = (unsigned) (keylen_in);                                     \
+  if (!(head)) {                                                                 \
+    (add)->hh.next = NULL;                                                       \
+    (add)->hh.prev = NULL;                                                       \
+    (head) = (add);                                                              \
+    HASH_MAKE_TABLE(hh, head);                                                   \
+  } else {                                                                       \
+    struct UT_hash_handle *_hs_iter = &(head)->hh;                               \
+    (add)->hh.tbl = (head)->hh.tbl;                                              \
+    do {                                                                         \
+      if (cmpfcn(DECLTYPE(head) ELMT_FROM_HH((head)->hh.tbl, _hs_iter), add) > 0) \
+        break;                                                                   \
+    } while ((_hs_iter = _hs_iter->next));                                       \
+    if (_hs_iter) {                                                              \
+      (add)->hh.next = _hs_iter;                                                 \
+      if (((add)->hh.prev = _hs_iter->prev)) {                                   \
+        HH_FROM_ELMT((head)->hh.tbl, _hs_iter->prev)->next = (add);              \
+      } else {                                                                   \
+        (head) = (add);                                                          \
+      }                                                                          \
+      _hs_iter->prev = (add);                                                    \
+    } else {                                                                     \
+      HASH_APPEND_LIST(hh, head, add);                                           \
+    }                                                                            \
+  }                                                                              \
+  (head)->hh.tbl->num_items++;                                                   \
+  HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt);                    \
+  HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], &(add)->hh);                 \
+  HASH_BLOOM_ADD((head)->hh.tbl, hashval);                                       \
+  HASH_EMIT_KEY(hh, head, keyptr, keylen_in);                                    \
+  HASH_FSCK(hh, head);                                                           \
+} while (0)
+
+#define HASH_ADD_KEYPTR_INORDER(hh,head,keyptr,keylen_in,add,cmpfcn)             \
+do {                                                                             \
+  unsigned _hs_hashv;                                                            \
+  HASH_VALUE(keyptr, keylen_in, _hs_hashv);                                      \
+  HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, keyptr, keylen_in, _hs_hashv, add, cmpfcn); \
+} while (0)
+
+#define HASH_ADD_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,cmpfcn) \
+  HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn)
+
+#define HASH_ADD_INORDER(hh,head,fieldname,keylen_in,add,cmpfcn)                 \
+  HASH_ADD_KEYPTR_INORDER(hh, head, &((add)->fieldname), keylen_in, add, cmpfcn)
+
+#define HASH_ADD_KEYPTR_BYHASHVALUE(hh,head,keyptr,keylen_in,hashval,add)        \
+do {                                                                             \
+  unsigned _ha_bkt;                                                              \
+  (add)->hh.hashv = (hashval);                                                   \
+  (add)->hh.key = (char*) (keyptr);                                              \
+  (add)->hh.keylen = (unsigned) (keylen_in);                                     \
+  if (!(head)) {                                                                 \
+    (add)->hh.next = NULL;                                                       \
+    (add)->hh.prev = NULL;                                                       \
+    (head) = (add);                                                              \
+    HASH_MAKE_TABLE(hh, head);                                                   \
+  } else {                                                                       \
+    (add)->hh.tbl = (head)->hh.tbl;                                              \
+    HASH_APPEND_LIST(hh, head, add);                                             \
+  }                                                                              \
+  (head)->hh.tbl->num_items++;                                                   \
+  HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt);                    \
+  HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], &(add)->hh);                 \
+  HASH_BLOOM_ADD((head)->hh.tbl, hashval);                                       \
+  HASH_EMIT_KEY(hh, head, keyptr, keylen_in);                                    \
+  HASH_FSCK(hh, head);                                                           \
+} while (0)
+
+#define HASH_ADD_KEYPTR(hh,head,keyptr,keylen_in,add)                            \
+do {                                                                             \
+  unsigned _ha_hashv;                                                            \
+  HASH_VALUE(keyptr, keylen_in, _ha_hashv);                                      \
+  HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, keyptr, keylen_in, _ha_hashv, add);      \
+} while (0)
+
+#define HASH_ADD_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add)            \
+  HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add)
+
+#define HASH_ADD(hh,head,fieldname,keylen_in,add)                                \
+  HASH_ADD_KEYPTR(hh, head, &((add)->fieldname), keylen_in, add)
+
+#define HASH_TO_BKT(hashv,num_bkts,bkt)                                          \
+do {                                                                             \
+  bkt = ((hashv) & ((num_bkts) - 1U));                                           \
+} while (0)
+
+/* delete "delptr" from the hash table.
+ * "the usual" patch-up process for the app-order doubly-linked-list.
+ * The use of _hd_hh_del below deserves special explanation.
+ * These used to be expressed using (delptr) but that led to a bug
+ * if someone used the same symbol for the head and deletee, like
+ *  HASH_DELETE(hh,users,users);
+ * We want that to work, but by changing the head (users) below
+ * we were forfeiting our ability to further refer to the deletee (users)
+ * in the patch-up process. Solution: use scratch space to
+ * copy the deletee pointer, then the latter references are via that
+ * scratch pointer rather than through the repointed (users) symbol.
+ */
+#define HASH_DELETE(hh,head,delptr)                                              \
+do {                                                                             \
+    struct UT_hash_handle *_hd_hh_del;                                           \
+    if ( ((delptr)->hh.prev == NULL) && ((delptr)->hh.next == NULL) )  {         \
+        uthash_free((head)->hh.tbl->buckets,                                     \
+                    (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \
+        HASH_BLOOM_FREE((head)->hh.tbl);                                         \
+        uthash_free((head)->hh.tbl, sizeof(UT_hash_table));                      \
+        head = NULL;                                                             \
+    } else {                                                                     \
+        unsigned _hd_bkt;                                                        \
+        _hd_hh_del = &((delptr)->hh);                                            \
+        if ((delptr) == ELMT_FROM_HH((head)->hh.tbl,(head)->hh.tbl->tail)) {     \
+            (head)->hh.tbl->tail =                                               \
+                (UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) +               \
+                (head)->hh.tbl->hho);                                            \
+        }                                                                        \
+        if ((delptr)->hh.prev != NULL) {                                         \
+            ((UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) +                  \
+                    (head)->hh.tbl->hho))->next = (delptr)->hh.next;             \
+        } else {                                                                 \
+            DECLTYPE_ASSIGN(head,(delptr)->hh.next);                             \
+        }                                                                        \
+        if (_hd_hh_del->next != NULL) {                                          \
+            ((UT_hash_handle*)((ptrdiff_t)_hd_hh_del->next +                     \
+                    (head)->hh.tbl->hho))->prev =                                \
+                    _hd_hh_del->prev;                                            \
+        }                                                                        \
+        HASH_TO_BKT( _hd_hh_del->hashv, (head)->hh.tbl->num_buckets, _hd_bkt);   \
+        HASH_DEL_IN_BKT(hh,(head)->hh.tbl->buckets[_hd_bkt], _hd_hh_del);        \
+        (head)->hh.tbl->num_items--;                                             \
+    }                                                                            \
+    HASH_FSCK(hh,head);                                                          \
+} while (0)
+
+
+/* convenience forms of HASH_FIND/HASH_ADD/HASH_DEL */
+#define HASH_FIND_STR(head,findstr,out)                                          \
+    HASH_FIND(hh,head,findstr,(unsigned)uthash_strlen(findstr),out)
+#define HASH_ADD_STR(head,strfield,add)                                          \
+    HASH_ADD(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add)
+#define HASH_REPLACE_STR(head,strfield,add,replaced)                             \
+    HASH_REPLACE(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add,replaced)
+#define HASH_FIND_INT(head,findint,out)                                          \
+    HASH_FIND(hh,head,findint,sizeof(int),out)
+#define HASH_ADD_INT(head,intfield,add)                                          \
+    HASH_ADD(hh,head,intfield,sizeof(int),add)
+#define HASH_REPLACE_INT(head,intfield,add,replaced)                             \
+    HASH_REPLACE(hh,head,intfield,sizeof(int),add,replaced)
+#define HASH_FIND_PTR(head,findptr,out)                                          \
+    HASH_FIND(hh,head,findptr,sizeof(void *),out)
+#define HASH_ADD_PTR(head,ptrfield,add)                                          \
+    HASH_ADD(hh,head,ptrfield,sizeof(void *),add)
+#define HASH_REPLACE_PTR(head,ptrfield,add,replaced)                             \
+    HASH_REPLACE(hh,head,ptrfield,sizeof(void *),add,replaced)
+#define HASH_DEL(head,delptr)                                                    \
+    HASH_DELETE(hh,head,delptr)
+
+/* HASH_FSCK checks hash integrity on every add/delete when HASH_DEBUG is defined.
+ * This is for uthash developer only; it compiles away if HASH_DEBUG isn't defined.
+ */
+#ifdef HASH_DEBUG
+#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
+#define HASH_FSCK(hh,head)                                                       \
+do {                                                                             \
+    struct UT_hash_handle *_thh;                                                 \
+    if (head) {                                                                  \
+        unsigned _bkt_i;                                                         \
+        unsigned _count;                                                         \
+        char *_prev;                                                             \
+        _count = 0;                                                              \
+        for( _bkt_i = 0; _bkt_i < (head)->hh.tbl->num_buckets; _bkt_i++) {       \
+            unsigned _bkt_count = 0;                                             \
+            _thh = (head)->hh.tbl->buckets[_bkt_i].hh_head;                      \
+            _prev = NULL;                                                        \
+            while (_thh) {                                                       \
+               if (_prev != (char*)(_thh->hh_prev)) {                            \
+                   HASH_OOPS("invalid hh_prev %p, actual %p\n",                  \
+                    _thh->hh_prev, _prev );                                      \
+               }                                                                 \
+               _bkt_count++;                                                     \
+               _prev = (char*)(_thh);                                            \
+               _thh = _thh->hh_next;                                             \
+            }                                                                    \
+            _count += _bkt_count;                                                \
+            if ((head)->hh.tbl->buckets[_bkt_i].count !=  _bkt_count) {          \
+               HASH_OOPS("invalid bucket count %u, actual %u\n",                 \
+                (head)->hh.tbl->buckets[_bkt_i].count, _bkt_count);              \
+            }                                                                    \
+        }                                                                        \
+        if (_count != (head)->hh.tbl->num_items) {                               \
+            HASH_OOPS("invalid hh item count %u, actual %u\n",                   \
+                (head)->hh.tbl->num_items, _count );                             \
+        }                                                                        \
+        /* traverse hh in app order; check next/prev integrity, count */         \
+        _count = 0;                                                              \
+        _prev = NULL;                                                            \
+        _thh =  &(head)->hh;                                                     \
+        while (_thh) {                                                           \
+           _count++;                                                             \
+           if (_prev !=(char*)(_thh->prev)) {                                    \
+              HASH_OOPS("invalid prev %p, actual %p\n",                          \
+                    _thh->prev, _prev );                                         \
+           }                                                                     \
+           _prev = (char*)ELMT_FROM_HH((head)->hh.tbl, _thh);                    \
+           _thh = ( _thh->next ?  (UT_hash_handle*)((char*)(_thh->next) +        \
+                                  (head)->hh.tbl->hho) : NULL );                 \
+        }                                                                        \
+        if (_count != (head)->hh.tbl->num_items) {                               \
+            HASH_OOPS("invalid app item count %u, actual %u\n",                  \
+                (head)->hh.tbl->num_items, _count );                             \
+        }                                                                        \
+    }                                                                            \
+} while (0)
+#else
+#define HASH_FSCK(hh,head)
+#endif
+
+/* When compiled with -DHASH_EMIT_KEYS, length-prefixed keys are emitted to
+ * the descriptor to which this macro is defined for tuning the hash function.
+ * The app can #include <unistd.h> to get the prototype for write(2). */
+#ifdef HASH_EMIT_KEYS
+#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen)                                   \
+do {                                                                             \
+    unsigned _klen = fieldlen;                                                   \
+    write(HASH_EMIT_KEYS, &_klen, sizeof(_klen));                                \
+    write(HASH_EMIT_KEYS, keyptr, (unsigned long)fieldlen);                      \
+} while (0)
+#else
+#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen)
+#endif
+
+/* default to Jenkin's hash unless overridden e.g. DHASH_FUNCTION=HASH_SAX */
+#ifdef HASH_FUNCTION
+#define HASH_FCN HASH_FUNCTION
+#else
+#define HASH_FCN HASH_JEN
+#endif
+
+/* The Bernstein hash function, used in Perl prior to v5.6. Note (x<<5+x)=x*33. */
+#define HASH_BER(key,keylen,hashv)                                               \
+do {                                                                             \
+  unsigned _hb_keylen=(unsigned)keylen;                                          \
+  const unsigned char *_hb_key=(const unsigned char*)(key);                      \
+  (hashv) = 0;                                                                   \
+  while (_hb_keylen-- != 0U) {                                                   \
+      (hashv) = (((hashv) << 5) + (hashv)) + *_hb_key++;                         \
+  }                                                                              \
+} while (0)
+
+
+/* SAX/FNV/OAT/JEN hash functions are macro variants of those listed at
+ * http://eternallyconfuzzled.com/tuts/algorithms/jsw_tut_hashing.aspx */
+#define HASH_SAX(key,keylen,hashv)                                               \
+do {                                                                             \
+  unsigned _sx_i;                                                                \
+  const unsigned char *_hs_key=(const unsigned char*)(key);                      \
+  hashv = 0;                                                                     \
+  for(_sx_i=0; _sx_i < keylen; _sx_i++) {                                        \
+      hashv ^= (hashv << 5) + (hashv >> 2) + _hs_key[_sx_i];                     \
+  }                                                                              \
+} while (0)
+/* FNV-1a variation */
+#define HASH_FNV(key,keylen,hashv)                                               \
+do {                                                                             \
+  unsigned _fn_i;                                                                \
+  const unsigned char *_hf_key=(const unsigned char*)(key);                      \
+  hashv = 2166136261U;                                                           \
+  for(_fn_i=0; _fn_i < keylen; _fn_i++) {                                        \
+      hashv = hashv ^ _hf_key[_fn_i];                                            \
+      hashv = hashv * 16777619U;                                                 \
+  }                                                                              \
+} while (0)
+
+#define HASH_OAT(key,keylen,hashv)                                               \
+do {                                                                             \
+  unsigned _ho_i;                                                                \
+  const unsigned char *_ho_key=(const unsigned char*)(key);                      \
+  hashv = 0;                                                                     \
+  for(_ho_i=0; _ho_i < keylen; _ho_i++) {                                        \
+      hashv += _ho_key[_ho_i];                                                   \
+      hashv += (hashv << 10);                                                    \
+      hashv ^= (hashv >> 6);                                                     \
+  }                                                                              \
+  hashv += (hashv << 3);                                                         \
+  hashv ^= (hashv >> 11);                                                        \
+  hashv += (hashv << 15);                                                        \
+} while (0)
+
+#define HASH_JEN_MIX(a,b,c)                                                      \
+do {                                                                             \
+  a -= b; a -= c; a ^= ( c >> 13 );                                              \
+  b -= c; b -= a; b ^= ( a << 8 );                                               \
+  c -= a; c -= b; c ^= ( b >> 13 );                                              \
+  a -= b; a -= c; a ^= ( c >> 12 );                                              \
+  b -= c; b -= a; b ^= ( a << 16 );                                              \
+  c -= a; c -= b; c ^= ( b >> 5 );                                               \
+  a -= b; a -= c; a ^= ( c >> 3 );                                               \
+  b -= c; b -= a; b ^= ( a << 10 );                                              \
+  c -= a; c -= b; c ^= ( b >> 15 );                                              \
+} while (0)
+
+#define HASH_JEN(key,keylen,hashv)                                               \
+do {                                                                             \
+  unsigned _hj_i,_hj_j,_hj_k;                                                    \
+  unsigned const char *_hj_key=(unsigned const char*)(key);                      \
+  hashv = 0xfeedbeefu;                                                           \
+  _hj_i = _hj_j = 0x9e3779b9u;                                                   \
+  _hj_k = (unsigned)(keylen);                                                    \
+  while (_hj_k >= 12U) {                                                         \
+    _hj_i +=    (_hj_key[0] + ( (unsigned)_hj_key[1] << 8 )                      \
+        + ( (unsigned)_hj_key[2] << 16 )                                         \
+        + ( (unsigned)_hj_key[3] << 24 ) );                                      \
+    _hj_j +=    (_hj_key[4] + ( (unsigned)_hj_key[5] << 8 )                      \
+        + ( (unsigned)_hj_key[6] << 16 )                                         \
+        + ( (unsigned)_hj_key[7] << 24 ) );                                      \
+    hashv += (_hj_key[8] + ( (unsigned)_hj_key[9] << 8 )                         \
+        + ( (unsigned)_hj_key[10] << 16 )                                        \
+        + ( (unsigned)_hj_key[11] << 24 ) );                                     \
+                                                                                 \
+     HASH_JEN_MIX(_hj_i, _hj_j, hashv);                                          \
+                                                                                 \
+     _hj_key += 12;                                                              \
+     _hj_k -= 12U;                                                               \
+  }                                                                              \
+  hashv += (unsigned)(keylen);                                                   \
+  switch ( _hj_k ) {                                                             \
+     case 11: hashv += ( (unsigned)_hj_key[10] << 24 ); /* FALLTHROUGH */        \
+     case 10: hashv += ( (unsigned)_hj_key[9] << 16 );  /* FALLTHROUGH */        \
+     case 9:  hashv += ( (unsigned)_hj_key[8] << 8 );   /* FALLTHROUGH */        \
+     case 8:  _hj_j += ( (unsigned)_hj_key[7] << 24 );  /* FALLTHROUGH */        \
+     case 7:  _hj_j += ( (unsigned)_hj_key[6] << 16 );  /* FALLTHROUGH */        \
+     case 6:  _hj_j += ( (unsigned)_hj_key[5] << 8 );   /* FALLTHROUGH */        \
+     case 5:  _hj_j += _hj_key[4];                      /* FALLTHROUGH */        \
+     case 4:  _hj_i += ( (unsigned)_hj_key[3] << 24 );  /* FALLTHROUGH */        \
+     case 3:  _hj_i += ( (unsigned)_hj_key[2] << 16 );  /* FALLTHROUGH */        \
+     case 2:  _hj_i += ( (unsigned)_hj_key[1] << 8 );   /* FALLTHROUGH */        \
+     case 1:  _hj_i += _hj_key[0];                                               \
+  }                                                                              \
+  HASH_JEN_MIX(_hj_i, _hj_j, hashv);                                             \
+} while (0)
+
+/* The Paul Hsieh hash function */
+#undef get16bits
+#if (defined(__GNUC__) && defined(__i386__)) || defined(__WATCOMC__)             \
+  || defined(_MSC_VER) || defined (__BORLANDC__) || defined (__TURBOC__)
+#define get16bits(d) (*((const uint16_t *) (d)))
+#endif
+
+#if !defined (get16bits)
+#define get16bits(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8)             \
+                       +(uint32_t)(((const uint8_t *)(d))[0]) )
+#endif
+#define HASH_SFH(key,keylen,hashv)                                               \
+do {                                                                             \
+  unsigned const char *_sfh_key=(unsigned const char*)(key);                     \
+  uint32_t _sfh_tmp, _sfh_len = (uint32_t)keylen;                                \
+                                                                                 \
+  unsigned _sfh_rem = _sfh_len & 3U;                                             \
+  _sfh_len >>= 2;                                                                \
+  hashv = 0xcafebabeu;                                                           \
+                                                                                 \
+  /* Main loop */                                                                \
+  for (;_sfh_len > 0U; _sfh_len--) {                                             \
+    hashv    += get16bits (_sfh_key);                                            \
+    _sfh_tmp  = ((uint32_t)(get16bits (_sfh_key+2)) << 11) ^ hashv;              \
+    hashv     = (hashv << 16) ^ _sfh_tmp;                                        \
+    _sfh_key += 2U*sizeof (uint16_t);                                            \
+    hashv    += hashv >> 11;                                                     \
+  }                                                                              \
+                                                                                 \
+  /* Handle end cases */                                                         \
+  switch (_sfh_rem) {                                                            \
+    case 3: hashv += get16bits (_sfh_key);                                       \
+            hashv ^= hashv << 16;                                                \
+            hashv ^= (uint32_t)(_sfh_key[sizeof (uint16_t)]) << 18;              \
+            hashv += hashv >> 11;                                                \
+            break;                                                               \
+    case 2: hashv += get16bits (_sfh_key);                                       \
+            hashv ^= hashv << 11;                                                \
+            hashv += hashv >> 17;                                                \
+            break;                                                               \
+    case 1: hashv += *_sfh_key;                                                  \
+            hashv ^= hashv << 10;                                                \
+            hashv += hashv >> 1;                                                 \
+  }                                                                              \
+                                                                                 \
+    /* Force "avalanching" of final 127 bits */                                  \
+    hashv ^= hashv << 3;                                                         \
+    hashv += hashv >> 5;                                                         \
+    hashv ^= hashv << 4;                                                         \
+    hashv += hashv >> 17;                                                        \
+    hashv ^= hashv << 25;                                                        \
+    hashv += hashv >> 6;                                                         \
+} while (0)
+
+#ifdef HASH_USING_NO_STRICT_ALIASING
+/* The MurmurHash exploits some CPU's (x86,x86_64) tolerance for unaligned reads.
+ * For other types of CPU's (e.g. Sparc) an unaligned read causes a bus error.
+ * MurmurHash uses the faster approach only on CPU's where we know it's safe.
+ *
+ * Note the preprocessor built-in defines can be emitted using:
+ *
+ *   gcc -m64 -dM -E - < /dev/null                  (on gcc)
+ *   cc -## a.c (where a.c is a simple test file)   (Sun Studio)
+ */
+#if (defined(__i386__) || defined(__x86_64__)  || defined(_M_IX86))
+#define MUR_GETBLOCK(p,i) p[i]
+#else /* non intel */
+#define MUR_PLUS0_ALIGNED(p) (((unsigned long)p & 3UL) == 0UL)
+#define MUR_PLUS1_ALIGNED(p) (((unsigned long)p & 3UL) == 1UL)
+#define MUR_PLUS2_ALIGNED(p) (((unsigned long)p & 3UL) == 2UL)
+#define MUR_PLUS3_ALIGNED(p) (((unsigned long)p & 3UL) == 3UL)
+#define WP(p) ((uint32_t*)((unsigned long)(p) & ~3UL))
+#if (defined(__BIG_ENDIAN__) || defined(SPARC) || defined(__ppc__) || defined(__ppc64__))
+#define MUR_THREE_ONE(p) ((((*WP(p))&0x00ffffff) << 8) | (((*(WP(p)+1))&0xff000000) >> 24))
+#define MUR_TWO_TWO(p)   ((((*WP(p))&0x0000ffff) <<16) | (((*(WP(p)+1))&0xffff0000) >> 16))
+#define MUR_ONE_THREE(p) ((((*WP(p))&0x000000ff) <<24) | (((*(WP(p)+1))&0xffffff00) >>  8))
+#else /* assume little endian non-intel */
+#define MUR_THREE_ONE(p) ((((*WP(p))&0xffffff00) >> 8) | (((*(WP(p)+1))&0x000000ff) << 24))
+#define MUR_TWO_TWO(p)   ((((*WP(p))&0xffff0000) >>16) | (((*(WP(p)+1))&0x0000ffff) << 16))
+#define MUR_ONE_THREE(p) ((((*WP(p))&0xff000000) >>24) | (((*(WP(p)+1))&0x00ffffff) <<  8))
+#endif
+#define MUR_GETBLOCK(p,i) (MUR_PLUS0_ALIGNED(p) ? ((p)[i]) :           \
+                            (MUR_PLUS1_ALIGNED(p) ? MUR_THREE_ONE(p) : \
+                             (MUR_PLUS2_ALIGNED(p) ? MUR_TWO_TWO(p) :  \
+                                                      MUR_ONE_THREE(p))))
+#endif
+#define MUR_ROTL32(x,r) (((x) << (r)) | ((x) >> (32 - (r))))
+#define MUR_FMIX(_h) \
+do {                 \
+  _h ^= _h >> 16;    \
+  _h *= 0x85ebca6bu; \
+  _h ^= _h >> 13;    \
+  _h *= 0xc2b2ae35u; \
+  _h ^= _h >> 16;    \
+} while (0)
+
+#define HASH_MUR(key,keylen,hashv)                                     \
+do {                                                                   \
+  const uint8_t *_mur_data = (const uint8_t*)(key);                    \
+  const int _mur_nblocks = (int)(keylen) / 4;                          \
+  uint32_t _mur_h1 = 0xf88D5353u;                                      \
+  uint32_t _mur_c1 = 0xcc9e2d51u;                                      \
+  uint32_t _mur_c2 = 0x1b873593u;                                      \
+  uint32_t _mur_k1 = 0;                                                \
+  const uint8_t *_mur_tail;                                            \
+  const uint32_t *_mur_blocks = (const uint32_t*)(_mur_data+(_mur_nblocks*4)); \
+  int _mur_i;                                                          \
+  for(_mur_i = -_mur_nblocks; _mur_i!=0; _mur_i++) {                   \
+    _mur_k1 = MUR_GETBLOCK(_mur_blocks,_mur_i);                        \
+    _mur_k1 *= _mur_c1;                                                \
+    _mur_k1 = MUR_ROTL32(_mur_k1,15);                                  \
+    _mur_k1 *= _mur_c2;                                                \
+                                                                       \
+    _mur_h1 ^= _mur_k1;                                                \
+    _mur_h1 = MUR_ROTL32(_mur_h1,13);                                  \
+    _mur_h1 = (_mur_h1*5U) + 0xe6546b64u;                              \
+  }                                                                    \
+  _mur_tail = (const uint8_t*)(_mur_data + (_mur_nblocks*4));          \
+  _mur_k1=0;                                                           \
+  switch((keylen) & 3U) {                                              \
+    case 3: _mur_k1 ^= (uint32_t)_mur_tail[2] << 16; /* FALLTHROUGH */ \
+    case 2: _mur_k1 ^= (uint32_t)_mur_tail[1] << 8;  /* FALLTHROUGH */ \
+    case 1: _mur_k1 ^= (uint32_t)_mur_tail[0];                         \
+    _mur_k1 *= _mur_c1;                                                \
+    _mur_k1 = MUR_ROTL32(_mur_k1,15);                                  \
+    _mur_k1 *= _mur_c2;                                                \
+    _mur_h1 ^= _mur_k1;                                                \
+  }                                                                    \
+  _mur_h1 ^= (uint32_t)(keylen);                                       \
+  MUR_FMIX(_mur_h1);                                                   \
+  hashv = _mur_h1;                                                     \
+} while (0)
+#endif  /* HASH_USING_NO_STRICT_ALIASING */
+
+/* iterate over items in a known bucket to find desired item */
+#define HASH_FIND_IN_BKT(tbl,hh,head,keyptr,keylen_in,hashval,out)               \
+do {                                                                             \
+  if ((head).hh_head != NULL) {                                                  \
+    DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (head).hh_head));                     \
+  } else {                                                                       \
+    (out) = NULL;                                                                \
+  }                                                                              \
+  while ((out) != NULL) {                                                        \
+    if ((out)->hh.hashv == (hashval) && (out)->hh.keylen == (keylen_in)) {       \
+      if (uthash_memcmp((out)->hh.key, keyptr, keylen_in) == 0) {                \
+        break;                                                                   \
+      }                                                                          \
+    }                                                                            \
+    if ((out)->hh.hh_next != NULL) {                                             \
+      DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (out)->hh.hh_next));                \
+    } else {                                                                     \
+      (out) = NULL;                                                              \
+    }                                                                            \
+  }                                                                              \
+} while (0)
+
+/* add an item to a bucket  */
+#define HASH_ADD_TO_BKT(head,addhh)                                              \
+do {                                                                             \
+ head.count++;                                                                   \
+ (addhh)->hh_next = head.hh_head;                                                \
+ (addhh)->hh_prev = NULL;                                                        \
+ if (head.hh_head != NULL) { (head).hh_head->hh_prev = (addhh); }                \
+ (head).hh_head=addhh;                                                           \
+ if ((head.count >= ((head.expand_mult+1U) * HASH_BKT_CAPACITY_THRESH))          \
+     && ((addhh)->tbl->noexpand != 1U)) {                                        \
+       HASH_EXPAND_BUCKETS((addhh)->tbl);                                        \
+ }                                                                               \
+} while (0)
+
+/* remove an item from a given bucket */
+#define HASH_DEL_IN_BKT(hh,head,hh_del)                                          \
+    (head).count--;                                                              \
+    if ((head).hh_head == hh_del) {                                              \
+      (head).hh_head = hh_del->hh_next;                                          \
+    }                                                                            \
+    if (hh_del->hh_prev) {                                                       \
+        hh_del->hh_prev->hh_next = hh_del->hh_next;                              \
+    }                                                                            \
+    if (hh_del->hh_next) {                                                       \
+        hh_del->hh_next->hh_prev = hh_del->hh_prev;                              \
+    }
+
+/* Bucket expansion has the effect of doubling the number of buckets
+ * and redistributing the items into the new buckets. Ideally the
+ * items will distribute more or less evenly into the new buckets
+ * (the extent to which this is true is a measure of the quality of
+ * the hash function as it applies to the key domain).
+ *
+ * With the items distributed into more buckets, the chain length
+ * (item count) in each bucket is reduced. Thus by expanding buckets
+ * the hash keeps a bound on the chain length. This bounded chain
+ * length is the essence of how a hash provides constant time lookup.
+ *
+ * The calculation of tbl->ideal_chain_maxlen below deserves some
+ * explanation. First, keep in mind that we're calculating the ideal
+ * maximum chain length based on the *new* (doubled) bucket count.
+ * In fractions this is just n/b (n=number of items,b=new num buckets).
+ * Since the ideal chain length is an integer, we want to calculate
+ * ceil(n/b). We don't depend on floating point arithmetic in this
+ * hash, so to calculate ceil(n/b) with integers we could write
+ *
+ *      ceil(n/b) = (n/b) + ((n%b)?1:0)
+ *
+ * and in fact a previous version of this hash did just that.
+ * But now we have improved things a bit by recognizing that b is
+ * always a power of two. We keep its base 2 log handy (call it lb),
+ * so now we can write this with a bit shift and logical AND:
+ *
+ *      ceil(n/b) = (n>>lb) + ( (n & (b-1)) ? 1:0)
+ *
+ */
+#define HASH_EXPAND_BUCKETS(tbl)                                                 \
+do {                                                                             \
+    unsigned _he_bkt;                                                            \
+    unsigned _he_bkt_i;                                                          \
+    struct UT_hash_handle *_he_thh, *_he_hh_nxt;                                 \
+    UT_hash_bucket *_he_new_buckets, *_he_newbkt;                                \
+    _he_new_buckets = (UT_hash_bucket*)uthash_malloc(                            \
+             2UL * tbl->num_buckets * sizeof(struct UT_hash_bucket));            \
+    if (!_he_new_buckets) { uthash_fatal( "out of memory"); }                    \
+    memset(_he_new_buckets, 0,                                                   \
+            2UL * tbl->num_buckets * sizeof(struct UT_hash_bucket));             \
+    tbl->ideal_chain_maxlen =                                                    \
+       (tbl->num_items >> (tbl->log2_num_buckets+1U)) +                          \
+       (((tbl->num_items & ((tbl->num_buckets*2U)-1U)) != 0U) ? 1U : 0U);        \
+    tbl->nonideal_items = 0;                                                     \
+    for(_he_bkt_i = 0; _he_bkt_i < tbl->num_buckets; _he_bkt_i++)                \
+    {                                                                            \
+        _he_thh = tbl->buckets[ _he_bkt_i ].hh_head;                             \
+        while (_he_thh != NULL) {                                                \
+           _he_hh_nxt = _he_thh->hh_next;                                        \
+           HASH_TO_BKT( _he_thh->hashv, tbl->num_buckets*2U, _he_bkt);           \
+           _he_newbkt = &(_he_new_buckets[ _he_bkt ]);                           \
+           if (++(_he_newbkt->count) > tbl->ideal_chain_maxlen) {                \
+             tbl->nonideal_items++;                                              \
+             _he_newbkt->expand_mult = _he_newbkt->count /                       \
+                                        tbl->ideal_chain_maxlen;                 \
+           }                                                                     \
+           _he_thh->hh_prev = NULL;                                              \
+           _he_thh->hh_next = _he_newbkt->hh_head;                               \
+           if (_he_newbkt->hh_head != NULL) { _he_newbkt->hh_head->hh_prev =     \
+                _he_thh; }                                                       \
+           _he_newbkt->hh_head = _he_thh;                                        \
+           _he_thh = _he_hh_nxt;                                                 \
+        }                                                                        \
+    }                                                                            \
+    uthash_free( tbl->buckets, tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \
+    tbl->num_buckets *= 2U;                                                      \
+    tbl->log2_num_buckets++;                                                     \
+    tbl->buckets = _he_new_buckets;                                              \
+    tbl->ineff_expands = (tbl->nonideal_items > (tbl->num_items >> 1)) ?         \
+        (tbl->ineff_expands+1U) : 0U;                                            \
+    if (tbl->ineff_expands > 1U) {                                               \
+        tbl->noexpand=1;                                                         \
+        uthash_noexpand_fyi(tbl);                                                \
+    }                                                                            \
+    uthash_expand_fyi(tbl);                                                      \
+} while (0)
+
+
+/* This is an adaptation of Simon Tatham's O(n log(n)) mergesort */
+/* Note that HASH_SORT assumes the hash handle name to be hh.
+ * HASH_SRT was added to allow the hash handle name to be passed in. */
+#define HASH_SORT(head,cmpfcn) HASH_SRT(hh,head,cmpfcn)
+#define HASH_SRT(hh,head,cmpfcn)                                                 \
+do {                                                                             \
+  unsigned _hs_i;                                                                \
+  unsigned _hs_looping,_hs_nmerges,_hs_insize,_hs_psize,_hs_qsize;               \
+  struct UT_hash_handle *_hs_p, *_hs_q, *_hs_e, *_hs_list, *_hs_tail;            \
+  if (head != NULL) {                                                            \
+      _hs_insize = 1;                                                            \
+      _hs_looping = 1;                                                           \
+      _hs_list = &((head)->hh);                                                  \
+      while (_hs_looping != 0U) {                                                \
+          _hs_p = _hs_list;                                                      \
+          _hs_list = NULL;                                                       \
+          _hs_tail = NULL;                                                       \
+          _hs_nmerges = 0;                                                       \
+          while (_hs_p != NULL) {                                                \
+              _hs_nmerges++;                                                     \
+              _hs_q = _hs_p;                                                     \
+              _hs_psize = 0;                                                     \
+              for ( _hs_i = 0; _hs_i  < _hs_insize; _hs_i++ ) {                  \
+                  _hs_psize++;                                                   \
+                  _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ?              \
+                          ((void*)((char*)(_hs_q->next) +                        \
+                          (head)->hh.tbl->hho)) : NULL);                         \
+                  if (! (_hs_q) ) { break; }                                     \
+              }                                                                  \
+              _hs_qsize = _hs_insize;                                            \
+              while ((_hs_psize > 0U) || ((_hs_qsize > 0U) && (_hs_q != NULL))) {\
+                  if (_hs_psize == 0U) {                                         \
+                      _hs_e = _hs_q;                                             \
+                      _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ?          \
+                              ((void*)((char*)(_hs_q->next) +                    \
+                              (head)->hh.tbl->hho)) : NULL);                     \
+                      _hs_qsize--;                                               \
+                  } else if ( (_hs_qsize == 0U) || (_hs_q == NULL) ) {           \
+                      _hs_e = _hs_p;                                             \
+                      if (_hs_p != NULL){                                        \
+                        _hs_p = (UT_hash_handle*)((_hs_p->next != NULL) ?        \
+                                ((void*)((char*)(_hs_p->next) +                  \
+                                (head)->hh.tbl->hho)) : NULL);                   \
+                       }                                                         \
+                      _hs_psize--;                                               \
+                  } else if ((                                                   \
+                      cmpfcn(DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_p)), \
+                             DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_q))) \
+                             ) <= 0) {                                           \
+                      _hs_e = _hs_p;                                             \
+                      if (_hs_p != NULL){                                        \
+                        _hs_p = (UT_hash_handle*)((_hs_p->next != NULL) ?        \
+                               ((void*)((char*)(_hs_p->next) +                   \
+                               (head)->hh.tbl->hho)) : NULL);                    \
+                       }                                                         \
+                      _hs_psize--;                                               \
+                  } else {                                                       \
+                      _hs_e = _hs_q;                                             \
+                      _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ?          \
+                              ((void*)((char*)(_hs_q->next) +                    \
+                              (head)->hh.tbl->hho)) : NULL);                     \
+                      _hs_qsize--;                                               \
+                  }                                                              \
+                  if ( _hs_tail != NULL ) {                                      \
+                      _hs_tail->next = ((_hs_e != NULL) ?                        \
+                            ELMT_FROM_HH((head)->hh.tbl,_hs_e) : NULL);          \
+                  } else {                                                       \
+                      _hs_list = _hs_e;                                          \
+                  }                                                              \
+                  if (_hs_e != NULL) {                                           \
+                  _hs_e->prev = ((_hs_tail != NULL) ?                            \
+                     ELMT_FROM_HH((head)->hh.tbl,_hs_tail) : NULL);              \
+                  }                                                              \
+                  _hs_tail = _hs_e;                                              \
+              }                                                                  \
+              _hs_p = _hs_q;                                                     \
+          }                                                                      \
+          if (_hs_tail != NULL){                                                 \
+            _hs_tail->next = NULL;                                               \
+          }                                                                      \
+          if ( _hs_nmerges <= 1U ) {                                             \
+              _hs_looping=0;                                                     \
+              (head)->hh.tbl->tail = _hs_tail;                                   \
+              DECLTYPE_ASSIGN(head,ELMT_FROM_HH((head)->hh.tbl, _hs_list));      \
+          }                                                                      \
+          _hs_insize *= 2U;                                                      \
+      }                                                                          \
+      HASH_FSCK(hh,head);                                                        \
+ }                                                                               \
+} while (0)
+
+/* This function selects items from one hash into another hash.
+ * The end result is that the selected items have dual presence
+ * in both hashes. There is no copy of the items made; rather
+ * they are added into the new hash through a secondary hash
+ * hash handle that must be present in the structure. */
+#define HASH_SELECT(hh_dst, dst, hh_src, src, cond)                              \
+do {                                                                             \
+  unsigned _src_bkt, _dst_bkt;                                                   \
+  void *_last_elt=NULL, *_elt;                                                   \
+  UT_hash_handle *_src_hh, *_dst_hh, *_last_elt_hh=NULL;                         \
+  ptrdiff_t _dst_hho = ((char*)(&(dst)->hh_dst) - (char*)(dst));                 \
+  if (src != NULL) {                                                             \
+    for(_src_bkt=0; _src_bkt < (src)->hh_src.tbl->num_buckets; _src_bkt++) {     \
+      for(_src_hh = (src)->hh_src.tbl->buckets[_src_bkt].hh_head;                \
+          _src_hh != NULL;                                                       \
+          _src_hh = _src_hh->hh_next) {                                          \
+          _elt = ELMT_FROM_HH((src)->hh_src.tbl, _src_hh);                       \
+          if (cond(_elt)) {                                                      \
+            _dst_hh = (UT_hash_handle*)(((char*)_elt) + _dst_hho);               \
+            _dst_hh->key = _src_hh->key;                                         \
+            _dst_hh->keylen = _src_hh->keylen;                                   \
+            _dst_hh->hashv = _src_hh->hashv;                                     \
+            _dst_hh->prev = _last_elt;                                           \
+            _dst_hh->next = NULL;                                                \
+            if (_last_elt_hh != NULL) { _last_elt_hh->next = _elt; }             \
+            if (dst == NULL) {                                                   \
+              DECLTYPE_ASSIGN(dst,_elt);                                         \
+              HASH_MAKE_TABLE(hh_dst,dst);                                       \
+            } else {                                                             \
+              _dst_hh->tbl = (dst)->hh_dst.tbl;                                  \
+            }                                                                    \
+            HASH_TO_BKT(_dst_hh->hashv, _dst_hh->tbl->num_buckets, _dst_bkt);    \
+            HASH_ADD_TO_BKT(_dst_hh->tbl->buckets[_dst_bkt],_dst_hh);            \
+            (dst)->hh_dst.tbl->num_items++;                                      \
+            _last_elt = _elt;                                                    \
+            _last_elt_hh = _dst_hh;                                              \
+          }                                                                      \
+      }                                                                          \
+    }                                                                            \
+  }                                                                              \
+  HASH_FSCK(hh_dst,dst);                                                         \
+} while (0)
+
+#define HASH_CLEAR(hh,head)                                                      \
+do {                                                                             \
+  if (head != NULL) {                                                            \
+    uthash_free((head)->hh.tbl->buckets,                                         \
+                (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket));      \
+    HASH_BLOOM_FREE((head)->hh.tbl);                                             \
+    uthash_free((head)->hh.tbl, sizeof(UT_hash_table));                          \
+    (head)=NULL;                                                                 \
+  }                                                                              \
+} while (0)
+
+#define HASH_OVERHEAD(hh,head)                                                   \
+ ((head != NULL) ? (                                                             \
+ (size_t)(((head)->hh.tbl->num_items   * sizeof(UT_hash_handle))   +             \
+          ((head)->hh.tbl->num_buckets * sizeof(UT_hash_bucket))   +             \
+           sizeof(UT_hash_table)                                   +             \
+           (HASH_BLOOM_BYTELEN))) : 0U)
+
+#ifdef NO_DECLTYPE
+#define HASH_ITER(hh,head,el,tmp)                                                \
+for(((el)=(head)), ((*(char**)(&(tmp)))=(char*)((head!=NULL)?(head)->hh.next:NULL)); \
+  (el) != NULL; ((el)=(tmp)), ((*(char**)(&(tmp)))=(char*)((tmp!=NULL)?(tmp)->hh.next:NULL)))
+#else
+#define HASH_ITER(hh,head,el,tmp)                                                \
+for(((el)=(head)), ((tmp)=DECLTYPE(el)((head!=NULL)?(head)->hh.next:NULL));      \
+  (el) != NULL; ((el)=(tmp)), ((tmp)=DECLTYPE(el)((tmp!=NULL)?(tmp)->hh.next:NULL)))
+#endif
+
+/* obtain a count of items in the hash */
+#define HASH_COUNT(head) HASH_CNT(hh,head)
+#define HASH_CNT(hh,head) ((head != NULL)?((head)->hh.tbl->num_items):0U)
+
+typedef struct UT_hash_bucket {
+   struct UT_hash_handle *hh_head;
+   unsigned count;
+
+   /* expand_mult is normally set to 0. In this situation, the max chain length
+    * threshold is enforced at its default value, HASH_BKT_CAPACITY_THRESH. (If
+    * the bucket's chain exceeds this length, bucket expansion is triggered).
+    * However, setting expand_mult to a non-zero value delays bucket expansion
+    * (that would be triggered by additions to this particular bucket)
+    * until its chain length reaches a *multiple* of HASH_BKT_CAPACITY_THRESH.
+    * (The multiplier is simply expand_mult+1). The whole idea of this
+    * multiplier is to reduce bucket expansions, since they are expensive, in
+    * situations where we know that a particular bucket tends to be overused.
+    * It is better to let its chain length grow to a longer yet-still-bounded
+    * value, than to do an O(n) bucket expansion too often.
+    */
+   unsigned expand_mult;
+
+} UT_hash_bucket;
+
+/* random signature used only to find hash tables in external analysis */
+#define HASH_SIGNATURE 0xa0111fe1u
+#define HASH_BLOOM_SIGNATURE 0xb12220f2u
+
+typedef struct UT_hash_table {
+   UT_hash_bucket *buckets;
+   unsigned num_buckets, log2_num_buckets;
+   unsigned num_items;
+   struct UT_hash_handle *tail; /* tail hh in app order, for fast append    */
+   ptrdiff_t hho; /* hash handle offset (byte pos of hash handle in element */
+
+   /* in an ideal situation (all buckets used equally), no bucket would have
+    * more than ceil(#items/#buckets) items. that's the ideal chain length. */
+   unsigned ideal_chain_maxlen;
+
+   /* nonideal_items is the number of items in the hash whose chain position
+    * exceeds the ideal chain maxlen. these items pay the penalty for an uneven
+    * hash distribution; reaching them in a chain traversal takes >ideal steps */
+   unsigned nonideal_items;
+
+   /* ineffective expands occur when a bucket doubling was performed, but
+    * afterward, more than half the items in the hash had nonideal chain
+    * positions. If this happens on two consecutive expansions we inhibit any
+    * further expansion, as it's not helping; this happens when the hash
+    * function isn't a good fit for the key domain. When expansion is inhibited
+    * the hash will still work, albeit no longer in constant time. */
+   unsigned ineff_expands, noexpand;
+
+   uint32_t signature; /* used only to find hash tables in external analysis */
+#ifdef HASH_BLOOM
+   uint32_t bloom_sig; /* used only to test bloom exists in external analysis */
+   uint8_t *bloom_bv;
+   uint8_t bloom_nbits;
+#endif
+
+} UT_hash_table;
+
+typedef struct UT_hash_handle {
+   struct UT_hash_table *tbl;
+   void *prev;                       /* prev element in app order      */
+   void *next;                       /* next element in app order      */
+   struct UT_hash_handle *hh_prev;   /* previous hh in bucket order    */
+   struct UT_hash_handle *hh_next;   /* next hh in bucket order        */
+   void *key;                        /* ptr to enclosing struct's key  */
+   unsigned keylen;                  /* enclosing struct's key len     */
+   unsigned hashv;                   /* result of hash-fcn(key)        */
+} UT_hash_handle;
+
+#endif /* UTHASH_H */

From 5cc4028d634b10500fab38a52531c6998b771767 Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Wed, 14 Dec 2016 15:54:10 +0000
Subject: [PATCH 083/249] cleanup poll.h include for non-windows

---
 src/extension/default_eventloop.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 1ae37adc..4c6d8349 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -27,9 +27,7 @@
 
 #include "config.h"
 
-#ifdef USE_WINSOCK
-
-#else
+#ifndef USE_WINSOCK
 #include <poll.h>
 #endif
 #include <sys/resource.h>

From 326b6bb410c4ddba46ea07129253da00ba3e43ac Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Wed, 14 Dec 2016 16:10:44 +0000
Subject: [PATCH 084/249] remove redundant debugging

---
 src/extension/default_eventloop.c | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 4c6d8349..6509af7f 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -39,24 +39,18 @@ _getdns_eventloop_info *find_event(_getdns_eventloop_info** events, int id)
 {
 	_getdns_eventloop_info* ev;
 
-	DEBUG_SCHED("finding event in events ptr %p with id %d", *events, id);
-	
 	HASH_FIND_INT(*events, &id, ev);
 
-	DEBUG_SCHED("found event in events ptr %p with id %d and ptr %p", *events, id, ev);
-
 	return ev;
 }
 
 void add_event(_getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
 {
-	DEBUG_SCHED("adding event in events ptr %p with id %d and ptr %p", *events, id, ev);
 	HASH_ADD_INT(*events, id, ev);
 }
 
 void delete_event(_getdns_eventloop_info** events, _getdns_eventloop_info* ev)
 {
-	DEBUG_SCHED("deleting event in events ptr %p and ptr %p", *events, ev);
 	HASH_DEL(*events, ev);
 }
 
@@ -99,7 +93,6 @@ default_eventloop_schedule(getdns_eventloop *loop,
 		fd = -1;
 	}
 	if (fd >= 0) {
-		DEBUG_SCHED("default_eventloop_schedule: find_event(default_loop->fd_events)");
 		_getdns_eventloop_info* fd_event = find_event(&default_loop->fd_events, fd);
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
 		if (fd_event) {
@@ -143,7 +136,6 @@ default_eventloop_schedule(getdns_eventloop *loop,
 	}
 	for (i = 0; i < default_loop->max_timeouts; i++) {
 		_getdns_eventloop_info* timeout_event = NULL;
-		DEBUG_SCHED("default_eventloop_schedule: find_event(default_loop->timeout_events)");
 		if ((timeout_event = find_event(&default_loop->timeout_events, i)) == NULL) {
 			timeout_event = calloc(1, sizeof(_getdns_eventloop_info));
 			timeout_event->id = i;
@@ -176,7 +168,6 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
 	if (event->timeout_cb && !event->read_cb && !event->write_cb) {
-		DEBUG_SCHED("default_eventloop_clear: find_event(default_loop->timeout_events)");
 		_getdns_eventloop_info* timeout_event = find_event(&default_loop->timeout_events, i);
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
 		if (timeout_event && timeout_event->event != event)
@@ -189,7 +180,6 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 			free(timeout_event);
 		}
 	} else {
-		DEBUG_SCHED("default_eventloop_clear: find_event(default_loop->fd_events)");
 		_getdns_eventloop_info* fd_event = find_event(&default_loop->fd_events, i);
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
 		if (fd_event && fd_event->event != event)
@@ -308,7 +298,6 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	now = get_now_plus(0);
 	for (i = 0; i < num_pfds; i++) {
 		int fd = pfds[i].fd;
-		DEBUG_SCHED("default_eventloop_runonce: find_event(default_loop->fd_events)");
 		_getdns_eventloop_info* fd_event = find_event(&default_loop->fd_events, fd);
 		if (fd_event &&
 		    fd_event->event &&

From e9e6ff013b60eb5f27460c8b8e2b8bfd4aab25f9 Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Wed, 14 Dec 2016 16:49:24 +0000
Subject: [PATCH 085/249] Fix travis compiler warnings/errors

---
 src/extension/default_eventloop.c | 4 +++-
 src/extension/default_eventloop.h | 4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 6509af7f..72fd51ec 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -46,11 +46,13 @@ _getdns_eventloop_info *find_event(_getdns_eventloop_info** events, int id)
 
 void add_event(_getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
 {
+	DEBUG_SCHED("default_eventloop: add_event with id %d", id);
 	HASH_ADD_INT(*events, id, ev);
 }
 
 void delete_event(_getdns_eventloop_info** events, _getdns_eventloop_info* ev)
 {
+	DEBUG_SCHED("default_eventloop: delete_event with id %d", ev->id);
 	HASH_DEL(*events, ev);
 }
 
@@ -243,7 +245,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	size_t   i=0;
 	int poll_timeout = 0;
 	struct pollfd* pfds = NULL;
-	int num_pfds = 0;
+	unsigned int num_pfds = 0;
 
 	if (!loop)
 		return;
diff --git a/src/extension/default_eventloop.h b/src/extension/default_eventloop.h
index bc1d881b..f4a7d2b6 100644
--- a/src/extension/default_eventloop.h
+++ b/src/extension/default_eventloop.h
@@ -47,8 +47,8 @@ typedef struct _getdns_eventloop_info {
 
 typedef struct _getdns_default_eventloop {
 	getdns_eventloop        loop;
-	int			max_fds;
-	int			max_timeouts;
+	unsigned int		max_fds;
+	unsigned int		max_timeouts;
 	_getdns_eventloop_info  *fd_events;
 	_getdns_eventloop_info  *timeout_events;
 } _getdns_default_eventloop;

From c1d5ae9a2551a1873289f8b85b61cc78872426cd Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Wed, 14 Dec 2016 17:04:09 +0000
Subject: [PATCH 086/249] set event id in add_event rather than calling
 function

---
 src/extension/default_eventloop.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 72fd51ec..9b81f15d 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -47,6 +47,7 @@ _getdns_eventloop_info *find_event(_getdns_eventloop_info** events, int id)
 void add_event(_getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
 {
 	DEBUG_SCHED("default_eventloop: add_event with id %d", id);
+	ev->id = id;
 	HASH_ADD_INT(*events, id, ev);
 }
 
@@ -115,7 +116,6 @@ default_eventloop_schedule(getdns_eventloop *loop,
 			free(fd_event);
 		}
 		fd_event = calloc(1, sizeof(_getdns_eventloop_info));
-		fd_event->id = fd;
 		fd_event->event = event;
 		fd_event->timeout_time = get_now_plus(timeout);
 		add_event(&default_loop->fd_events, fd, fd_event);
@@ -140,7 +140,6 @@ default_eventloop_schedule(getdns_eventloop *loop,
 		_getdns_eventloop_info* timeout_event = NULL;
 		if ((timeout_event = find_event(&default_loop->timeout_events, i)) == NULL) {
 			timeout_event = calloc(1, sizeof(_getdns_eventloop_info));
-			timeout_event->id = i;
 			timeout_event->event = event;
 			timeout_event->timeout_time = get_now_plus(timeout);
 			add_event(&default_loop->timeout_events, i, timeout_event);

From 0d395639781ff7adbcbc65daeafdc7db23ce1410 Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Wed, 14 Dec 2016 17:50:39 +0000
Subject: [PATCH 087/249] Consisten use of TIMEOUT_FOREVER

---
 src/extension/default_eventloop.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 9b81f15d..2e20ca16 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -266,7 +266,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 			timeout = s->timeout_time;
 	}
 
-	if ((timeout == (uint64_t)-1) && (num_pfds == 0))
+	if ((timeout == TIMEOUT_FOREVER) && (num_pfds == 0))
 		return;
 
 	pfds = calloc(num_pfds, sizeof(struct pollfd));
@@ -283,7 +283,10 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		i++;
 	}
 
-	if (! blocking || now > timeout) {
+	if (timeout == TIMEOUT_FOREVER) {
+		poll_timeout = -1;
+	}
+	else if (! blocking || now > timeout) {
 		poll_timeout = 0;
 	} else {
 		poll_timeout = (timeout - now) * 1000; /* turn seconds into millseconds */

From 9b715d4743df221768f40632f9e6b4d51760cab2 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 15 Dec 2016 09:53:49 +0100
Subject: [PATCH 088/249] Suppress compile warnings

---
 src/extension/default_eventloop.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 8aeca8a2..342b63f8 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -102,7 +102,7 @@ default_eventloop_schedule(getdns_eventloop *loop,
 			if (fd_event->event == event) {
 				DEBUG_SCHED("WARNING: Event %p not cleared "
 				            "before being rescheduled!\n"
-				           , fd_event->event);
+				           , (void *)fd_event->event);
 			} else {
 				DEBUG_SCHED("ERROR: A different event is "
 				            "already present at fd slot: %p!\n"
@@ -119,7 +119,7 @@ default_eventloop_schedule(getdns_eventloop *loop,
 		fd_event->event = event;
 		fd_event->timeout_time = get_now_plus(timeout);
 		add_event(&default_loop->fd_events, fd, fd_event);
-		event->ev = (void *) (intptr_t) fd + 1;
+		event->ev = (void *) (intptr_t) (fd + 1);
 
 		DEBUG_SCHED( "scheduled read/write at %d\n", fd);
 		return GETDNS_RETURN_GOOD;
@@ -143,7 +143,7 @@ default_eventloop_schedule(getdns_eventloop *loop,
 			timeout_event->event = event;
 			timeout_event->timeout_time = get_now_plus(timeout);
 			add_event(&default_loop->timeout_events, i, timeout_event);
-			event->ev = (void *) (intptr_t) i + 1;
+			event->ev = (void *) (intptr_t) (i + 1);
 
 			DEBUG_SCHED( "scheduled timeout at %d\n", (int)i);
 			return GETDNS_RETURN_GOOD;

From 5e26137eda2482acbfee7c6aad49daedfa1162e9 Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Thu, 15 Dec 2016 13:40:40 +0000
Subject: [PATCH 089/249] Fix default_eventloop_run OR instead of AND and hash
 table iteration safety

---
 src/extension/default_eventloop.c | 35 ++++++++++++++++++++++++-------
 1 file changed, 27 insertions(+), 8 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 342b63f8..21575e40 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -46,14 +46,14 @@ _getdns_eventloop_info *find_event(_getdns_eventloop_info** events, int id)
 
 void add_event(_getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
 {
-	DEBUG_SCHED("default_eventloop: add_event with id %d", id);
+	DEBUG_SCHED("default_eventloop: add_event with id %d\n", id);
 	ev->id = id;
 	HASH_ADD_INT(*events, id, ev);
 }
 
 void delete_event(_getdns_eventloop_info** events, _getdns_eventloop_info* ev)
 {
-	DEBUG_SCHED("default_eventloop: delete_event with id %d", ev->id);
+	DEBUG_SCHED("default_eventloop: delete_event with id %d\n", ev->id);
 	HASH_DEL(*events, ev);
 }
 
@@ -121,7 +121,7 @@ default_eventloop_schedule(getdns_eventloop *loop,
 		add_event(&default_loop->fd_events, fd, fd_event);
 		event->ev = (void *) (intptr_t) (fd + 1);
 
-		DEBUG_SCHED( "scheduled read/write at %d\n", fd);
+		DEBUG_SCHED( "scheduled read/write at fd %d\n", fd);
 		return GETDNS_RETURN_GOOD;
 	}
 	if (!event->timeout_cb) {
@@ -145,7 +145,7 @@ default_eventloop_schedule(getdns_eventloop *loop,
 			add_event(&default_loop->timeout_events, i, timeout_event);
 			event->ev = (void *) (intptr_t) (i + 1);
 
-			DEBUG_SCHED( "scheduled timeout at %d\n", (int)i);
+			DEBUG_SCHED( "scheduled timeout at slot %d\n", (int)i);
 			return GETDNS_RETURN_GOOD;
 		}
 	}
@@ -249,7 +249,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 
 	if (!loop)
 		return;
-	
+
 	now = get_now_plus(0);
 
 	HASH_ITER(hh, default_loop->timeout_events, s, tmp) {
@@ -318,18 +318,37 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	}
 	if (pfds)
 		free(pfds);
+	_getdns_eventloop_info* fd_timeout_cbs = NULL;
 	HASH_ITER(hh, default_loop->fd_events, s, tmp) {
 		if (s->event &&
 		    s->event->timeout_cb &&
 		    now > s->timeout_time)
-			default_timeout_cb(s->id, s->event);
+			add_event(&fd_timeout_cbs, s->id, s);
 	}
+	/* this is in case the timeout callback deletes the event
+	   and thus messes with the iteration */
+	HASH_ITER(hh, fd_timeout_cbs, s, tmp) {
+		int fd = s->id;
+		getdns_eventloop_event* event = s->event;
+		delete_event(&fd_timeout_cbs, s);
+		default_timeout_cb(fd, event);
+	}
+	_getdns_eventloop_info* timeout_timeout_cbs = NULL;
 	HASH_ITER(hh, default_loop->timeout_events, s, tmp) {
 		if (s->event &&
 		    s->event->timeout_cb &&
 		    now > s->timeout_time)
-			default_timeout_cb(s->id, s->event);
+			add_event(&timeout_timeout_cbs, s->id, s);
 	}
+	/* this is in case the timeout callback deletes the event
+	   and thus messes with the iteration */
+	HASH_ITER(hh, timeout_timeout_cbs, s, tmp) {
+		int fd = s->id;
+		getdns_eventloop_event* event = s->event;
+		delete_event(&timeout_timeout_cbs, s);
+		default_timeout_cb(fd, event);
+	}
+
 }
 
 static void
@@ -341,7 +360,7 @@ default_eventloop_run(getdns_eventloop *loop)
 		return;
 
 	/* keep going until all the events are cleared */
-	while (default_loop->fd_events && default_loop->timeout_events) {
+	while (default_loop->fd_events || default_loop->timeout_events) {
 		default_eventloop_run_once(loop, 1);
 	}
 }

From 7ebf3924b54b95bc9c3522ec110723e21d4755bf Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Fri, 16 Dec 2016 10:36:21 +0000
Subject: [PATCH 090/249] Copy event pointer out of event hash table before
 callbacks, because it might be deleted

---
 src/extension/default_eventloop.c | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 21575e40..6262e446 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -304,17 +304,16 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	for (i = 0; i < num_pfds; i++) {
 		int fd = pfds[i].fd;
 		_getdns_eventloop_info* fd_event = find_event(&default_loop->fd_events, fd);
-		if (fd_event &&
-		    fd_event->event &&
-		    fd_event->event->read_cb &&
-		    (pfds[i].revents & POLLIN))
-			default_read_cb(fd, fd_event->event);
+		if (fd_event && fd_event->event) { 
+			getdns_eventloop_event* event = fd_event->event;
+			if (event->read_cb &&
+			    (pfds[i].revents & POLLIN))
+				default_read_cb(fd, event);
 
-		if (fd_event &&
-		    fd_event->event &&
-		    fd_event->event->write_cb &&
-		    (pfds[i].revents & POLLOUT))
-			default_write_cb(fd, fd_event->event);
+			if (event->write_cb &&
+			    (pfds[i].revents & POLLOUT))
+				default_write_cb(fd, event);
+		}
 	}
 	if (pfds)
 		free(pfds);

From f1b8b25afad7c5448c88eb01fef14c8ffe53e4b2 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Thu, 22 Dec 2016 15:51:47 -0800
Subject: [PATCH 091/249] Implementation of basic MDNS support

---
 src/context.c |   4 +-
 src/debug.h   |  30 ++++-
 src/general.c |  21 +++
 src/mdns.c    | 355 ++++++++++++++++++++++++++++++++++++++++++++++++++
 src/mdns.h    |  33 +++++
 src/stub.c    |   6 +-
 6 files changed, 443 insertions(+), 6 deletions(-)
 create mode 100644 src/mdns.c
 create mode 100644 src/mdns.h

diff --git a/src/context.c b/src/context.c
index 7d542c45..10d6a066 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1682,12 +1682,12 @@ getdns_context_set_namespaces(getdns_context *context,
 
 	for (i = 0; i < namespace_count; i++) {
 		if (namespaces[i] == GETDNS_NAMESPACE_NETBIOS ||
-		    namespaces[i] == GETDNS_NAMESPACE_MDNS ||
 		    namespaces[i] == GETDNS_NAMESPACE_NIS)
 			r = GETDNS_RETURN_NOT_IMPLEMENTED;
 
 		else if (namespaces[i] != GETDNS_NAMESPACE_DNS &&
-		    namespaces[i] != GETDNS_NAMESPACE_LOCALNAMES)
+		    namespaces[i] != GETDNS_NAMESPACE_LOCALNAMES &&
+			namespaces[i] != GETDNS_NAMESPACE_MDNS)
 			return GETDNS_RETURN_CONTEXT_UPDATE_FAIL;
 	}
 	GETDNS_FREE(context->my_mf, context->namespaces);
diff --git a/src/debug.h b/src/debug.h
index e106cf67..5afbdea3 100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -46,17 +46,33 @@
 #define STUB_DEBUG_WRITE     "------- WRITE:  "
 #define STUB_DEBUG_CLEANUP   "--- CLEANUP:    "
 
+#ifdef GETDNS_ON_WINDOWS
+#define DEBUG_ON(...) do { \
+		struct timeval tv; \
+		struct tm tm; \
+		char buf[10]; \
+        time_t tsec; \
+		\
+		gettimeofday(&tv, NULL); \
+		tsec = (time_t) tv.tv_sec; \
+		gmtime_s(&tm, (const time_t *) &tsec); \
+		strftime(buf, 10, "%H:%M:%S", &tm); \
+		fprintf(stderr, "[%s.%.6d] ", buf, (int)tv.tv_usec); \
+		fprintf(stderr, __VA_ARGS__); \
+	} while (0)
+#else
 #define DEBUG_ON(...) do { \
 		struct timeval tv; \
 		struct tm tm; \
 		char buf[10]; \
 		\
 		gettimeofday(&tv, NULL); \
-		gmtime_r(&tv.tv_sec, &tm); \
+		gmtime_r(&tm, &tv.tv_sec); \
 		strftime(buf, 10, "%H:%M:%S", &tm); \
 		fprintf(stderr, "[%s.%.6d] ", buf, (int)tv.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 	} while (0)
+#endif
 
 #define DEBUG_NL(...) do { \
 		struct timeval tv; \
@@ -102,5 +118,17 @@
 #define DEBUG_SERVER(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 
+#define MDNS_DEBUG_ENTRY     "-> MDNS ENTRY:  "
+#define MDNS_DEBUG_READ      "-- MDNS READ:   "
+#define MDNS_DEBUG_WRITE     "-- MDNS WRITE:  "
+#define MDNS_DEBUG_CLEANUP   "-- MDNS CLEANUP:"
+
+#if defined(MDNS_DEBUG) && MDNS_DEBUG
+#include <time.h>
+#define DEBUG_MDNS(...) DEBUG_ON(__VA_ARGS__)
+#else
+#define DEBUG_MDNS(...) DEBUG_OFF(__VA_ARGS__)
+#endif
+
 #endif
 /* debug.h */
diff --git a/src/general.c b/src/general.c
index 99e4cff5..d40e2b52 100644
--- a/src/general.c
+++ b/src/general.c
@@ -52,6 +52,7 @@
 #include "dnssec.h"
 #include "stub.h"
 #include "dict.h"
+#include "mdns.h"
 
 /* cancel, cleanup and send timeout to callback */
 static void
@@ -476,6 +477,26 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 				    ( req, localnames_response);
 				break;
 			}
+		} else if (context->namespaces[i] == GETDNS_NAMESPACE_MDNS) {
+			/* Check whether the name belongs in the MDNS space */
+			if (!(r = _getdns_mdns_namespace_check(req)))
+			{
+				// Submit the query to the MDNS transport.
+				for (netreq_p = req->netreqs
+					; !r && (netreq = *netreq_p)
+					; netreq_p++) {
+					if ((r = _getdns_submit_mdns_request(netreq))) {
+						if (r == DNS_REQ_FINISHED) {
+							if (return_netreq_p)
+								*return_netreq_p = NULL;
+							return GETDNS_RETURN_GOOD;
+						}
+						netreq->state = NET_REQ_FINISHED;
+					}
+				}
+				/* Stop processing more namespaces, since there was a match */
+				break;
+			}
 		} else if (context->namespaces[i] == GETDNS_NAMESPACE_DNS) {
 
 			/* TODO: We will get a good return code here even if
diff --git a/src/mdns.c b/src/mdns.c
new file mode 100644
index 00000000..5e204ab5
--- /dev/null
+++ b/src/mdns.c
@@ -0,0 +1,355 @@
+/*
+ * Functions for MDNS resolving.
+ */
+
+ /*
+  * Copyright (c) 2016 Christian Huitema <huitema@huitema.net>
+  *
+  * Permission to use, copy, modify, and distribute this software for any
+  * purpose with or without fee is hereby granted, provided that the above
+  * copyright notice and this permission notice appear in all copies.
+  *
+  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+  */
+
+
+#include "config.h"
+#include "debug.h"
+#include "context.h"
+#include "general.h"
+#include "gldns/pkthdr.h"
+#include "util-internal.h"
+#include "mdns.h"
+
+#ifdef USE_WINSOCK
+typedef u_short sa_family_t;
+#define _getdns_EWOULDBLOCK (WSAGetLastError() == WSATRY_AGAIN ||\
+                             WSAGetLastError() == WSAEWOULDBLOCK)
+#define _getdns_EINPROGRESS (WSAGetLastError() == WSAEINPROGRESS)
+#else
+#define _getdns_EWOULDBLOCK (errno == EAGAIN || errno == EWOULDBLOCK)
+#define _getdns_EINPROGRESS (errno == EINPROGRESS)
+#endif
+
+uint64_t _getdns_get_time_as_uintt64();
+
+/*
+ * Constants defined in RFC 6762
+ */
+
+#define MDNS_MCAST_IPV4_LONG 0xE00000FB /* 224.0.0.251 */
+#define MDNS_MCAST_PORT 5353
+
+static uint8_t mdns_mcast_ipv6[] = { 
+	0xFF, 0x02, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0xFB };
+
+
+static uint8_t mdns_suffix_dot_local[] = { 5, 'l', 'o', 'c', 'a', 'l', 0 };
+static uint8_t mdns_suffix_254_169_in_addr_arpa[] = {
+	3, '2', '5', '4',
+	3, '1', '6', '9',
+	7, 'i', 'n', '-', 'a', 'd', 'd', 'r',
+	4, 'a', 'r', 'p', 'a', 0 };
+static uint8_t mdns_suffix_8_e_f_ip6_arpa[] = {
+	1, '8', 1, 'e', 1, 'f',
+	7, 'i', 'p', 'v', '6',
+	4, 'a', 'r', 'p', 'a', 0 };
+static uint8_t mdns_suffix_9_e_f_ip6_arpa[] = {
+	1, '9', 1, 'e', 1, 'f',
+	7, 'i', 'p', 'v', '6',
+	4, 'a', 'r', 'p', 'a', 0 };
+static uint8_t mdns_suffix_a_e_f_ip6_arpa[] = {
+	1, 'a', 1, 'e', 1, 'f',
+	7, 'i', 'p', 'v', '6',
+	4, 'a', 'r', 'p', 'a', 0 };
+static uint8_t mdns_suffix_b_e_f_ip6_arpa[] = {
+	1, 'b', 1, 'e', 1, 'f',
+	7, 'i', 'p', 'v', '6',
+	4, 'a', 'r', 'p', 'a', 0 };
+
+/* TODO: actualy delete what is required.. */
+static void
+mdns_cleanup(getdns_network_req *netreq)
+{
+	DEBUG_MDNS("%s %-35s: MSG: %p\n",
+		MDNS_DEBUG_CLEANUP, __FUNCTION__, netreq);
+	getdns_dns_req *dnsreq = netreq->owner;
+
+	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
+
+	GETDNS_NULL_FREE(dnsreq->context->mf, netreq->tcp.read_buf);
+}
+
+void
+_getdns_cancel_mdns_request(getdns_network_req *netreq)
+{
+	mdns_cleanup(netreq);
+	if (netreq->fd >= 0) {
+#ifdef USE_WINSOCK
+		closesocket(netreq->fd);
+#else
+		close(netreq->fd);
+#endif
+	}
+}
+
+static void
+mdns_timeout_cb(void *userarg)
+{
+	getdns_network_req *netreq = (getdns_network_req *)userarg;
+	DEBUG_MDNS("%s %-35s: MSG:  %p\n",
+		MDNS_DEBUG_CLEANUP, __FUNCTION__, netreq);
+
+	/* TODO: do we need a retry logic here? */
+
+	/* Check the required cleanup */
+	mdns_cleanup(netreq);
+	if (netreq->fd >= 0)
+#ifdef USE_WINSOCK
+		closesocket(netreq->fd);
+#else
+		close(netreq->fd);
+#endif
+	netreq->state = NET_REQ_TIMED_OUT;
+	if (netreq->owner->user_callback) {
+		netreq->debug_end_time = _getdns_get_time_as_uintt64();
+		(void)_getdns_context_request_timed_out(netreq->owner);
+	}
+	else
+		_getdns_check_dns_req_complete(netreq->owner);
+}
+
+
+
+/**************************/
+/* UDP callback functions */
+/**************************/
+
+static void
+mdns_udp_read_cb(void *userarg)
+{
+	getdns_network_req *netreq = (getdns_network_req *)userarg;
+	getdns_dns_req *dnsreq = netreq->owner;
+	ssize_t       read;
+	DEBUG_MDNS("%s %-35s: MSG: %p \n", MDNS_DEBUG_READ,
+		__FUNCTION__, netreq);
+
+	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
+
+	read = recvfrom(netreq->fd, (void *)netreq->response,
+		netreq->max_udp_payload_size + 1, /* If read == max_udp_payload_size
+										  * then all is good.  If read ==
+										  * max_udp_payload_size + 1, then
+										  * we receive more then requested!
+										  * i.e. overflow
+										  */
+		0, NULL, NULL);
+	if (read == -1 && _getdns_EWOULDBLOCK)
+		return;
+
+	if (read < GLDNS_HEADER_SIZE)
+		return; /* Not DNS */
+
+	if (GLDNS_ID_WIRE(netreq->response) != netreq->query_id)
+		return; /* Cache poisoning attempt ;) */
+
+	// TODO: check whether EDNS server cookies are required for MDNS
+
+	// TODO: check that the source address originates from the local network.
+	// TODO: check TTL = 255
+
+#ifdef USE_WINSOCK
+	closesocket(netreq->fd);
+#else
+	close(netreq->fd);
+#endif
+	/* 
+	 * TODO: how to handle an MDNS response with TC bit set?
+	 * Ignore it for now, as we do not support any kind of TCP fallback
+	 * for basic MDNS.
+	 */
+	
+	netreq->response_len = read;
+	netreq->debug_end_time = _getdns_get_time_as_uintt64();
+	netreq->state = NET_REQ_FINISHED;
+	_getdns_check_dns_req_complete(dnsreq);
+}
+
+static void
+mdns_udp_write_cb(void *userarg)
+{
+	getdns_network_req *netreq = (getdns_network_req *)userarg;
+	getdns_dns_req     *dnsreq = netreq->owner;
+	size_t             pkt_len = netreq->response - netreq->query;
+	struct sockaddr_in mdns_mcast_v4;
+	int	ttl = 255;
+	int r;
+
+	DEBUG_MDNS("%s %-35s: MSG: %p \n", MDNS_DEBUG_WRITE,
+		__FUNCTION__, netreq);
+
+	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
+
+	netreq->debug_start_time = _getdns_get_time_as_uintt64();
+	netreq->debug_udp = 1;
+	netreq->query_id = (uint16_t) arc4random();
+	GLDNS_ID_SET(netreq->query, netreq->query_id);
+
+	/* do we need to handle options valid in the MDNS context? */
+
+	/* Probably no need for TSIG in MDNS */
+
+
+	/* Always use multicast address */
+	mdns_mcast_v4.sin_family = AF_INET;
+	mdns_mcast_v4.sin_port = htons(MDNS_MCAST_PORT);
+	mdns_mcast_v4.sin_addr.s_addr = htonl(MDNS_MCAST_IPV4_LONG);
+
+
+	/* Set TTL=255 for compliance with RFC 6762 */
+	r = setsockopt(netreq->fd, IPPROTO_IP, IP_TTL, (const char *)&ttl, sizeof(ttl));
+
+	if (r != 0 || 
+		(ssize_t)pkt_len != sendto(
+		netreq->fd, (const void *)netreq->query, pkt_len, 0,
+		(struct sockaddr *)&mdns_mcast_v4,
+		sizeof(mdns_mcast_v4))) {
+#ifdef USE_WINSOCK
+		closesocket(netreq->fd);
+#else
+		close(netreq->fd);
+#endif
+		return;
+	}
+	GETDNS_SCHEDULE_EVENT(
+		dnsreq->loop, netreq->fd, dnsreq->context->timeout,
+		getdns_eventloop_event_init(&netreq->event, netreq,
+			mdns_udp_read_cb, NULL, mdns_timeout_cb));
+}
+
+/*
+ * MDNS Request Submission
+ */
+
+getdns_return_t
+_getdns_submit_mdns_request(getdns_network_req *netreq)
+{
+	DEBUG_MDNS("%s %-35s: MSG: %p TYPE: %d\n", MDNS_DEBUG_ENTRY, __FUNCTION__,
+		netreq, netreq->request_type);
+	int fd = -1;
+	getdns_dns_req *dnsreq = netreq->owner;
+
+	/* Open the UDP socket required for the request */
+	if ((fd = socket(
+		AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1)
+		return -1;
+	/* TODO: do we need getdns_sock_nonblock(fd); */
+
+	/* Schedule the MDNS request */
+	netreq->fd = fd;
+	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
+	GETDNS_SCHEDULE_EVENT(
+		dnsreq->loop, netreq->fd, dnsreq->context->timeout,
+		getdns_eventloop_event_init(&netreq->event, netreq,
+			NULL, mdns_udp_write_cb, mdns_timeout_cb));
+	return GETDNS_RETURN_GOOD;
+}
+
+/*
+ * MDNS name space management
+ */
+
+static int
+mdns_suffix_compare(register const uint8_t *d1, register const uint8_t *d2)
+{
+	int ret = 0;
+	uint8_t *d1_head = (uint8_t *) d1;
+	uint8_t *d1_current;
+	uint8_t *d2_current;
+	int is_matching = 0;
+	int part_length;
+	int i;
+	uint8_t c;
+
+	/* Skip the first name part, since we want at least one label before the suffix */
+	if (*d1_head != 0)
+		d1_head += *d1_head + 1;
+
+	while (*d1_head != 0)
+	{
+		/* check whether we have a match at this point */
+		d1_current = d1_head;
+		d2_current = (uint8_t *) d2;
+		is_matching = 0;
+
+		/* compare length and value of all successive labels */
+		while (*d1_current == *d2_current)
+		{
+			part_length = *d1_current;
+			if (part_length == 0)
+			{
+				/* We have reached the top label, there is a match */
+				ret = 1;
+				break;
+			}
+
+			/* The label's lengths are matching, check the content */
+			is_matching = 1;
+			d1_current++;
+			d2_current++;
+
+			for (i = 0; i < part_length; i++)
+			{
+				c = d1_current[i];
+				if (isupper(c))
+					c = tolower(c);
+				if (c != d2_current[i])
+				{
+					is_matching = 0;
+					break;
+				}
+			}
+			
+			/* move the pointers to the next label */
+			if (is_matching)
+			{
+				d1_current += part_length;
+				d2_current += part_length;
+			}
+		}
+
+		/* if no match found yet, move to the next label of d1 */
+		if (is_matching)
+			break;
+		else
+			d1_head += *d1_head + 1;
+	}
+
+	return ret;
+}
+
+
+getdns_return_t
+_getdns_mdns_namespace_check(
+	getdns_dns_req *dnsreq)
+{
+	getdns_return_t ret = GETDNS_RETURN_GENERIC_ERROR;
+
+	/* Checking the prefixes defined in RFC 6762  */
+	if (mdns_suffix_compare(dnsreq->name, mdns_suffix_dot_local) ||
+		mdns_suffix_compare(dnsreq->name, mdns_suffix_254_169_in_addr_arpa) ||
+		mdns_suffix_compare(dnsreq->name, mdns_suffix_8_e_f_ip6_arpa) ||
+		mdns_suffix_compare(dnsreq->name, mdns_suffix_9_e_f_ip6_arpa) ||
+		mdns_suffix_compare(dnsreq->name, mdns_suffix_a_e_f_ip6_arpa) ||
+		mdns_suffix_compare(dnsreq->name, mdns_suffix_b_e_f_ip6_arpa))
+		ret = GETDNS_RETURN_GOOD;
+
+	return ret;
+}
\ No newline at end of file
diff --git a/src/mdns.h b/src/mdns.h
new file mode 100644
index 00000000..67800121
--- /dev/null
+++ b/src/mdns.h
@@ -0,0 +1,33 @@
+/*
+* Functions for MDNS resolving.
+*/
+
+/*
+* Copyright (c) 2016 Christian Huitema <huitema@huitema.net>
+*
+* Permission to use, copy, modify, and distribute this software for any
+* purpose with or without fee is hereby granted, provided that the above
+* copyright notice and this permission notice appear in all copies.
+*
+* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+*/
+
+#ifndef MDNS_H
+#define MDNS_H
+
+#include "getdns/getdns.h"
+#include "types-internal.h"
+
+getdns_return_t
+_getdns_submit_mdns_request(getdns_network_req *netreq);
+
+getdns_return_t
+getdns_mdns_namespace_check(getdns_dns_req *dnsreq);
+
+#endif /* MDNS_H */
\ No newline at end of file
diff --git a/src/stub.c b/src/stub.c
index ed666368..e047462e 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -91,7 +91,7 @@ static int  upstream_connect(getdns_upstream *upstream,
 static int  fallback_on_write(getdns_network_req *netreq);
 
 static void stub_timeout_cb(void *userarg);
-static uint64_t _getdns_get_time_as_uintt64();
+uint64_t _getdns_get_time_as_uintt64();
 /*****************************/
 /* General utility functions */
 /*****************************/
@@ -475,7 +475,7 @@ stub_cleanup(getdns_network_req *netreq)
 	GETDNS_NULL_FREE(dnsreq->context->mf, netreq->tcp.read_buf);
 
 	/* Nothing globally scheduled? Then nothing queued */
-	if (!(upstream = netreq->upstream)->event.ev)
+	if (!netreq->upstream || !(upstream = netreq->upstream)->event.ev)
 		return;
 
 	/* Delete from upstream->netreq_by_query_id (if present) */
@@ -1278,7 +1278,7 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
 	return STUB_TCP_ERROR;
 }
 
-static uint64_t
+uint64_t
 _getdns_get_time_as_uintt64() {
 
 	struct timeval tv;

From 2e46a4b136355e4898621e0dd22f8d27d2a35f23 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Thu, 22 Dec 2016 19:37:49 -0800
Subject: [PATCH 092/249] Adding missing directives for mdns.c, .o, .lo in make
 file.

---
 src/Makefile.in | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index 02e8a0b7..f095d6a6 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -67,7 +67,8 @@ C99COMPATFLAGS=@C99COMPATFLAGS@
 
 GETDNS_OBJ=const-info.lo convert.lo dict.lo dnssec.lo general.lo \
 	list.lo request-internal.lo pubkey-pinning.lo rr-dict.lo \
-	rr-iter.lo stub.lo sync.lo ub_loop.lo util-internal.lo
+	rr-iter.lo stub.lo sync.lo ub_loop.lo util-internal.lo \
+	mdns.lo
 
 GLDNS_OBJ=keyraw.lo gbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \
 	str2wire.lo
@@ -234,7 +235,7 @@ context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/debug.h $(srcdir)/g
  getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
  $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
  $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
+ $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h 
 convert.lo convert.o: $(srcdir)/convert.c config.h getdns/getdns.h getdns/getdns_extra.h \
  getdns/getdns.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
  $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
@@ -256,7 +257,8 @@ general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/general.h getdns/ge
  getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
  $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
  getdns/getdns_extra.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h \
+ $(srcdir)/mdns.h
 list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
  getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h config.h $(srcdir)/context.h \
  $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
@@ -284,6 +286,12 @@ stub.lo stub.o: $(srcdir)/stub.c config.h $(srcdir)/debug.h $(srcdir)/stub.h get
  $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/context.h \
  $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
  $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
+mdns.lo mdns.o: $(srcdir)/mdns.c config.h $(srcdir)/debug.h $(srcdir)/mdns.h getdns/getdns.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
+ $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
 sync.lo sync.o: $(srcdir)/sync.c getdns/getdns.h config.h $(srcdir)/context.h getdns/getdns_extra.h \
  getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
  $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \

From 1d24c9076899d20d2533b9c964fc60699a5ab5b4 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Thu, 22 Dec 2016 20:07:31 -0800
Subject: [PATCH 093/249] Fixing bad declaration in mdns.h

---
 src/mdns.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mdns.h b/src/mdns.h
index 67800121..95458585 100644
--- a/src/mdns.h
+++ b/src/mdns.h
@@ -28,6 +28,6 @@ getdns_return_t
 _getdns_submit_mdns_request(getdns_network_req *netreq);
 
 getdns_return_t
-getdns_mdns_namespace_check(getdns_dns_req *dnsreq);
+_getdns_mdns_namespace_check(getdns_dns_req *dnsreq);
 
 #endif /* MDNS_H */
\ No newline at end of file

From 99fb7100eabf3040db723d4e4895b3f0ade0fbb8 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Thu, 22 Dec 2016 20:30:14 -0800
Subject: [PATCH 094/249] Placing all MDNS code under ifdef HAVE MDNS SUPPORT
 to minimize risk in main branch.

---
 src/context.c |  9 +++++++--
 src/general.c |  2 ++
 src/mdns.c    | 16 +++++++++++-----
 src/mdns.h    |  4 +++-
 4 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/src/context.c b/src/context.c
index 10d6a066..34432780 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1682,12 +1682,17 @@ getdns_context_set_namespaces(getdns_context *context,
 
 	for (i = 0; i < namespace_count; i++) {
 		if (namespaces[i] == GETDNS_NAMESPACE_NETBIOS ||
+#ifndef HAVE_MDNS_SUPPORT
+			namespaces[i] == GETDNS_NAMESPACE_MDNS ||
+#endif
 		    namespaces[i] == GETDNS_NAMESPACE_NIS)
 			r = GETDNS_RETURN_NOT_IMPLEMENTED;
 
 		else if (namespaces[i] != GETDNS_NAMESPACE_DNS &&
-		    namespaces[i] != GETDNS_NAMESPACE_LOCALNAMES &&
-			namespaces[i] != GETDNS_NAMESPACE_MDNS)
+#ifdef HAVE_MDNS_SUPPORT
+			namespaces[i] != GETDNS_NAMESPACE_MDNS &&
+#endif
+		    namespaces[i] != GETDNS_NAMESPACE_LOCALNAMES )
 			return GETDNS_RETURN_CONTEXT_UPDATE_FAIL;
 	}
 	GETDNS_FREE(context->my_mf, context->namespaces);
diff --git a/src/general.c b/src/general.c
index d40e2b52..97a97dcf 100644
--- a/src/general.c
+++ b/src/general.c
@@ -477,6 +477,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 				    ( req, localnames_response);
 				break;
 			}
+#ifdef HAVE_MDNS_SUPPORT
 		} else if (context->namespaces[i] == GETDNS_NAMESPACE_MDNS) {
 			/* Check whether the name belongs in the MDNS space */
 			if (!(r = _getdns_mdns_namespace_check(req)))
@@ -497,6 +498,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 				/* Stop processing more namespaces, since there was a match */
 				break;
 			}
+#endif /* HAVE_MDNS_SUPPORT */
 		} else if (context->namespaces[i] == GETDNS_NAMESPACE_DNS) {
 
 			/* TODO: We will get a good return code here even if
diff --git a/src/mdns.c b/src/mdns.c
index 5e204ab5..36950f36 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -27,6 +27,8 @@
 #include "util-internal.h"
 #include "mdns.h"
 
+#ifdef HAVE_MDNS_SUPPORT
+
 #ifdef USE_WINSOCK
 typedef u_short sa_family_t;
 #define _getdns_EWOULDBLOCK (WSAGetLastError() == WSATRY_AGAIN ||\
@@ -46,10 +48,12 @@ uint64_t _getdns_get_time_as_uintt64();
 #define MDNS_MCAST_IPV4_LONG 0xE00000FB /* 224.0.0.251 */
 #define MDNS_MCAST_PORT 5353
 
-static uint8_t mdns_mcast_ipv6[] = { 
-	0xFF, 0x02, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0xFB };
-
+/*
+ * TODO: When we start supporting IPv6 with MDNS, need to define this:
+ * static uint8_t mdns_mcast_ipv6[] = { 
+ *	0xFF, 0x02, 0, 0, 0, 0, 0, 0,
+ *	0, 0, 0, 0, 0, 0, 0, 0xFB };
+ */
 
 static uint8_t mdns_suffix_dot_local[] = { 5, 'l', 'o', 'c', 'a', 'l', 0 };
 static uint8_t mdns_suffix_254_169_in_addr_arpa[] = {
@@ -352,4 +356,6 @@ _getdns_mdns_namespace_check(
 		ret = GETDNS_RETURN_GOOD;
 
 	return ret;
-}
\ No newline at end of file
+}
+
+#endif /* HAVE_MDNS_SUPPORT */
diff --git a/src/mdns.h b/src/mdns.h
index 95458585..30ae3135 100644
--- a/src/mdns.h
+++ b/src/mdns.h
@@ -21,6 +21,7 @@
 #ifndef MDNS_H
 #define MDNS_H
 
+#ifdef HAVE_MDNS_SUPPORT
 #include "getdns/getdns.h"
 #include "types-internal.h"
 
@@ -29,5 +30,6 @@ _getdns_submit_mdns_request(getdns_network_req *netreq);
 
 getdns_return_t
 _getdns_mdns_namespace_check(getdns_dns_req *dnsreq);
+#endif /* HAVE_MDNS_SUPPORT */
 
-#endif /* MDNS_H */
\ No newline at end of file
+#endif /* MDNS_H */

From 835eaa855bd791300e529652587226a1e54a3a8c Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 11 Jan 2017 15:08:35 +0100
Subject: [PATCH 095/249] autoclean for cleaning with autoconf initialization

---
 Makefile.in | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Makefile.in b/Makefile.in
index 3f727468..909d7ae9 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -145,7 +145,11 @@ distclean:
 	rm -f $(distdir).tar.gz.md5 $(distdir).tar.gz.asc
 
 megaclean:
-	cd $(srcdir) && rm -fr * .dir-locals.el .gitignore .indent.pro .travis.yml && git reset --hard
+	cd $(srcdir) && rm -fr * .dir-locals.el .gitignore .indent.pro .travis.yml && git reset --hard && git submodule update --init
+
+autoclean: megaclean
+	libtoolize -ci
+	autoreconf -fi
 
 dist: $(distdir).tar.gz
 

From 53d73d2f90317fadc6b0925fdbbd689844cb8426 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Mon, 12 Dec 2016 12:25:10 -0800
Subject: [PATCH 096/249] Implementing the ARC4_LOCK/UNLOCK functions for
 Windows.

---
 src/compat/arc4_lock.c | 58 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

diff --git a/src/compat/arc4_lock.c b/src/compat/arc4_lock.c
index facf9575..34b85974 100644
--- a/src/compat/arc4_lock.c
+++ b/src/compat/arc4_lock.c
@@ -48,9 +48,65 @@ void _ARC4_UNLOCK(void)
 {
     pthread_mutex_unlock(&arc_lock);
 }
+#elif defined(GETDNS_ON_WINDOWS)
+ /*
+ * There is no explicit arc4random_init call, and thus
+ * the critical section must be allocated on the first call to
+ * ARC4_LOCK(). The interlocked test is used to verify that
+ * the critical section will be allocated only once.
+ *
+ * The work around is for the main program to call arc4random()
+ * at the beginning of execution, before spinning new threads.
+ *
+ * There is also no explicit arc4random_close call, and thus
+ * the critical section is never deleted. It will remain allocated
+ * as long as the program runs.
+ */
+static CRITICAL_SECTION arc_critical_section;
+static volatile long arc_critical_section_initialized = 0;
+
+void _ARC4_LOCK(void)
+{
+	long r = InterlockedCompareExchange(&arc_critical_section_initialized, 1, 0);
+
+	if (r != 2)
+	{
+		if (r == 0)
+		{
+			InitializeCriticalSection(&arc_critical_section);
+			arc_critical_section_initialized = 2;
+		}
+		else if (r == 1)
+		{
+			/*
+			* If the critical section is initialized, the first test
+			* will return the value 2.
+			*
+			* If several threads try to initialize the arc4random
+			* state "at the same time", the first one will find
+			* the "initialized" variable at 0, the other ones at 1.
+			*
+			* Since this is a fairly rare event, we resolve it with a
+			* simple active wait loop.
+			*/
+
+			while (arc_critical_section_initialized != 2)
+			{
+				Sleep(1);
+			}
+		}
+	}
+
+	EnterCriticalSection(&arc_critical_section);
+}
+
+void _ARC4_UNLOCK(void)
+{
+	LeaveCriticalSection(&arc_critical_section);
+}
 
 #else
-/* XXX - add windows-(or at least non pthread) specific lock routines here */
+ /* XXX - add non pthread specific lock routines here */
 void _ARC4_LOCK(void)
 {
 }

From 9a3b01ed62023e5faca3322f786cc0b2ee3c7a30 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 13 Jan 2017 12:48:15 +0100
Subject: [PATCH 097/249] DSA support with OpenSSL 1.1.0

---
 configure.ac           | 4 ++--
 src/util/val_secalgo.c | 9 +++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index fb9bf546..2bca8ae8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -253,7 +253,7 @@ fi
 AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/bn.h openssl/rsa.h openssl/dsa.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method])
+AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method DSA_SIG_set0 EVP_dss1])
 AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
 AC_INCLUDES_DEFAULT
 #ifdef HAVE_OPENSSL_ERR_H
@@ -440,7 +440,7 @@ case "$enable_dsa" in
       ;;
     *) dnl default
       # detect if DSA is supported, and turn it off if not.
-      AC_CHECK_FUNC(EVP_dss1, [
+      AC_CHECK_FUNC(DSA_SIG_new, [
 	AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.])
       ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.])
 	  fi ])
diff --git a/src/util/val_secalgo.c b/src/util/val_secalgo.c
index a27e7807..77238b2c 100644
--- a/src/util/val_secalgo.c
+++ b/src/util/val_secalgo.c
@@ -230,6 +230,7 @@ log_crypto_error(const char* str, unsigned long e)
 	ERR_error_string_n(e, buf, sizeof(buf));
 	/* buf now contains */
 	/* error:[error code]:[library name]:[function name]:[reason string] */
+	(void)str;
 	log_err("%s crypto %s", str, buf);
 }
 
@@ -262,8 +263,12 @@ setup_dsa_sig(unsigned char** sig, unsigned int* len)
 	dsasig = DSA_SIG_new();
 	if(!dsasig) return 0;
 
+#ifdef HAVE_DSA_SIG_SET0
+	if(!DSA_SIG_set0(dsasig, R, S)) return 0;
+#else
 	dsasig->r = R;
 	dsasig->s = S;
+#endif
 	*sig = NULL;
 	newlen = i2d_DSA_SIG(dsasig, sig);
 	if(newlen < 0) {
@@ -404,7 +409,11 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 					"EVP_PKEY_assign_DSA failed");
 				return 0;
 			}
+#ifdef HAVE_EVP_DSS1
 			*digest_type = EVP_dss1();
+#else
+			*digest_type = EVP_sha1();
+#endif
 
 			break;
 #endif /* USE_DSA */

From bb0ad001e7109e4d6902a21ef82a09169d0fbe7f Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 13 Jan 2017 12:59:16 +0100
Subject: [PATCH 098/249] Fix non existant domain names

---
 src/test/check_getdns_address.h      | 2 +-
 src/test/check_getdns_service_sync.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/check_getdns_address.h b/src/test/check_getdns_address.h
index 2c59d992..f898bdd8 100644
--- a/src/test/check_getdns_address.h
+++ b/src/test/check_getdns_address.h
@@ -224,7 +224,7 @@
 
        EVENT_BASE_CREATE;
 
-       ASSERT_RC(getdns_address(context, "hostnamedoesntexist", NULL,
+       ASSERT_RC(getdns_address(context, "hostnamedoesntexist.", NULL,
          &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_address()");
 
diff --git a/src/test/check_getdns_service_sync.h b/src/test/check_getdns_service_sync.h
index 09c48f9c..17273e24 100644
--- a/src/test/check_getdns_service_sync.h
+++ b/src/test/check_getdns_service_sync.h
@@ -124,7 +124,7 @@
        */
        struct getdns_context *context = NULL;   
        struct getdns_dict *response = NULL;
-       const char *name = "labelsizeofsixtythreecharacterscom";
+       const char *name = "labelsizeofsixtythreecharacterscom.";
 
        CONTEXT_CREATE(TRUE);
 

From 25849645d419ef31bda0c0ffc136b3a81d3b9904 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 13 Jan 2017 13:42:16 +0100
Subject: [PATCH 099/249] Don't crash with missing trust-anchors

---
 src/rr-iter.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/rr-iter.h b/src/rr-iter.h
index eae61012..d440d939 100644
--- a/src/rr-iter.h
+++ b/src/rr-iter.h
@@ -76,7 +76,7 @@ _getdns_rr_iter *_getdns_single_rr_iter_init(_getdns_rr_iter *i,
     const uint8_t *wire, const size_t wire_len);
 
 static inline _getdns_rr_iter *_getdns_rr_iter_rewind(_getdns_rr_iter *i)
-{ return _getdns_rr_iter_init(i, i->pkt, i->pkt_end - i->pkt); }
+{ return i ? _getdns_rr_iter_init(i, i->pkt, i->pkt_end - i->pkt) : NULL; }
 
 _getdns_rr_iter *_getdns_rr_iter_next(_getdns_rr_iter *i);
 
@@ -181,7 +181,7 @@ static inline _getdns_rrset *_getdns_rrset_iter_value(_getdns_rrset_iter *i)
 { return i && i->rr_i.pos ? &i->rrset : NULL; }
 
 static inline _getdns_rrset_iter *_getdns_rrset_iter_rewind(_getdns_rrset_iter *i)
-{ return _getdns_rrset_iter_init(i, i->rrset.pkt, i->rrset.pkt_len, i->rrset.sections); }
+{ return i ? _getdns_rrset_iter_init(i, i->rrset.pkt, i->rrset.pkt_len, i->rrset.sections) : NULL; }
 
 typedef struct _getdns_rdf_iter {
 	const uint8_t           *pkt;

From cd199def687d00bdd63435b1b51e6e5b11ea25d9 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 13 Jan 2017 19:45:54 +0100
Subject: [PATCH 100/249] Cookies and roadblock avoidance on by default

per RFC7873 and RFC8027
---
 configure.ac           | 29 ++++++++++++++---------------
 src/getdns/getdns.h.in |  1 +
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/configure.ac b/configure.ac
index 2bca8ae8..f102aedc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -447,32 +447,31 @@ case "$enable_dsa" in
       ;;
 esac
 
-AC_ARG_ENABLE(draft-dnssec-roadblock-avoidance, AC_HELP_STRING([--enable-draft-dnssec-roadblock-avoidance], [Enable experimental dnssec roadblock avoidance]))
-AC_ARG_ENABLE(draft-edns-cookies, AC_HELP_STRING([--enable-draft-edns-cookies], [Enable experimental edns cookies]))
-AC_ARG_ENABLE(all-drafts, AC_HELP_STRING([--enable-all-drafts], [Enable cookies and roadblock avoidance]))
+AC_ARG_ENABLE(all-drafts, AC_HELP_STRING([--enable-all-drafts], [No drafts in this release]))
 case "$enable_all_drafts" in
 	yes)
-		enable_draft_dnssec_roadblock_avoidance=yes
-		enable_draft_edns_cookies=yes
 		;;
 	no|*)
 		;;
 esac
-case "$enable_draft_dnssec_roadblock_avoidance" in
-	yes)
-		AC_DEFINE_UNQUOTED([DNSSEC_ROADBLOCK_AVOIDANCE], [1], [Define this to enable the experimental draft dnssec roadblock avoidance.])
+AC_ARG_ENABLE(dnssec-roadblock-avoidance, AC_HELP_STRING([--disable-dnssec-roadblock-avoidance], [Disable dnssec roadblock avoidance]))
+case "$enable_dnssec_roadblock_avoidance" in
+	no)
 		;;
-	no|*)
+	yes|*)
+		AC_DEFINE_UNQUOTED([DNSSEC_ROADBLOCK_AVOIDANCE], [1], [Define this to enable the experimental dnssec roadblock avoidance.])
 		;;
 esac
-case "$enable_draft_edns_cookies" in
-	yes)
+
+AC_ARG_ENABLE(edns-cookies, AC_HELP_STRING([--disable-edns-cookies], [Disable edns cookies]))
+case "$enable_edns_cookies" in
+	no)
+		;;
+	yes|*)
 		if test "x_$HAVE_SSL" != "x_yes"; then
-			AC_MSG_ERROR([edns cookies need openssl libcrypto which is not available, please rerun without --enable-draft-edns-cookies])
+			AC_MSG_ERROR([edns cookies need openssl libcrypto which is not available, please rerun with --disable-edns-cookies])
 		fi
-		AC_DEFINE_UNQUOTED([EDNS_COOKIES], [1], [Define this to enable the experimental draft edns cookies.])
-		;;
-	no|*)
+		AC_DEFINE_UNQUOTED([EDNS_COOKIES], [1], [Define this to enable the experimental edns cookies.])
 		;;
 esac
 AC_DEFINE_UNQUOTED([EDNS_COOKIE_OPCODE], [10], [The edns cookie option code.])
diff --git a/src/getdns/getdns.h.in b/src/getdns/getdns.h.in
index 2a8f7f2a..f7825361 100644
--- a/src/getdns/getdns.h.in
+++ b/src/getdns/getdns.h.in
@@ -485,6 +485,7 @@ typedef enum getdns_callback_type_t {
 #define GETDNS_RCODE_BADNAME  20
 #define GETDNS_RCODE_BADALG   21
 #define GETDNS_RCODE_BADTRUNC 22
+#define GETDNS_RCODE_COOKIE   23
 /** @}
  */
 

From 8a66ba0185d1b50c4adbf79634e1211ebea008a9 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 13 Jan 2017 20:22:49 +0100
Subject: [PATCH 101/249] Bump version, update ChangeLog

---
 ChangeLog    | 16 ++++++++++++++++
 configure.ac |  4 ++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e154f85e..46484397 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+* 2017-01-13: Version 1.0.0
+  * edns0_cookies extension enabled by default (per RFC7873)
+  * dnssec_roadblock_avoidance enabled by default (per RFC8027)
+  * bugfix: DSA support with OpenSSL 1.1.0
+  * Initialize OpenSSL just once in a thread safe way
+  * Thread safety with arc4random function
+  * Improvements that came from Visual Studio static analysis
+    Thanks Christian Huitema
+  * Conventional RFC3986 IPv6 [address]:port parsing from getdns_query
+  * bugfix: OpenSSL 1.1.0 style crypto locking
+    Thanks volkommenheit
+  * configure tells *which* dependency is missing
+  * bugfix: Exclude terminating '\0' from bindata's returned by
+    getdns_get_suffix(). Thanks Jim Hague
+  * Better README.md.  Thanks Andrew Sullivan
+
 * 2016-07-14: Version 1.0.0b2
   * Collect coverage information from the unit tests
     Thanks Shane Kerr
diff --git a/configure.ac b/configure.ac
index f102aedc..6b3b3710 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,7 +37,7 @@ sinclude(./m4/ax_check_compile_flag.m4)
 sinclude(./m4/pkg.m4)
 
 AC_INIT([getdns], [1.0.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
-AC_SUBST(RELEASE_CANDIDATE, [b2])
+AC_SUBST(RELEASE_CANDIDATE, [])
 
 # Set current date from system if not set
 AC_ARG_WITH([current-date],
@@ -47,7 +47,7 @@ AC_ARG_WITH([current-date],
   [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
 
 AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
-AC_SUBST(GETDNS_NUMERIC_VERSION, [0x00100200])
+AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01000000])
 AC_SUBST(API_VERSION, ["December 2015"])
 AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
 GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"

From cf3d4a4b2ef9faadf22e283d9f641f0ecef1839e Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 13 Jan 2017 20:29:19 +0100
Subject: [PATCH 102/249] Create SHA256 with distro

---
 Makefile.in | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index 909d7ae9..1bf01cfb 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -141,7 +141,7 @@ distclean:
 	rm -f m4/ltoptions.m4
 	rm -f m4/ltsugar.m4
 	rm -f m4/ltversion.m4
-	rm -f $(distdir).tar.gz $(distdir).tar.gz.sha1
+	rm -f $(distdir).tar.gz $(distdir).tar.gz.sha256
 	rm -f $(distdir).tar.gz.md5 $(distdir).tar.gz.asc
 
 megaclean:
@@ -153,10 +153,10 @@ autoclean: megaclean
 
 dist: $(distdir).tar.gz
 
-pub: $(distdir).tar.gz.sha1 $(distdir).tar.gz.md5 $(distdir).tar.gz.asc
+pub: $(distdir).tar.gz.sha256 $(distdir).tar.gz.md5 $(distdir).tar.gz.asc
 
-$(distdir).tar.gz.sha1: $(distdir).tar.gz
-	openssl sha1 $(distdir).tar.gz >$@
+$(distdir).tar.gz.sha256: $(distdir).tar.gz
+	openssl sha256 $(distdir).tar.gz >$@
 
 $(distdir).tar.gz.md5: $(distdir).tar.gz
 	openssl md5 $(distdir).tar.gz >$@

From e80d3340c6ede8d5335a03131148679e9fb9a31a Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 13 Jan 2017 20:43:04 +0100
Subject: [PATCH 103/249] Coverage linking + missing constant in str2int

---
 src/test/getdns_str2dict.c    | 1 +
 src/test/tpkg/run-all-lcov.sh | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/test/getdns_str2dict.c b/src/test/getdns_str2dict.c
index 3c894ee6..aecc4a25 100644
--- a/src/test/getdns_str2dict.c
+++ b/src/test/getdns_str2dict.c
@@ -826,6 +826,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RCODE_BADTIME", 18 },
 	{ "GETDNS_RCODE_BADTRUNC", 22 },
 	{ "GETDNS_RCODE_BADVERS", 16 },
+	{ "GETDNS_RCODE_COOKIE", 23 },
 	{ "GETDNS_RCODE_FORMERR", 1 },
 	{ "GETDNS_RCODE_NOERROR", 0 },
 	{ "GETDNS_RCODE_NOTAUTH", 9 },
diff --git a/src/test/tpkg/run-all-lcov.sh b/src/test/tpkg/run-all-lcov.sh
index 740ef828..37bf8cea 100755
--- a/src/test/tpkg/run-all-lcov.sh
+++ b/src/test/tpkg/run-all-lcov.sh
@@ -15,7 +15,7 @@ LCOV_MERGE=""
 for TEST_PKG in ${SRCDIR}/*.tpkg
 do
     # when we run our test, we need to compile with profiling
-    CFLAGS="-fprofile-arcs -ftest-coverage -O0" "${TPKG}" $* exe "${TEST_PKG}"
+    LDFLAGS="-lgcov --coverage" CFLAGS="-fprofile-arcs -ftest-coverage -O0" "${TPKG}" $* exe "${TEST_PKG}"
     # after the test is complete, we need to collect the coverage data
     INFO_FILE=`echo $TEST_PKG | sed 's/.tpkg$//'`.info
     geninfo $SRCDIR/.. -o $INFO_FILE

From 155ceede4c5895f46c99a33bfa2c35f2cafd12cf Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 13 Jan 2017 20:49:26 +0100
Subject: [PATCH 104/249] Unuser variables with --without-libidn

---
 src/convert.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/convert.c b/src/convert.c
index 055abf96..9b3a28af 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -156,6 +156,7 @@ getdns_convert_ulabel_to_alabel(const char *ulabel)
     free(prepped2);
     return buf;
 #else
+    (void)ulabel;
     return NULL;
 #endif
 }
@@ -185,6 +186,7 @@ getdns_convert_alabel_to_ulabel(const char *alabel)
     }
     return buf;
 #else
+    (void)alabel;
     return NULL;
 #endif
 }

From bb369ec7d901354825a796542db45defb6bd1906 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 13 Jan 2017 21:12:48 +0100
Subject: [PATCH 105/249] Document limits of syncronous functions

As agreed in conversation with pull request #246
---
 README.md | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1b5a4807..3903e278 100644
--- a/README.md
+++ b/README.md
@@ -179,7 +179,18 @@ Stub mode does not support:
 
 # Known Issues
 
-* None
+* The synchronous lookup functions will not work when new file descriptors
+  needed for the lookup will be larger than `FD_SETSIZE`.  This is because
+  the synchronous functions use a "default" event loop under the hood
+  which is based on `select()` and thus inherits the limits that `select()` has.
+
+  If you need only slightly more file descriptors, it is possible to enlarge
+  the `FD_SETSIZE` with the `--with-fd-setsize=`*`size`* flag to `configure`.
+
+  To resolve, use the asynchronous functions with an event loop extension for
+  libevent, libev or libuv.  Note that the asynchronous functions will have
+  the same problem when used in combination with `getdns_context_run()`, which
+  also uses the default event loop.
 
 # Supported Platforms
 

From 9320364053b234a60c0afd02eb500ee5d448aa66 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 13 Jan 2017 21:28:07 +0100
Subject: [PATCH 106/249] Fix two more sign-compare warnings

---
 src/extension/default_eventloop.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 0344f447..e9e74550 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -212,7 +212,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		else if (default_loop->timeout_times[i] < timeout)
 			timeout = default_loop->timeout_times[i];
 	}
-	for (fd = 0; fd < FD_SETSIZE; fd++) {
+	for (fd = 0; fd < (int)FD_SETSIZE; fd++) {
 		if (!default_loop->fd_events[fd])
 			continue;
 		if (default_loop->fd_events[fd]->read_cb)
@@ -240,7 +240,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		exit(EXIT_FAILURE);
 	}
 	now = get_now_plus(0);
-	for (fd = 0; fd < FD_SETSIZE; fd++) {
+	for (fd = 0; fd < (int)FD_SETSIZE; fd++) {
 		if (default_loop->fd_events[fd] &&
 		    default_loop->fd_events[fd]->read_cb &&
 		    FD_ISSET(fd, &readfds))

From b564c8d96fa50a7cb2dd172036f12ad101b50055 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 13 Jan 2017 21:34:06 +0100
Subject: [PATCH 107/249] Few things for the scroll-spy README on the website

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 3903e278..2f59f6de 100644
--- a/README.md
+++ b/README.md
@@ -83,7 +83,7 @@ If you want to use the getdns_query command line wrapper script for testing or t
 * Currently getdns only offers two helper functions to deal with IDN: `getdns_convert_ulabel_to_alabel` and `getdns_convert_alabel_to_ulabel`.  If you do not need these functions, getdns can be configured to compile without them with the `--without-libidn` option to configure.
 * When both `--enable-stub-only` and `--without-libidn` options are used, getdns has only one dependency left, which is OpenSSL.
 
-## Extensions / Event loop dependencies
+## Extensions and Event loop dependencies
 
 The implementation works with a variety of event loops, each built as a separate shared library.  See [the wiki](https://github.com/getdnsapi/getdns/wiki/Asynchronous-Support#wiki-included-event-loop-integrations) for more details.
 
@@ -124,7 +124,7 @@ We have a [getdns users list](https://getdnsapi.net/mailman/listinfo/users) for
 
 The [getdns-api mailing list](https://getdnsapi.net/mailman/listinfo/spec) is a good place to engage in discussions regarding the design of the API.
 
-# Tickets/Bug Reports
+# Tickets and Bug Reports
 
 Tickets and bug reports should be reported via the [GitHub issues list](https://github.com/getdnsapi/getdns/issues).
 
@@ -214,7 +214,7 @@ If you're using [FreeBSD](https://www.freebsd.org/), you may install getdns via
 
 If you are using FreeBSD 10 getdns can be intalled via 'pkg install getdns'.
 
-### CentOS/RHEL 6.5
+### CentOS and RHEL 6.5
 
 We rely on the most excellent package manager fpm to build the linux packages, which
 means that the packaging platform requires ruby 2.1.0.  There are other ways to
@@ -272,7 +272,7 @@ The build has been tested using the following:
 32 bit only Mingw: [Mingw(3.21.0) and Msys 1.0](http://www.mingw.org/) on Windows 8.1
 32 bit build on a 64 bit Mingw [Download latest from: http://mingw-w64.org/doku.php/download/mingw-builds and http://msys2.github.io/]. IMPORTANT: Install tested ONLY on the  "x86_64" for 64-bit installer of msys2.
 
-#### Dependencies: 
+#### Dependencies
 The following dependencies are 
 * openssl-1.0.2j
 * libidn

From f4cd8f6b47ea2e40dbb3c6b321a9125a27e7f115 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 13 Jan 2017 22:38:23 +0100
Subject: [PATCH 108/249] Fix constants

---
 src/const-info.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/const-info.c b/src/const-info.c
index 0294e281..a71f928a 100644
--- a/src/const-info.c
+++ b/src/const-info.c
@@ -188,6 +188,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RCODE_BADTIME", 18 },
 	{ "GETDNS_RCODE_BADTRUNC", 22 },
 	{ "GETDNS_RCODE_BADVERS", 16 },
+	{ "GETDNS_RCODE_COOKIE", 23 },
 	{ "GETDNS_RCODE_FORMERR", 1 },
 	{ "GETDNS_RCODE_NOERROR", 0 },
 	{ "GETDNS_RCODE_NOTAUTH", 9 },

From 17da80a8285e17809f886424415073aa19ab1621 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 18 Jan 2017 14:29:32 +0100
Subject: [PATCH 109/249] Feed poll with millisecond timeout

---
 src/extension/default_eventloop.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 6262e446..17bb2b99 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -290,7 +290,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	else if (! blocking || now > timeout) {
 		poll_timeout = 0;
 	} else {
-		poll_timeout = (timeout - now) * 1000; /* turn seconds into millseconds */
+		poll_timeout = (timeout - now) / 1000; /* turn microseconds into milliseconds */
 	}
 #ifdef USE_WINSOCK
 	if (WSAPoll(pfds, num_pfds, poll_timeout) < 0) {

From fd3e0c01f7f6a3e1fac3de009b624ec15b4e4d0f Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Wed, 18 Jan 2017 15:12:56 +0000
Subject: [PATCH 110/249] call default_time_cb with -1 instead of index

---
 src/extension/default_eventloop.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 17bb2b99..61e04070 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -246,6 +246,8 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	int poll_timeout = 0;
 	struct pollfd* pfds = NULL;
 	unsigned int num_pfds = 0;
+	_getdns_eventloop_info* timeout_timeout_cbs = NULL;
+	_getdns_eventloop_info* fd_timeout_cbs = NULL;
 
 	if (!loop)
 		return;
@@ -254,10 +256,17 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 
 	HASH_ITER(hh, default_loop->timeout_events, s, tmp) {
 		if (now > s->timeout_time)
-			default_timeout_cb(-1, s->event);
+			add_event(&timeout_timeout_cbs, s->id, s);
 		else if (s->timeout_time < timeout)
 			timeout = s->timeout_time;
 	}
+	/* this is in case the timeout callback deletes the event
+	   and thus messes with the iteration */
+	HASH_ITER(hh, timeout_timeout_cbs, s, tmp) {
+		getdns_eventloop_event* event = s->event;
+		delete_event(&timeout_timeout_cbs, s);
+		default_timeout_cb(-1, event);
+	}
 	// first we count the number of fds that will be active
 	HASH_ITER(hh, default_loop->fd_events, s, tmp) {
 		if (s->event->read_cb ||
@@ -317,7 +326,6 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	}
 	if (pfds)
 		free(pfds);
-	_getdns_eventloop_info* fd_timeout_cbs = NULL;
 	HASH_ITER(hh, default_loop->fd_events, s, tmp) {
 		if (s->event &&
 		    s->event->timeout_cb &&
@@ -332,7 +340,6 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		delete_event(&fd_timeout_cbs, s);
 		default_timeout_cb(fd, event);
 	}
-	_getdns_eventloop_info* timeout_timeout_cbs = NULL;
 	HASH_ITER(hh, default_loop->timeout_events, s, tmp) {
 		if (s->event &&
 		    s->event->timeout_cb &&
@@ -342,10 +349,9 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	/* this is in case the timeout callback deletes the event
 	   and thus messes with the iteration */
 	HASH_ITER(hh, timeout_timeout_cbs, s, tmp) {
-		int fd = s->id;
 		getdns_eventloop_event* event = s->event;
 		delete_event(&timeout_timeout_cbs, s);
-		default_timeout_cb(fd, event);
+		default_timeout_cb(-1, event);
 	}
 
 }

From dad4aaf6d8ae1784f107a5a883663d823bf9963e Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Wed, 18 Jan 2017 15:31:01 +0000
Subject: [PATCH 111/249] correctly allocate and free memory for eventloop
 hashes

---
 src/extension/default_eventloop.c | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/extension/default_eventloop.c b/src/extension/default_eventloop.c
index 61e04070..f9c0e1b2 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/default_eventloop.c
@@ -47,14 +47,18 @@ _getdns_eventloop_info *find_event(_getdns_eventloop_info** events, int id)
 void add_event(_getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
 {
 	DEBUG_SCHED("default_eventloop: add_event with id %d\n", id);
-	ev->id = id;
-	HASH_ADD_INT(*events, id, ev);
+	_getdns_eventloop_info* myevent = calloc(1, sizeof(_getdns_eventloop_info));
+	myevent->event = ev->event;
+	myevent->id = id;
+	myevent->timeout_time = ev->timeout_time;
+	HASH_ADD_INT(*events, id, myevent);
 }
 
 void delete_event(_getdns_eventloop_info** events, _getdns_eventloop_info* ev)
 {
 	DEBUG_SCHED("default_eventloop: delete_event with id %d\n", ev->id);
 	HASH_DEL(*events, ev);
+	free(ev);
 }
 
 static uint64_t get_now_plus(uint64_t amount)
@@ -113,13 +117,12 @@ default_eventloop_schedule(getdns_eventloop *loop,
 		/* cleanup the old event if it exists */
 		if (fd_event) {
 			delete_event(&default_loop->fd_events, fd_event);
-			free(fd_event);
 		}
-		fd_event = calloc(1, sizeof(_getdns_eventloop_info));
-		fd_event->event = event;
-		fd_event->timeout_time = get_now_plus(timeout);
-		add_event(&default_loop->fd_events, fd, fd_event);
+		_getdns_eventloop_info fd_ev;
 		event->ev = (void *) (intptr_t) (fd + 1);
+		fd_ev.event = event;
+		fd_ev.timeout_time = get_now_plus(timeout);
+		add_event(&default_loop->fd_events, fd, &fd_ev);
 
 		DEBUG_SCHED( "scheduled read/write at fd %d\n", fd);
 		return GETDNS_RETURN_GOOD;
@@ -137,12 +140,11 @@ default_eventloop_schedule(getdns_eventloop *loop,
 		event->write_cb = NULL;
 	}
 	for (i = 0; i < default_loop->max_timeouts; i++) {
-		_getdns_eventloop_info* timeout_event = NULL;
-		if ((timeout_event = find_event(&default_loop->timeout_events, i)) == NULL) {
-			timeout_event = calloc(1, sizeof(_getdns_eventloop_info));
-			timeout_event->event = event;
-			timeout_event->timeout_time = get_now_plus(timeout);
-			add_event(&default_loop->timeout_events, i, timeout_event);
+		if (find_event(&default_loop->timeout_events, i) == NULL) {
+			_getdns_eventloop_info timeout_ev;
+			timeout_ev.event = event;
+			timeout_ev.timeout_time = get_now_plus(timeout);
+			add_event(&default_loop->timeout_events, i, &timeout_ev);
 			event->ev = (void *) (intptr_t) (i + 1);
 
 			DEBUG_SCHED( "scheduled timeout at slot %d\n", (int)i);
@@ -179,7 +181,6 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 #endif
 		if (timeout_event) {
 			delete_event(&default_loop->timeout_events, timeout_event);
-			free(timeout_event);
 		}
 	} else {
 		_getdns_eventloop_info* fd_event = find_event(&default_loop->fd_events, i);
@@ -191,7 +192,6 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 #endif
 		if (fd_event) {
 			delete_event(&default_loop->fd_events, fd_event);
-			free(fd_event);
 		}
 	}
 	event->ev = NULL;

From abd0244aba263fd8894a77dd830dda223e70627a Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Fri, 20 Jan 2017 19:33:12 -0800
Subject: [PATCH 112/249] Fixing a potential bug in the RB tree for
 netreq_by_id

---
 src/context.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/context.c b/src/context.c
index 34432780..41a194f7 100644
--- a/src/context.c
+++ b/src/context.c
@@ -747,7 +747,14 @@ tls_only_is_in_transports_list(getdns_context *context) {
 static int
 net_req_query_id_cmp(const void *id1, const void *id2)
 {
-	return (intptr_t)id1 - (intptr_t)id2;
+	int ret = 0;
+
+	if (id1 != id2)
+	{
+		ret = ((intptr_t)id1 < (intptr_t)id2) ? -1 : 1;
+	}
+
+	return ret;
 }
 
 static getdns_tsig_info const tsig_info[] = {

From 31eee9c7d10f239a46e2b3881241e600b30b0579 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Fri, 20 Jan 2017 19:44:05 -0800
Subject: [PATCH 113/249] Intermediate commit of context.h, mdns.[ch]

---
 src/context.h |  16 +++++++
 src/mdns.c    | 125 ++++++++++++++++++++++++++++++++++++++++++++++++++
 src/mdns.h    |  27 +++++++++++
 3 files changed, 168 insertions(+)

diff --git a/src/context.h b/src/context.h
index 86bfb817..6a1d6458 100644
--- a/src/context.h
+++ b/src/context.h
@@ -287,6 +287,22 @@ struct getdns_context {
 	/* We need to run WSAStartup() to be able to use getaddrinfo() */
 	WSADATA wsaData;
 #endif
+
+	/* MDNS */
+#ifdef HAVE_MDNS_SUPPORT
+	/* 
+	 * If supporting MDNS, context may be instantiated either in basic mode
+	 * or in full mode. If working in extended mode, two multicast sockets are
+	 * left open, for IPv4 and IPv6. Data can be received on either socket.
+	 * The context also keeps a list of open queries, characterized by a 
+	 * name and an RR type. 
+	 */
+	int mdns_extended_support;
+	int fd_mdns_v4;
+	int fd_mdns_v6;
+	_getdns_rbtree_t mdns_continuous_queries_by_name_rrtype;
+
+#endif /* HAVE_MDNS_SUPPORT */
 }; /* getdns_context */
 
 /** internal functions **/
diff --git a/src/mdns.c b/src/mdns.c
index 36950f36..44027d58 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -78,6 +78,131 @@ static uint8_t mdns_suffix_b_e_f_ip6_arpa[] = {
 	7, 'i', 'p', 'v', '6',
 	4, 'a', 'r', 'p', 'a', 0 };
 
+
+/*
+* Compare function for the netreq_by_query_id,
+* used in the red-black tree of all netreq by continuous query.
+*/
+static int mdns_cmp_netreq_by_query_id(const void * id1, const void * id2)
+{
+	int ret = 0;
+
+	if (id1 != id2)
+	{
+		ret = (((intptr_t)id1) < ((intptr_t)id2)) ? -1 : 1;
+	}
+	return ret;
+}
+
+/*
+ * Compare function for the getdns_mdns_known_record type,
+ * used in the red-black tree of known records per query.
+ */
+
+static int mdns_cmp_known_records(const void * nkr1, const void * nkr2)
+{
+	int ret = 0;
+	getdns_mdns_known_record * kr1 = (getdns_mdns_known_record *)nkr1;
+	getdns_mdns_known_record * kr2 = (getdns_mdns_known_record *)nkr2;
+
+	if (kr1->record_length != kr2->record_length)
+	{
+		ret = (kr1->record_length < kr2->record_length) ? -1 : 1;
+	}
+	else
+	{
+		ret = memcmp((const void*)kr1->record_data, (const void*)kr2->record_data, kr1->record_length);
+	}
+
+	return ret;
+}
+
+/*
+ * Compare function for the mdns_continuous_query_by_name_rrtype,
+ * used in the red-black tree of all ongoing queries.
+ */
+static int mdns_cmp_continuous_queries_by_name_rrtype(const void * nqnr1, const void * nqnr2)
+{
+	int ret = 0;
+	getdns_mdns_continuous_query * qnr1 = (getdns_mdns_continuous_query *)nqnr1;
+	getdns_mdns_continuous_query * qnr2 = (getdns_mdns_continuous_query *)nqnr2;
+
+	if (qnr1->request_class != qnr2->request_class) 
+	{
+		ret = (qnr1->request_class < qnr2->request_class) ? -1 : 1;
+	} 
+	else if (qnr1->request_type != qnr2->request_type)
+	{
+		ret = (qnr1->request_type < qnr2->request_type) ? -1 : 1;
+	}
+	else if (qnr1->name_len != qnr2->name_len)
+	{
+		ret = (qnr1->name_len < qnr2->name_len) ? -1 : 1;
+	}
+	else
+	{
+		ret = memcmp((void*)qnr1->name, (void*)qnr2->name, qnr1->name_len);
+	}
+	return ret;
+}
+
+/*
+ * Initialize a continuous query from netreq
+ */
+static int mdns_initialize_continuous_request(getdns_network_req *netreq)
+{
+	int ret = 0;
+	getdns_mdns_continuous_query temp_query, *continuous_query, *inserted_query;
+	getdns_dns_req *dnsreq = netreq->owner;
+	/*
+	 * Fill the target request, but only initialize name and request_type
+	 */
+	temp_query.request_class = dnsreq->request_class;
+	temp_query.request_type = netreq->request_type;
+	temp_query.name_len = dnsreq->name_len;
+	/* TODO: check that dnsreq is in canonical form */
+	memcpy(temp_query.name, dnsreq->name, dnsreq->name_len);
+	/*
+	 * Check whether the continuous query is already in the RB tree.
+	 * if there is not, create one.
+	 * TODO: should lock the context object when doing that.
+	 */
+	continuous_query = (getdns_mdns_continuous_query *)
+		_getdns_rbtree_search(&dnsreq->context->mdns_continuous_queries_by_name_rrtype, &temp_query);
+	if (continuous_query == NULL)
+	{
+		continuous_query = (getdns_mdns_continuous_query *)
+			GETDNS_MALLOC(dnsreq->context->mf, getdns_mdns_continuous_query);
+		if (continuous_query != NULL)
+		{
+			continuous_query->request_class = temp_query.request_class;
+			continuous_query->request_type = temp_query.request_type;
+			continuous_query->name_len = temp_query.name_len;
+			memcpy(continuous_query->name, temp_query.name, temp_query.name_len);
+			_getdns_rbtree_init(&continuous_query->known_records_by_value, mdns_cmp_known_records);
+			/* Tracking of network requests on this socket */
+			_getdns_rbtree_init(&continuous_query->netreq_by_query_id, mdns_cmp_netreq_by_query_id);
+			/* Add the new continuous query to the context */
+			inserted_query = _getdns_rbtree_insert(&dnsreq->context->mdns_continuous_queries_by_name_rrtype,
+				continuous_query);
+			if (inserted_query == NULL)
+			{
+				/* Weird. This can only happen in a race condition */
+				GETDNS_FREE(dnsreq->context->mf, continuous_query);
+				ret = GETDNS_RETURN_GENERIC_ERROR;
+			}
+		}
+		else
+		{
+			ret = GETDNS_RETURN_MEMORY_ERROR;
+		}
+	}
+	/* To do: insert netreq into query list */
+	/* to do: queue message request to socket */
+
+	return ret;
+}
+
 /* TODO: actualy delete what is required.. */
 static void
 mdns_cleanup(getdns_network_req *netreq)
diff --git a/src/mdns.h b/src/mdns.h
index 30ae3135..4a85602c 100644
--- a/src/mdns.h
+++ b/src/mdns.h
@@ -30,6 +30,33 @@ _getdns_submit_mdns_request(getdns_network_req *netreq);
 
 getdns_return_t
 _getdns_mdns_namespace_check(getdns_dns_req *dnsreq);
+
+/*
+ * data structure for continuous queries
+ */
+
+typedef struct getdns_mdns_known_record
+{
+	uint32_t ttl; /* todo: should this be an expiration date? */
+	uint8_t * record_data;
+	int record_length;
+} getdns_mdns_known_record;
+
+typedef struct getdns_mdns_continuous_query
+{
+	uint8_t name[256]; /* binary representation of name being queried */
+	int name_len;
+	uint16_t request_class;
+	uint16_t request_type;
+	/* list of known records */
+	_getdns_rbtree_t known_records_by_value;
+	/* list of user queries */
+	_getdns_rbtree_t netreq_by_query_id;
+	/* todo: do we need an expiration date, or a timer? */
+	/* todo: do we need an update mark for showing last results? */
+} getdns_mdns_continuous_query;
+
+
 #endif /* HAVE_MDNS_SUPPORT */
 
 #endif /* MDNS_H */

From 4ccfa2a7819385da682ab465d1ba5fc17c1fe9a2 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Sat, 21 Jan 2017 14:46:38 -0800
Subject: [PATCH 114/249] Preparing fix for 64 bit warning in
 net_req_query_id_cmp

---
 src/context.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/context.c b/src/context.c
index d9f2e13b..987d5ea2 100644
--- a/src/context.c
+++ b/src/context.c
@@ -818,6 +818,10 @@ tls_only_is_in_transports_list(getdns_context *context) {
 
 static int
 net_req_query_id_cmp(const void *id1, const void *id2)
+{
+	return (intptr_t)id1 - (intptr_t)id2;
+}
+/*
 {
 	int ret = 0;
 
@@ -828,6 +832,7 @@ net_req_query_id_cmp(const void *id1, const void *id2)
 
 	return ret;
 }
+*/
 
 static getdns_tsig_info const tsig_info[] = {
 	  { GETDNS_NO_TSIG, NULL, 0, NULL, 0, 0, 0 }

From 4c71d6239f9ca9ab734d2ba40fb329ca5ccbfe97 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Sat, 21 Jan 2017 14:49:58 -0800
Subject: [PATCH 115/249] Fixing potential bug for comparision function
 net_req_query_id_cmp on 64 bits architectures.

---
 src/context.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/context.c b/src/context.c
index 987d5ea2..fd93c68b 100644
--- a/src/context.c
+++ b/src/context.c
@@ -819,10 +819,11 @@ tls_only_is_in_transports_list(getdns_context *context) {
 static int
 net_req_query_id_cmp(const void *id1, const void *id2)
 {
-	return (intptr_t)id1 - (intptr_t)id2;
-}
-/*
-{
+	/*
+	 * old code was:
+	 * return (intptr_t)id1 - (intptr_t)id2;
+	 *but this is incorrect on 64 bit architectures.
+	 */
 	int ret = 0;
 
 	if (id1 != id2)
@@ -832,7 +833,7 @@ net_req_query_id_cmp(const void *id1, const void *id2)
 
 	return ret;
 }
-*/
+
 
 static getdns_tsig_info const tsig_info[] = {
 	  { GETDNS_NO_TSIG, NULL, 0, NULL, 0, 0, 0 }

From 93d6f2b18fcbd5b1e63dd4707eacc24197977529 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Mon, 6 Feb 2017 18:23:35 -1000
Subject: [PATCH 116/249] Intermediate commit, after definition of the MDNS
 context

---
 src/context.c        |  23 ++++
 src/context.h        |  10 +-
 src/debug.h          |   1 +
 src/mdns.c           | 260 ++++++++++++++++++++++++++++++++++++++-----
 src/mdns.h           |  20 +++-
 src/server.c         |  22 +++-
 src/types-internal.h |  10 +-
 7 files changed, 307 insertions(+), 39 deletions(-)

diff --git a/src/context.c b/src/context.c
index fd93c68b..16e0da92 100644
--- a/src/context.c
+++ b/src/context.c
@@ -98,6 +98,16 @@ static pthread_mutex_t ssl_init_lock = PTHREAD_MUTEX_INITIALIZER;
 #endif
 static bool ssl_init=false;
 
+#ifdef HAVE_MDNS_SUPPORT
+/*
+ * Forward declaration of MDNS context init and destroy function.
+ * We do this here instead of including mdns.h, in order to
+ * minimize dependencies.
+ */
+void _getdns_mdns_context_init(struct getdns_context *context);
+void _getdns_mdns_context_destroy(struct getdns_context *context);
+#endif
+
 void *plain_mem_funcs_user_arg = MF_PLAIN;
 
 typedef struct host_name_addrs {
@@ -1471,8 +1481,14 @@ getdns_context_create_with_extended_memory_functions(
 		goto error;
 #endif
 
+
+#ifdef HAVE_MDNS_SUPPORT
+	_getdns_mdns_context_init(result);
+#endif
+
 	create_local_hosts(result);
 
+
 	*context = result;
 	return GETDNS_RETURN_GOOD;
 error:
@@ -1552,6 +1568,13 @@ getdns_context_destroy(struct getdns_context *context)
 		ub_ctx_delete(context->unbound_ctx);
 #endif
 
+#ifdef HAVE_MDNS_SUPPORT
+	/*
+	 * Release all ressource allocated for MDNS.
+	 */
+	_getdns_mdns_context_destroy(context);
+#endif
+
 	if (context->namespaces)
 		GETDNS_FREE(context->my_mf, context->namespaces);
 
diff --git a/src/context.h b/src/context.h
index 94ab8c45..b5d2148e 100644
--- a/src/context.h
+++ b/src/context.h
@@ -344,12 +344,14 @@ struct getdns_context {
 	 * or in full mode. If working in extended mode, two multicast sockets are
 	 * left open, for IPv4 and IPv6. Data can be received on either socket.
 	 * The context also keeps a list of open queries, characterized by a 
-	 * name and an RR type. 
+	 * name and an RR type, and a list of received answers, characterized
+	 * by name, RR type and data value.
 	 */
-	int mdns_extended_support;
-	int fd_mdns_v4;
-	int fd_mdns_v6;
+	int mdns_extended_support; /* 0 = no support, 1 = supported, 2 = initialization needed */
+	int mdns_fdv4;
+	int mdns_fdv6;
 	_getdns_rbtree_t mdns_continuous_queries_by_name_rrtype;
+	_getdns_rbtree_t mdns_known_records_by_value;
 
 #endif /* HAVE_MDNS_SUPPORT */
 }; /* getdns_context */
diff --git a/src/debug.h b/src/debug.h
index 5087efb4..c9cbe248 100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -128,6 +128,7 @@
 
 #define MDNS_DEBUG_ENTRY     "-> MDNS ENTRY:  "
 #define MDNS_DEBUG_READ      "-- MDNS READ:   "
+#define MDNS_DEBUG_MREAD      "-- MDNS MREAD:  "
 #define MDNS_DEBUG_WRITE     "-- MDNS WRITE:  "
 #define MDNS_DEBUG_CLEANUP   "-- MDNS CLEANUP:"
 
diff --git a/src/mdns.c b/src/mdns.c
index 44027d58..52310db0 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -48,12 +48,10 @@ uint64_t _getdns_get_time_as_uintt64();
 #define MDNS_MCAST_IPV4_LONG 0xE00000FB /* 224.0.0.251 */
 #define MDNS_MCAST_PORT 5353
 
-/*
- * TODO: When we start supporting IPv6 with MDNS, need to define this:
- * static uint8_t mdns_mcast_ipv6[] = { 
- *	0xFF, 0x02, 0, 0, 0, 0, 0, 0,
- *	0, 0, 0, 0, 0, 0, 0, 0xFB };
- */
+static uint8_t mdns_mcast_ipv6[] = {
+	0xFF, 0x02, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0xFB 
+};
 
 static uint8_t mdns_suffix_dot_local[] = { 5, 'l', 'o', 'c', 'a', 'l', 0 };
 static uint8_t mdns_suffix_254_169_in_addr_arpa[] = {
@@ -63,19 +61,19 @@ static uint8_t mdns_suffix_254_169_in_addr_arpa[] = {
 	4, 'a', 'r', 'p', 'a', 0 };
 static uint8_t mdns_suffix_8_e_f_ip6_arpa[] = {
 	1, '8', 1, 'e', 1, 'f',
-	7, 'i', 'p', 'v', '6',
+	3, 'i', 'p', '6',
 	4, 'a', 'r', 'p', 'a', 0 };
 static uint8_t mdns_suffix_9_e_f_ip6_arpa[] = {
 	1, '9', 1, 'e', 1, 'f',
-	7, 'i', 'p', 'v', '6',
+	3, 'i', 'p', '6',
 	4, 'a', 'r', 'p', 'a', 0 };
 static uint8_t mdns_suffix_a_e_f_ip6_arpa[] = {
 	1, 'a', 1, 'e', 1, 'f',
-	7, 'i', 'p', 'v', '6',
+	3, 'i', 'p', '6',
 	4, 'a', 'r', 'p', 'a', 0 };
 static uint8_t mdns_suffix_b_e_f_ip6_arpa[] = {
 	1, 'b', 1, 'e', 1, 'f',
-	7, 'i', 'p', 'v', '6',
+	3, 'i', 'p', '6',
 	4, 'a', 'r', 'p', 'a', 0 };
 
 
@@ -105,13 +103,25 @@ static int mdns_cmp_known_records(const void * nkr1, const void * nkr2)
 	getdns_mdns_known_record * kr1 = (getdns_mdns_known_record *)nkr1;
 	getdns_mdns_known_record * kr2 = (getdns_mdns_known_record *)nkr2;
 
-	if (kr1->record_length != kr2->record_length)
+	if (kr1->request_class != kr2->request_class)
 	{
-		ret = (kr1->record_length < kr2->record_length) ? -1 : 1;
+		ret = (kr1->request_class < kr2->request_class) ? -1 : 1;
 	}
-	else
+	else if (kr1->request_type != kr2->request_type)
 	{
-		ret = memcmp((const void*)kr1->record_data, (const void*)kr2->record_data, kr1->record_length);
+		ret = (kr1->request_type < kr2->request_type) ? -1 : 1;
+	}
+	else if (kr1->name_len != kr2->name_len)
+	{
+		ret = (kr1->name_len < kr2->name_len) ? -1 : 1;
+	}
+	else if (kr1->record_len != kr2->record_len)
+	{
+		ret = (kr1->record_len < kr2->record_len) ? -1 : 1;
+	}
+	else if ((ret = memcmp((void*)kr1->name, (void*)kr2->name, kr2->name_len)) == 0)
+	{
+		ret = memcmp((const void*)kr1->record_data, (const void*)kr2->record_data, kr1->record_len);
 	}
 
 	return ret;
@@ -146,14 +156,181 @@ static int mdns_cmp_continuous_queries_by_name_rrtype(const void * nqnr1, const
 	return ret;
 }
 
+
+/*
+* Create the two required multicast sockets
+*/
+static int mdns_open_ipv4_multicast()
+{
+	getdns_return_t ret = 0;
+	SOCKET fd4 = -1;
+	SOCKADDR_IN ipv4_dest;
+	SOCKADDR_IN ipv4_port;
+	uint8_t so_reuse_bool = 1;
+	uint8_t ttl = 255;
+	IP_MREQ mreq4;
+
+	memset(&ipv4_dest, 0, sizeof(ipv4_dest));
+	memset(&ipv4_port, 0, sizeof(ipv4_dest));
+	ipv4_dest.sin_family = AF_INET;
+	ipv4_dest.sin_port = htons(MDNS_MCAST_PORT);
+	ipv4_dest.sin_addr.S_un.S_addr = htonl(MDNS_MCAST_IPV4_LONG);
+	ipv4_port.sin_family = AF_INET;
+	ipv4_port.sin_port = htons(MDNS_MCAST_PORT);
+
+
+	fd4 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+
+	if (fd4 != -1)
+	{
+		/*
+		 * No need to test the output of the so_reuse call,
+		 * since the only result that matters is that of bind.
+		 */
+		(void)setsockopt(fd4, SOL_SOCKET, SO_REUSEADDR
+			, (const char*)&so_reuse_bool, (int) sizeof(BOOL));
+
+		if (bind(fd4, (SOCKADDR*)&ipv4_port, sizeof(ipv4_port)) != 0)
+		{
+			ret = -1;
+		}
+		else
+		{
+			mreq4.imr_multiaddr = ipv4_dest.sin_addr;
+			mreq4.imr_interface = ipv4_port.sin_addr;
+
+			if (setsockopt(fd4, IPPROTO_IP, IP_ADD_MEMBERSHIP
+				, (const char*)&mreq4, (int) sizeof(mreq4)) != 0)
+			{
+				ret = -1;
+			}
+			else if (setsockopt(fd4, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(ttl)) != 0)
+			{
+				ret = -1;
+			}
+		}
+	}
+
+	if (ret != 0 && fd4 != -1)
+	{
+#ifdef USE_WINSOCK
+			closesocket(fd4);
+#else
+			close(fd4);
+#endif
+			fd4 = -1;
+	}
+
+	return fd4;
+}
+
+static int mdns_open_ipv6_multicast()
+{
+	getdns_return_t ret = 0;
+	SOCKET fd6 = -1;
+	SOCKADDR_IN6 ipv6_dest;
+	SOCKADDR_IN6 ipv6_port;
+	uint8_t so_reuse_bool = 1;
+	uint8_t ttl = 255;
+	IPV6_MREQ mreq6;
+
+	memset(&ipv6_dest, 0, sizeof(ipv6_dest));
+	memset(&ipv6_port, 0, sizeof(ipv6_dest));
+	ipv6_dest.sin6_family = AF_INET6;
+	ipv6_dest.sin6_port = htons(MDNS_MCAST_PORT);
+	ipv6_port.sin6_family = AF_INET6;
+	ipv6_port.sin6_port = htons(MDNS_MCAST_PORT);
+	memcpy(&ipv6_dest.sin6_addr
+		, mdns_mcast_ipv6, sizeof(mdns_mcast_ipv6));
+
+
+	fd6 = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
+
+	if (fd6 != -1)
+	{
+		/*
+		* No need to test the output of the so_reuse call,
+		* since the only result that matters is that of bind.
+		*/
+		(void)setsockopt(fd6, SOL_SOCKET, SO_REUSEADDR
+			, (const char*)&so_reuse_bool, (int) sizeof(BOOL));
+
+		if (bind(fd6, (SOCKADDR*)&ipv6_port, sizeof(ipv6_port)) != 0)
+		{
+			ret = -1;
+		}
+		else
+		{
+			memcpy(&mreq6.ipv6mr_multiaddr
+				, &ipv6_dest.sin6_addr, sizeof(mreq6.ipv6mr_multiaddr));
+			memcpy(&mreq6.ipv6mr_interface
+				, &ipv6_port.sin6_addr, sizeof(mreq6.ipv6mr_interface));
+
+			if (setsockopt(fd6, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP
+				, (const char*)&mreq6, (int) sizeof(mreq6)) != 0)
+			{
+				ret = -1;
+			}
+			else if (setsockopt(fd6, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &ttl, sizeof(ttl)) != 0)
+			{
+				ret = -1;
+			}
+		}
+	}
+
+	if (ret != 0 && fd6 != -1)
+	{
+#ifdef USE_WINSOCK
+		closesocket(fd6);
+#else
+		close(fd6);
+#endif
+		fd6 = -1;
+	}
+
+	return fd6;
+}
+
+/*
+ * Delayed opening of the MDNS sockets, and launch of the MDNS listeners
+ */
+static getdns_return_t mdns_delayed_network_init(struct getdns_context *context)
+{
+	getdns_return_t ret = 0;
+
+	if (context->mdns_extended_support == 2)
+	{
+		context->mdns_fdv4 = mdns_open_ipv4_multicast();
+		context->mdns_fdv6 = mdns_open_ipv6_multicast();
+
+		if (context->mdns_fdv4 == -1 || context->mdns_fdv6 == -1)
+		{
+			if (context->mdns_fdv4 != -1)
+#ifdef USE_WINSOCK
+				closesocket(context->mdns_fdv4);
+#else
+				close(context->mdns_fdv4);
+#endif
+			ret = GETDNS_RETURN_GENERIC_ERROR;
+		}
+		else
+		{
+			/* TODO: launch the receive loops */
+		}
+	}
+
+	return ret;
+}
+
 /*
  * Initialize a continuous query from netreq
  */
-static int mdns_initialize_continuous_request(getdns_network_req *netreq)
+static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *netreq)
 {
 	int ret = 0;
 	getdns_mdns_continuous_query temp_query, *continuous_query, *inserted_query;
 	getdns_dns_req *dnsreq = netreq->owner;
+	struct getdns_context *context = dnsreq->context;
 	/*
 	 * Fill the target request, but only initialize name and request_type
 	 */
@@ -168,27 +345,30 @@ static int mdns_initialize_continuous_request(getdns_network_req *netreq)
 	 * TODO: should lock the context object when doing that.
 	 */
 	continuous_query = (getdns_mdns_continuous_query *)
-		_getdns_rbtree_search(&dnsreq->context->mdns_continuous_queries_by_name_rrtype, &temp_query);
+		_getdns_rbtree_search(&context->mdns_continuous_queries_by_name_rrtype, &temp_query);
 	if (continuous_query == NULL)
 	{
 		continuous_query = (getdns_mdns_continuous_query *)
-			GETDNS_MALLOC(dnsreq->context->mf, getdns_mdns_continuous_query);
+			GETDNS_MALLOC(context->mf, getdns_mdns_continuous_query);
 		if (continuous_query != NULL)
 		{
+			continuous_query->node.parent = NULL;
+			continuous_query->node.left = NULL;
+			continuous_query->node.right = NULL;
+			continuous_query->node.key = (void*)continuous_query;
 			continuous_query->request_class = temp_query.request_class;
 			continuous_query->request_type = temp_query.request_type;
 			continuous_query->name_len = temp_query.name_len;
 			memcpy(continuous_query->name, temp_query.name, temp_query.name_len);
-			_getdns_rbtree_init(&continuous_query->known_records_by_value, mdns_cmp_known_records);
-			/* Tracking of network requests on this socket */
-			_getdns_rbtree_init(&continuous_query->netreq_by_query_id, mdns_cmp_netreq_by_query_id);
+			continuous_query->netreq_first = NULL;
 			/* Add the new continuous query to the context */
-			inserted_query = _getdns_rbtree_insert(&dnsreq->context->mdns_continuous_queries_by_name_rrtype,
-				continuous_query);
+			inserted_query = (getdns_mdns_continuous_query *)
+				_getdns_rbtree_insert(&context->mdns_continuous_queries_by_name_rrtype,
+				&continuous_query->node);
 			if (inserted_query == NULL)
 			{
 				/* Weird. This can only happen in a race condition */
-				GETDNS_FREE(dnsreq->context->mf, continuous_query);
+				GETDNS_FREE(context->mf, &continuous_query);
 				ret = GETDNS_RETURN_GENERIC_ERROR;
 			}
 		}
@@ -197,12 +377,42 @@ static int mdns_initialize_continuous_request(getdns_network_req *netreq)
 			ret = GETDNS_RETURN_MEMORY_ERROR;
 		}
 	}
-	/* To do: insert netreq into query list */
+	/* insert netreq into query list */
+	netreq->mdns_netreq_next = continuous_query->netreq_first;
+	continuous_query->netreq_first = netreq;
+
 	/* to do: queue message request to socket */
 
 	return ret;
 }
 
+/*
+ * Initialize the MDNS part of the context structure.
+ */
+void _getdns_mdns_context_init(struct getdns_context *context)
+{
+
+	context->mdns_extended_support = 2; /* 0 = no support, 1 = supported, 2 = initialization needed */
+	context->mdns_fdv4 = -1; /* invalid socket, i.e. not initialized */
+	context->mdns_fdv6 = -1; /* invalid socket, i.e. not initialized */
+	_getdns_rbtree_init(&context->mdns_continuous_queries_by_name_rrtype
+		, mdns_cmp_continuous_queries_by_name_rrtype);
+	_getdns_rbtree_init(&context->mdns_known_records_by_value
+		, mdns_cmp_known_records);
+}
+
+/*
+ * Delete all the data allocated for MDNS in a context
+ */
+void _getdns_mdns_context_destroy(struct getdns_context *context)
+{
+	/* Close the sockets */
+
+	/* Clear all the continuous queries */
+
+	/* Clear all the cached records */
+}
+
 /* TODO: actualy delete what is required.. */
 static void
 mdns_cleanup(getdns_network_req *netreq)
@@ -212,8 +422,6 @@ mdns_cleanup(getdns_network_req *netreq)
 	getdns_dns_req *dnsreq = netreq->owner;
 
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
-
-	GETDNS_NULL_FREE(dnsreq->context->mf, netreq->tcp.read_buf);
 }
 
 void
diff --git a/src/mdns.h b/src/mdns.h
index 4a85602c..b2ac131b 100644
--- a/src/mdns.h
+++ b/src/mdns.h
@@ -37,26 +37,36 @@ _getdns_mdns_namespace_check(getdns_dns_req *dnsreq);
 
 typedef struct getdns_mdns_known_record
 {
-	uint32_t ttl; /* todo: should this be an expiration date? */
+	/* For storage in context->mdns_known_records_by_value */
+	_getdns_rbnode_t node;
+	uint64_t insertion_microsec;
+	uint16_t request_type;
+	uint16_t request_class;
+	uint32_t ttl;
+	int name_len;
+	int record_len;
+	uint8_t* name;
 	uint8_t * record_data;
-	int record_length;
 } getdns_mdns_known_record;
 
 typedef struct getdns_mdns_continuous_query
 {
+	/* For storage in context->mdns_continuous_queries_by_name_rrtype */
+	_getdns_rbnode_t node;
 	uint8_t name[256]; /* binary representation of name being queried */
 	int name_len;
 	uint16_t request_class;
 	uint16_t request_type;
-	/* list of known records */
-	_getdns_rbtree_t known_records_by_value;
 	/* list of user queries */
-	_getdns_rbtree_t netreq_by_query_id;
+	getdns_network_req *netreq_first;
 	/* todo: do we need an expiration date, or a timer? */
 	/* todo: do we need an update mark for showing last results? */
 } getdns_mdns_continuous_query;
 
 
+void _getdns_mdns_context_init(struct getdns_context *context);
+void _getdns_mdns_context_destroy(struct getdns_context *context);
+
 #endif /* HAVE_MDNS_SUPPORT */
 
 #endif /* MDNS_H */
diff --git a/src/server.c b/src/server.c
index 968564e8..91553725 100644
--- a/src/server.c
+++ b/src/server.c
@@ -135,7 +135,11 @@ static void tcp_connection_destroy(tcp_connection *conn)
 		loop->vmt->clear(loop, &conn->event);
 
 	if (conn->fd >= 0)
+#ifdef USE_WINSOCK
+		(void) closesocket(conn->fd);
+#else
 		(void) close(conn->fd);
+#endif
 	GETDNS_FREE(*mf, conn->read_buf);
 
 	for (cur = conn->to_write; cur; cur = next) {
@@ -185,8 +189,8 @@ static void tcp_write_cb(void *userarg)
 	}
 	to_write = conn->to_write;
 	if (conn->fd == -1 || 
-	    (written = write(conn->fd, &to_write->write_buf[to_write->written],
-	    to_write->write_buf_len - to_write->written)) == -1) {
+	    (written = send(conn->fd, &to_write->write_buf[to_write->written],
+	    to_write->write_buf_len - to_write->written, 0)) == -1) {
 
 		/* IO error, close connection */
 		conn->event.read_cb = conn->event.write_cb =
@@ -280,7 +284,11 @@ getdns_reply(
 		    (struct sockaddr *)&conn->remote_in, conn->addrlen) == -1) {
 			/* IO error, cleanup this listener */
 			loop->vmt->clear(loop, &conn->l->event);
+#ifdef USE_WINSOCK
+			closesocket(conn->l->fd);
+#else
 			close(conn->l->fd);
+#endif
 			conn->l->fd = -1;
 		}
 		/* Unlink this connection */
@@ -359,7 +367,7 @@ static void tcp_read_cb(void *userarg)
 	(void) loop->vmt->schedule(loop, conn->fd,
 	    DOWNSTREAM_IDLE_TIMEOUT, &conn->event);
 
-	if ((bytes_read = read(conn->fd, conn->read_pos, conn->to_read)) < 0) {
+	if ((bytes_read = recv(conn->fd, conn->read_pos, conn->to_read, 0)) < 0) {
 		if (errno == EAGAIN || errno == EWOULDBLOCK)
 			return; /* Come back to do the read later */
 
@@ -473,7 +481,11 @@ static void tcp_accept_cb(void *userarg)
 	    &conn->super.remote_in, &conn->super.addrlen)) == -1) {
 		/* IO error, cleanup this listener */
 		loop->vmt->clear(loop, &l->event);
+#ifdef USE_WINSOCK
+		closesocket(l->fd);
+#else
 		close(l->fd);
+#endif
 		l->fd = -1;
 		GETDNS_FREE(*mf, conn);
 		return;
@@ -543,7 +555,11 @@ static void udp_read_cb(void *userarg)
 	    (struct sockaddr *)&conn->remote_in, &conn->addrlen)) == -1) {
 		/* IO error, cleanup this listener. */
 		loop->vmt->clear(loop, &l->event);
+#ifdef USE_WINSOCK
+		closesocket(l->fd);
+#else
 		close(l->fd);
+#endif
 		l->fd = -1;
 
 #if 0 && defined(SERVER_DEBUG) && SERVER_DEBUG
diff --git a/src/types-internal.h b/src/types-internal.h
index 2ac85581..162762e4 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -183,7 +183,6 @@ typedef struct getdns_tcp_state {
 
 } getdns_tcp_state;
 
-
 /**
  * Request data
  **/
@@ -191,6 +190,15 @@ typedef struct getdns_network_req
 {
 	/* For storage in upstream->netreq_by_query_id */
 	_getdns_rbnode_t node;
+#ifdef HAVE_MDNS_SUPPORT
+	/*
+	 * for storage in continuous query context. We never
+	 * expect much more than one query per msdn context,
+	 * so no need for RB Tree.
+	 */
+	struct getdns_network_req * mdns_netreq_next;
+	struct getdns_mdns_continuous_query * mdns_continuous_query;
+#endif /* HAVE_MDNS_SUPPORT */
 	/* the async_id from unbound */
 	int unbound_id;
 	/* state var */

From 2b9987014d60e3e86b15c5321412b90beac13c59 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 1 Feb 2017 21:41:27 +0100
Subject: [PATCH 117/249] Special _vfixed gbuffer property

For snprintf style buffers which position can go beyond capacity
---
 src/context.c          |  4 ++--
 src/convert.c          |  8 ++++----
 src/dict.c             |  8 ++++----
 src/gldns/gbuffer.c    | 15 ++++++++++++++-
 src/gldns/gbuffer.h    | 43 ++++++++++++++++++++++++++++++++----------
 src/request-internal.c |  2 +-
 src/util-internal.c    |  4 ++--
 7 files changed, 60 insertions(+), 24 deletions(-)

diff --git a/src/context.c b/src/context.c
index c4f5d0f7..88eb0e4d 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1354,7 +1354,7 @@ getdns_context_create_with_extended_memory_functions(
 	result->suffixes = no_suffixes;
 	result->suffixes_len = sizeof(no_suffixes);
 
-	gldns_buffer_init_frm_data(&gbuf, result->trust_anchors_spc
+	gldns_buffer_init_frm_data_v(&gbuf, result->trust_anchors_spc
 	                                , sizeof(result->trust_anchors_spc));
 
 	if (!_getdns_parse_ta_file(NULL, &gbuf)) {
@@ -2333,7 +2333,7 @@ getdns_context_set_suffix(getdns_context *context, getdns_list *value)
 		context->suffixes_len = sizeof(no_suffixes);
 		return GETDNS_RETURN_GOOD;
 	}
-	gldns_buffer_init_frm_data(&gbuf, buf_spc, sizeof(buf_spc));
+	gldns_buffer_init_frm_data_v(&gbuf, buf_spc, sizeof(buf_spc));
 	for (;;) {
 		for ( i = 0
 		    ; !(r = getdns_list_get_bindata(value, i, &bindata))
diff --git a/src/convert.c b/src/convert.c
index 5e2c2684..df2ff0e5 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -297,7 +297,7 @@ getdns_rr_dict2wire_scan(
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
 
-	gldns_buffer_init_frm_data(&gbuf, *wire, *wire_sz);
+	gldns_buffer_init_frm_data_v(&gbuf, *wire, *wire_sz);
 	if ((r = _getdns_rr_dict2wire(rr_dict, &gbuf)))
 		return r;
 
@@ -447,7 +447,7 @@ getdns_rr_dict2str_scan(
 	if (!rr_dict || !str || !*str || !str_len)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	gldns_buffer_init_frm_data(&gbuf, buf, sizeof(buf_spc));
+	gldns_buffer_init_frm_data_v(&gbuf, buf, sizeof(buf_spc));
 	r = _getdns_rr_dict2wire(rr_dict, &gbuf);
 	if (gldns_buffer_position(&gbuf) > sizeof(buf_spc)) {
 		if (!(buf = GETDNS_XMALLOC(
@@ -960,7 +960,7 @@ getdns_msg_dict2wire_scan(
 	if (!msg_dict || !wire || !wire_sz || (!*wire && *wire_sz))
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	gldns_buffer_init_frm_data(&gbuf, *wire, *wire_sz);
+	gldns_buffer_init_frm_data_v(&gbuf, *wire, *wire_sz);
 	if ((r = _getdns_msg_dict2wire_buf(msg_dict, &gbuf)))
 		return r;
 
@@ -1036,7 +1036,7 @@ getdns_msg_dict2str_scan(
 	if (!msg_dict || !str || !*str || !str_len)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	gldns_buffer_init_frm_data(&gbuf, buf, sizeof(buf_spc));
+	gldns_buffer_init_frm_data_v(&gbuf, buf, sizeof(buf_spc));
 	r = _getdns_msg_dict2wire_buf(msg_dict, &gbuf);
 	if (gldns_buffer_position(&gbuf) > sizeof(buf_spc)) {
 		if (!(buf = GETDNS_XMALLOC(
diff --git a/src/dict.c b/src/dict.c
index eba1a728..70fa3836 100644
--- a/src/dict.c
+++ b/src/dict.c
@@ -1186,7 +1186,7 @@ getdns_pretty_snprint_dict(char *str, size_t size, const getdns_dict *dict)
 
 	if (!dict) return -1;
 
-	gldns_buffer_init_frm_data(&buf, str, size);
+	gldns_buffer_init_frm_data_v(&buf, str, size);
 	return getdns_pp_dict(&buf, 0, dict, 0) < 0
 	     ? -1 : (int)gldns_buffer_position(&buf);
 }
@@ -1220,7 +1220,7 @@ getdns_pretty_snprint_list(char *str, size_t size, const getdns_list *list)
 
 	if (!list) return -1;
 
-	gldns_buffer_init_frm_data(&buf, str, size);
+	gldns_buffer_init_frm_data_v(&buf, str, size);
 	return getdns_pp_list(&buf, 0, list, 0, 0) < 0
 	     ? -1 : (int)gldns_buffer_position(&buf);
 }
@@ -1255,7 +1255,7 @@ getdns_snprint_json_dict(
 
 	if (!dict) return -1;
 
-	gldns_buffer_init_frm_data(&buf, str, size);
+	gldns_buffer_init_frm_data_v(&buf, str, size);
 	return getdns_pp_dict(&buf, 0, dict, pretty ? 1 : 2) < 0
 	     ? -1 : (int)gldns_buffer_position(&buf);
 }
@@ -1290,7 +1290,7 @@ getdns_snprint_json_list(
 
 	if (!list) return -1;
 
-	gldns_buffer_init_frm_data(&buf, str, size);
+	gldns_buffer_init_frm_data_v(&buf, str, size);
 	return getdns_pp_list(&buf, 0, list, 0, pretty ? 1 : 2) < 0
 	     ? -1 : (int)gldns_buffer_position(&buf);
 }
diff --git a/src/gldns/gbuffer.c b/src/gldns/gbuffer.c
index ac70415d..cecfe480 100644
--- a/src/gldns/gbuffer.c
+++ b/src/gldns/gbuffer.c
@@ -33,6 +33,7 @@ gldns_buffer_new(size_t capacity)
 	buffer->_position = 0;
 	buffer->_limit = buffer->_capacity = capacity;
 	buffer->_fixed = 0;
+	buffer->_vfixed = 0;
 	buffer->_status_err = 0;
 	
 	gldns_buffer_invariant(buffer);
@@ -48,6 +49,7 @@ gldns_buffer_new_frm_data(gldns_buffer *buffer, void *data, size_t size)
 	buffer->_position = 0; 
 	buffer->_limit = buffer->_capacity = size;
 	buffer->_fixed = 0;
+	buffer->_vfixed = 0;
 	buffer->_data = malloc(size);
 	if(!buffer->_data) {
 		buffer->_status_err = 1;
@@ -66,6 +68,17 @@ gldns_buffer_init_frm_data(gldns_buffer *buffer, void *data, size_t size)
 	buffer->_data = data;
 	buffer->_capacity = buffer->_limit = size;
 	buffer->_fixed = 1;
+	buffer->_vfixed = 0;
+}
+
+void
+gldns_buffer_init_frm_data_v(gldns_buffer *buffer, void *data, size_t size)
+{
+	memset(buffer, 0, sizeof(*buffer));
+	buffer->_data = data;
+	buffer->_capacity = buffer->_limit = size;
+	buffer->_fixed = 1;
+	buffer->_vfixed = 1;
 }
 
 int
@@ -126,7 +139,7 @@ gldns_buffer_printf(gldns_buffer *buffer, const char *format, ...)
 		if (written == -1) {
 			buffer->_status_err = 1;
 			return -1;
-		} else if (!buffer->_fixed && (size_t) written >= remaining) {
+		} else if (!buffer->_vfixed && (size_t) written >= remaining) {
 			if (!gldns_buffer_reserve(buffer, (size_t) written + 1)) {
 				buffer->_status_err = 1;
 				return -1;
diff --git a/src/gldns/gbuffer.h b/src/gldns/gbuffer.h
index 2db9e250..67539424 100644
--- a/src/gldns/gbuffer.h
+++ b/src/gldns/gbuffer.h
@@ -145,6 +145,17 @@ struct gldns_buffer
 	/** If the buffer is fixed it cannot be resized */
 	unsigned _fixed : 1;
 
+	/** If the buffer is vfixed, no more than capacity bytes willl be
+	 * written to _data, however the _position counter will be updated
+	 * with the amount that would have been written in consecutive
+	 * writes.  This allows for a modus operandi in which a sequence is
+	 * written on a fixed capacity buffer (perhaps with _data on stack).
+	 * When everything could be written, then the _data is immediately
+	 * usable, if not, then a buffer could be allocated sized precisely
+	 * to fit the data for a second attempt.
+	 */
+	unsigned _vfixed : 1;
+
 	/** The current state of the buffer. If writing to the buffer fails
 	 * for any reason, this value is changed. This way, you can perform
 	 * multiple writes in sequence and check for success afterwards. */
@@ -162,9 +173,9 @@ INLINE void
 gldns_buffer_invariant(gldns_buffer *buffer)
 {
 	assert(buffer != NULL);
-	assert(buffer->_position <= buffer->_limit || buffer->_fixed);
+	assert(buffer->_position <= buffer->_limit || buffer->_vfixed);
 	assert(buffer->_limit <= buffer->_capacity);
-	assert(buffer->_data != NULL || (buffer->_capacity == 0 && buffer->_fixed));
+	assert(buffer->_data != NULL || (buffer->_capacity == 0 && buffer->_vfixed));
 }
 #endif
 
@@ -196,6 +207,17 @@ void gldns_buffer_new_frm_data(gldns_buffer *buffer, void *data, size_t size);
  */
 void gldns_buffer_init_frm_data(gldns_buffer *buffer, void *data, size_t size);
 
+/**
+ * Setup a buffer with the data pointed to. No data copied, no memory allocs.
+ * The buffer is fixed.  Writes beyond size (the capacity) will update the 
+ * position (and not write data.  This allows to determine how big the buffer
+ * should have been to contain all the written data.
+ * \param[in] buffer pointer to the buffer to put the data in
+ * \param[in] data the data to encapsulate in the buffer
+ * \param[in] size the size of the data
+ */
+void gldns_buffer_init_frm_data_v(gldns_buffer *buffer, void *data, size_t size);
+
 /**
  * clears the buffer and make it ready for writing.  The buffer's limit
  * is set to the capacity and the position is set to 0.
@@ -259,7 +281,7 @@ gldns_buffer_position(gldns_buffer *buffer)
 INLINE void
 gldns_buffer_set_position(gldns_buffer *buffer, size_t mark)
 {
-	assert(mark <= buffer->_limit || buffer->_fixed);
+	assert(mark <= buffer->_limit || buffer->_vfixed);
 	buffer->_position = mark;
 }
 
@@ -273,7 +295,7 @@ gldns_buffer_set_position(gldns_buffer *buffer, size_t mark)
 INLINE void
 gldns_buffer_skip(gldns_buffer *buffer, ssize_t count)
 {
-	assert(buffer->_position + count <= buffer->_limit || buffer->_fixed);
+	assert(buffer->_position + count <= buffer->_limit || buffer->_vfixed);
 	buffer->_position += count;
 }
 
@@ -345,7 +367,7 @@ int gldns_buffer_reserve(gldns_buffer *buffer, size_t amount);
 INLINE uint8_t *
 gldns_buffer_at(const gldns_buffer *buffer, size_t at)
 {
-	assert(at <= buffer->_limit || buffer->_fixed);
+	assert(at <= buffer->_limit || buffer->_vfixed);
 	return buffer->_data + at;
 }
 
@@ -395,6 +417,7 @@ INLINE size_t
 gldns_buffer_remaining_at(gldns_buffer *buffer, size_t at)
 {
 	gldns_buffer_invariant(buffer);
+	assert(at <= buffer->_limit || buffer->_vfixed);
 	return at < buffer->_limit ? buffer->_limit - at : 0;
 }
 
@@ -447,7 +470,7 @@ gldns_buffer_available(gldns_buffer *buffer, size_t count)
 INLINE void
 gldns_buffer_write_at(gldns_buffer *buffer, size_t at, const void *data, size_t count)
 {
-	if (!buffer->_fixed)
+	if (!buffer->_vfixed)
 		assert(gldns_buffer_available_at(buffer, at, count));
 	else if (gldns_buffer_remaining_at(buffer, at) == 0)
 		return;
@@ -504,7 +527,7 @@ gldns_buffer_write_string(gldns_buffer *buffer, const char *str)
 INLINE void
 gldns_buffer_write_u8_at(gldns_buffer *buffer, size_t at, uint8_t data)
 {
-	if (buffer->_fixed && at + sizeof(data) > buffer->_limit) return;
+	if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return;
 	assert(gldns_buffer_available_at(buffer, at, sizeof(data)));
 	buffer->_data[at] = data;
 }
@@ -530,7 +553,7 @@ gldns_buffer_write_u8(gldns_buffer *buffer, uint8_t data)
 INLINE void
 gldns_buffer_write_u16_at(gldns_buffer *buffer, size_t at, uint16_t data)
 {
-	if (buffer->_fixed && at + sizeof(data) > buffer->_limit) return;
+	if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return;
 	assert(gldns_buffer_available_at(buffer, at, sizeof(data)));
 	gldns_write_uint16(buffer->_data + at, data);
 }
@@ -556,7 +579,7 @@ gldns_buffer_write_u16(gldns_buffer *buffer, uint16_t data)
 INLINE void
 gldns_buffer_write_u32_at(gldns_buffer *buffer, size_t at, uint32_t data)
 {
-	if (buffer->_fixed && at + sizeof(data) > buffer->_limit) return;
+	if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return;
 	assert(gldns_buffer_available_at(buffer, at, sizeof(data)));
 	gldns_write_uint32(buffer->_data + at, data);
 }
@@ -570,7 +593,7 @@ gldns_buffer_write_u32_at(gldns_buffer *buffer, size_t at, uint32_t data)
 INLINE void
 gldns_buffer_write_u48_at(gldns_buffer *buffer, size_t at, uint64_t data)
 {
-	if (buffer->_fixed && at + 6 > buffer->_limit) return;
+	if (buffer->_vfixed && at + 6 > buffer->_limit) return;
 	assert(gldns_buffer_available_at(buffer, at, 6));
 	gldns_write_uint48(buffer->_data + at, data);
 }
diff --git a/src/request-internal.c b/src/request-internal.c
index 37ba93b4..7b8af65a 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -383,7 +383,7 @@ _getdns_network_req_add_tsig(getdns_network_req *req)
 #endif
 	tsig_info = _getdns_get_tsig_info(upstream->tsig_alg);
 
-	gldns_buffer_init_frm_data(&gbuf, req->response, MAXIMUM_TSIG_SPACE);
+	gldns_buffer_init_frm_data_v(&gbuf, req->response, MAXIMUM_TSIG_SPACE);
 	gldns_buffer_write(&gbuf,
 	    upstream->tsig_dname, upstream->tsig_dname_len);	/* Name */
 	gldns_buffer_write_u16(&gbuf, GETDNS_RRCLASS_ANY);	/* Class */
diff --git a/src/util-internal.c b/src/util-internal.c
index c25cf5ce..2bbad80d 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -1510,7 +1510,7 @@ uint8_t *_getdns_list2wire(
 	gldns_buffer gbuf;
 	size_t sz;
 
-	gldns_buffer_init_frm_data(&gbuf, buf, *buf_len);
+	gldns_buffer_init_frm_data_v(&gbuf, buf, *buf_len);
 	_getdns_list2wire_buf(&gbuf, l);
 
 	if ((sz = gldns_buffer_position(&gbuf)) <= *buf_len) {
@@ -1531,7 +1531,7 @@ uint8_t *_getdns_reply2wire(
 	gldns_buffer gbuf;
 	size_t sz;
 
-	gldns_buffer_init_frm_data(&gbuf, buf, *buf_len);
+	gldns_buffer_init_frm_data_v(&gbuf, buf, *buf_len);
 	_getdns_reply2wire_buf(&gbuf, r);
 
 	if ((sz = gldns_buffer_position(&gbuf)) <= *buf_len) {

From 60443fb7fd482c696d624dbde6477b25987af444 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 13 Feb 2017 11:56:25 +0100
Subject: [PATCH 118/249] Choice of poll or select based default event loop

---
 configure.ac                                  |  27 +-
 src/Makefile.in                               |   8 +-
 src/extension/default_eventloop.h             |  36 +--
 .../{default_eventloop.c => poll_eventloop.c} | 141 ++++----
 src/extension/poll_eventloop.h                |  60 ++++
 src/extension/select_eventloop.c              | 300 ++++++++++++++++++
 src/extension/select_eventloop.h              |  58 ++++
 7 files changed, 538 insertions(+), 92 deletions(-)
 rename src/extension/{default_eventloop.c => poll_eventloop.c} (72%)
 create mode 100644 src/extension/poll_eventloop.h
 create mode 100644 src/extension/select_eventloop.c
 create mode 100644 src/extension/select_eventloop.h

diff --git a/configure.ac b/configure.ac
index f3b35c98..74709630 100644
--- a/configure.ac
+++ b/configure.ac
@@ -214,6 +214,31 @@ case "$enable_debug_keep_connections_open" in
 		;;
 esac
 
+
+DEFAULT_EVENTLOOP=select_eventloop
+AC_CHECK_HEADERS([sys/poll.h poll.h sys/resource.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_FUNCS([getrlimit])
+AC_ARG_ENABLE(poll-eventloop, AC_HELP_STRING([--disable-poll-eventloop], [Disable default eventloop based on poll (default=enabled if available)]))
+case "$enable_poll_eventloop" in
+	no)
+		;;
+	yes|*)
+AC_MSG_CHECKING(for poll)
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
+#ifdef HAVE_SYS_POLL_H
+#include <sys/poll.h>
+#else
+#include <poll.h>
+#endif
+], [int rc; rc = poll((struct pollfd *)(0), 0, 0);])], [
+AC_MSG_RESULT(yes)
+AC_DEFINE_UNQUOTED([USE_POLL_DEFAULT_EVENTLOOP], [1], [Define this to enable a default eventloop based on poll().])
+DEFAULT_EVENTLOOP=poll_eventloop
+],[AC_MSG_RESULT(no)])
+		;;
+esac
+AC_SUBST(DEFAULT_EVENTLOOP)
+
 AC_ARG_ENABLE(tcp-fastopen, AC_HELP_STRING([--disable-tcp-fastopen], Disable TCP Fast Open (default=enabled if available)),
     enable_tcp_fastopen="$enableval", enable_tcp_fastopen=yes)
 if test "x$enable_tcp_fastopen" = xno; then
@@ -1076,8 +1101,6 @@ if test "$ac_cv_func_arc4random" = "no"; then
 	])
 fi
 
-AC_DEFINE(USE_MINI_EVENT, 1, [Needed for sync stub resolver functions])
-
 AC_TYPE_SIGNAL
 
 case `uname` in
diff --git a/src/Makefile.in b/src/Makefile.in
index bcd858e2..94f1500b 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -65,6 +65,8 @@ EXTENSION_LIBUV_LDFLAGS=@EXTENSION_LIBUV_LDFLAGS@
 
 C99COMPATFLAGS=@C99COMPATFLAGS@
 
+DEFAULT_EVENTLOOP_OBJ=@DEFAULT_EVENTLOOP@.lo
+
 GETDNS_OBJ=const-info.lo convert.lo dict.lo dnssec.lo general.lo \
 	list.lo request-internal.lo pubkey-pinning.lo rr-dict.lo \
 	rr-iter.lo server.lo stub.lo sync.lo ub_loop.lo util-internal.lo \
@@ -81,7 +83,7 @@ UTIL_OBJ=rbtree.lo val_secalgo.lo
 
 JSMN_OBJ=jsmn.lo
 
-EXTENSION_OBJ=default_eventloop.lo libevent.lo libev.lo
+EXTENSION_OBJ=$(DEFAULT_EVENTLOOP_OBJ) libevent.lo libev.lo
 
 NON_C99_OBJS=context.lo libuv.lo
 
@@ -152,8 +154,8 @@ libgetdns_ext_ev.la: libgetdns.la libev.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libev.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libev.symbols
 
 
-libgetdns.la: $(GETDNS_OBJ) version.lo context.lo default_eventloop.lo $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ)
-	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo default_eventloop.lo $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
+libgetdns.la: $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ)
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
 
 test:	all
 	cd test && $(MAKE) $@
diff --git a/src/extension/default_eventloop.h b/src/extension/default_eventloop.h
index f4a7d2b6..7b611349 100644
--- a/src/extension/default_eventloop.h
+++ b/src/extension/default_eventloop.h
@@ -1,6 +1,6 @@
 /*
  * \file default_eventloop.h
- * @brief Build in default eventloop extension that uses select.
+ * @brief Build in default eventloop extension that uses either poll or select.
  *
  */
 /*
@@ -32,29 +32,13 @@
 #ifndef DEFAULT_EVENTLOOP_H_
 #define DEFAULT_EVENTLOOP_H_
 #include "config.h"
-#include "getdns/getdns.h"
-#include "getdns/getdns_extra.h"
-#include "util/uthash.h"
-
-/* Eventloop based on poll */
-
-typedef struct _getdns_eventloop_info {
-	int			id;
-	getdns_eventloop_event *event;
-	uint64_t                timeout_time;
-	UT_hash_handle		hh;
-} _getdns_eventloop_info;
-
-typedef struct _getdns_default_eventloop {
-	getdns_eventloop        loop;
-	unsigned int		max_fds;
-	unsigned int		max_timeouts;
-	_getdns_eventloop_info  *fd_events;
-	_getdns_eventloop_info  *timeout_events;
-} _getdns_default_eventloop;
-
-void
-_getdns_default_eventloop_init(_getdns_default_eventloop *loop);
-
+#ifdef USE_POLL_DEFAULT_EVENTLOOP
+#include "extension/poll_eventloop.h"
+#define _getdns_default_eventloop	_getdns_poll_eventloop
+#define _getdns_default_eventloop_init	_getdns_poll_eventloop_init
+#else
+#include "extension/select_eventloop.h"
+#define _getdns_default_eventloop	_getdns_select_eventloop
+#define _getdns_default_eventloop_init	_getdns_select_eventloop_init
+#endif
 #endif
-
diff --git a/src/extension/default_eventloop.c b/src/extension/poll_eventloop.c
similarity index 72%
rename from src/extension/default_eventloop.c
rename to src/extension/poll_eventloop.c
index f9c0e1b2..ede0f20a 100644
--- a/src/extension/default_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -27,15 +27,20 @@
 
 #include "config.h"
 
-#ifndef USE_WINSOCK
+#ifdef HAVE_SYS_POLL_H
+#include <sys/poll.h>
+#else
 #include <poll.h>
 #endif
+#ifdef HAVE_SYS_RESOURCE_H
 #include <sys/resource.h>
-#include "extension/default_eventloop.h"
+#endif
+#include "extension/poll_eventloop.h"
 #include "debug.h"
 #include "types-internal.h"
 
-_getdns_eventloop_info *find_event(_getdns_eventloop_info** events, int id)
+static _getdns_eventloop_info *
+find_event(_getdns_eventloop_info** events, int id)
 {
 	_getdns_eventloop_info* ev;
 
@@ -44,9 +49,10 @@ _getdns_eventloop_info *find_event(_getdns_eventloop_info** events, int id)
 	return ev;
 }
 
-void add_event(_getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
+static void
+add_event(_getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
 {
-	DEBUG_SCHED("default_eventloop: add_event with id %d\n", id);
+	DEBUG_SCHED("poll_eventloop: add_event with id %d\n", id);
 	_getdns_eventloop_info* myevent = calloc(1, sizeof(_getdns_eventloop_info));
 	myevent->event = ev->event;
 	myevent->id = id;
@@ -54,9 +60,10 @@ void add_event(_getdns_eventloop_info** events, int id, _getdns_eventloop_info*
 	HASH_ADD_INT(*events, id, myevent);
 }
 
-void delete_event(_getdns_eventloop_info** events, _getdns_eventloop_info* ev)
+static void
+delete_event(_getdns_eventloop_info** events, _getdns_eventloop_info* ev)
 {
-	DEBUG_SCHED("default_eventloop: delete_event with id %d\n", ev->id);
+	DEBUG_SCHED("poll_eventloop: delete_event with id %d\n", ev->id);
 	HASH_DEL(*events, ev);
 	free(ev);
 }
@@ -77,30 +84,33 @@ static uint64_t get_now_plus(uint64_t amount)
 }
 
 static getdns_return_t
-default_eventloop_schedule(getdns_eventloop *loop,
+poll_eventloop_schedule(getdns_eventloop *loop,
     int fd, uint64_t timeout, getdns_eventloop_event *event)
 {
-	_getdns_default_eventloop *default_loop  = (_getdns_default_eventloop *)loop;
+	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 	size_t i;
 
 	DEBUG_SCHED( "%s(loop: %p, fd: %d, timeout: %"PRIu64", event: %p, max_fds: %d)\n"
-	        , __FUNC__, (void *)loop, fd, timeout, (void *)event, default_loop->max_fds);
+	        , __FUNC__, (void *)loop, fd, timeout, (void *)event, poll_loop->max_fds);
 
 	if (!loop || !event)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	if (fd >= (int)default_loop->max_fds) {
+
+#ifdef HAVE_GETRLIMIT
+	if (fd >= (int)poll_loop->max_fds) {
 		DEBUG_SCHED( "ERROR: fd %d >= max_fds: %d!\n"
-		           , fd, default_loop->max_fds);
+		           , fd, poll_loop->max_fds);
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
+#endif
 	if (fd >= 0 && !(event->read_cb || event->write_cb)) {
 		DEBUG_SCHED("WARNING: fd event without "
 		            "read or write cb!\n");
 		fd = -1;
 	}
 	if (fd >= 0) {
-		_getdns_eventloop_info* fd_event = find_event(&default_loop->fd_events, fd);
+		_getdns_eventloop_info* fd_event = find_event(&poll_loop->fd_events, fd);
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
 		if (fd_event) {
 			if (fd_event->event == event) {
@@ -116,13 +126,13 @@ default_eventloop_schedule(getdns_eventloop *loop,
 #endif
 		/* cleanup the old event if it exists */
 		if (fd_event) {
-			delete_event(&default_loop->fd_events, fd_event);
+			delete_event(&poll_loop->fd_events, fd_event);
 		}
 		_getdns_eventloop_info fd_ev;
 		event->ev = (void *) (intptr_t) (fd + 1);
 		fd_ev.event = event;
 		fd_ev.timeout_time = get_now_plus(timeout);
-		add_event(&default_loop->fd_events, fd, &fd_ev);
+		add_event(&poll_loop->fd_events, fd, &fd_ev);
 
 		DEBUG_SCHED( "scheduled read/write at fd %d\n", fd);
 		return GETDNS_RETURN_GOOD;
@@ -139,12 +149,12 @@ default_eventloop_schedule(getdns_eventloop *loop,
 		DEBUG_SCHED("ERROR: timeout event with write_cb! Clearing.\n");
 		event->write_cb = NULL;
 	}
-	for (i = 0; i < default_loop->max_timeouts; i++) {
-		if (find_event(&default_loop->timeout_events, i) == NULL) {
+	for (i = poll_loop->timeout_id + 1; i != poll_loop->timeout_id; i++) {
+		if (find_event(&poll_loop->timeout_events, i) == NULL) {
 			_getdns_eventloop_info timeout_ev;
 			timeout_ev.event = event;
 			timeout_ev.timeout_time = get_now_plus(timeout);
-			add_event(&default_loop->timeout_events, i, &timeout_ev);
+			add_event(&poll_loop->timeout_events, i, &timeout_ev);
 			event->ev = (void *) (intptr_t) (i + 1);
 
 			DEBUG_SCHED( "scheduled timeout at slot %d\n", (int)i);
@@ -156,9 +166,9 @@ default_eventloop_schedule(getdns_eventloop *loop,
 }
 
 static getdns_return_t
-default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
+poll_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 {
-	_getdns_default_eventloop *default_loop  = (_getdns_default_eventloop *)loop;
+	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 	ssize_t i;
 
 	if (!loop || !event)
@@ -167,11 +177,15 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 	DEBUG_SCHED( "%s(loop: %p, event: %p)\n", __FUNC__, (void *)loop, (void *)event);
 
 	i = (intptr_t)event->ev - 1;
-	if (i < 0 || i > default_loop->max_fds) {
+	if (i < 0
+#ifdef HAVE_GETRLIMIT
+			|| i > poll_loop->max_fds
+#endif
+			) {
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
 	if (event->timeout_cb && !event->read_cb && !event->write_cb) {
-		_getdns_eventloop_info* timeout_event = find_event(&default_loop->timeout_events, i);
+		_getdns_eventloop_info* timeout_event = find_event(&poll_loop->timeout_events, i);
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
 		if (timeout_event && timeout_event->event != event)
 			DEBUG_SCHED( "ERROR: Different/wrong event present at "
@@ -180,10 +194,10 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 
 #endif
 		if (timeout_event) {
-			delete_event(&default_loop->timeout_events, timeout_event);
+			delete_event(&poll_loop->timeout_events, timeout_event);
 		}
 	} else {
-		_getdns_eventloop_info* fd_event = find_event(&default_loop->fd_events, i);
+		_getdns_eventloop_info* fd_event = find_event(&poll_loop->fd_events, i);
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
 		if (fd_event && fd_event->event != event)
 			DEBUG_SCHED( "ERROR: Different/wrong event present at "
@@ -191,7 +205,7 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 			           , (void *)fd_event);
 #endif
 		if (fd_event) {
-			delete_event(&default_loop->fd_events, fd_event);
+			delete_event(&poll_loop->fd_events, fd_event);
 		}
 	}
 	event->ev = NULL;
@@ -199,15 +213,15 @@ default_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 }
 
 static void
-default_eventloop_cleanup(getdns_eventloop *loop)
+poll_eventloop_cleanup(getdns_eventloop *loop)
 {
-	_getdns_default_eventloop *default_loop  = (_getdns_default_eventloop *)loop;
-	HASH_CLEAR(hh, default_loop->fd_events);
-	HASH_CLEAR(hh, default_loop->timeout_events);
+	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
+	HASH_CLEAR(hh, poll_loop->fd_events);
+	HASH_CLEAR(hh, poll_loop->timeout_events);
 }
 
 static void
-default_read_cb(int fd, getdns_eventloop_event *event)
+poll_read_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
 	(void)fd;
@@ -217,7 +231,7 @@ default_read_cb(int fd, getdns_eventloop_event *event)
 }
 
 static void
-default_write_cb(int fd, getdns_eventloop_event *event)
+poll_write_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
 	(void)fd;
@@ -227,7 +241,7 @@ default_write_cb(int fd, getdns_eventloop_event *event)
 }
 
 static void
-default_timeout_cb(int fd, getdns_eventloop_event *event)
+poll_timeout_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
 	(void)fd;
@@ -237,9 +251,9 @@ default_timeout_cb(int fd, getdns_eventloop_event *event)
 }
 
 static void
-default_eventloop_run_once(getdns_eventloop *loop, int blocking)
+poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 {
-	_getdns_default_eventloop *default_loop  = (_getdns_default_eventloop *)loop;
+	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 	_getdns_eventloop_info *s, *tmp;
 	uint64_t now, timeout = TIMEOUT_FOREVER;
 	size_t   i=0;
@@ -254,7 +268,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 
 	now = get_now_plus(0);
 
-	HASH_ITER(hh, default_loop->timeout_events, s, tmp) {
+	HASH_ITER(hh, poll_loop->timeout_events, s, tmp) {
 		if (now > s->timeout_time)
 			add_event(&timeout_timeout_cbs, s->id, s);
 		else if (s->timeout_time < timeout)
@@ -265,10 +279,10 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	HASH_ITER(hh, timeout_timeout_cbs, s, tmp) {
 		getdns_eventloop_event* event = s->event;
 		delete_event(&timeout_timeout_cbs, s);
-		default_timeout_cb(-1, event);
+		poll_timeout_cb(-1, event);
 	}
 	// first we count the number of fds that will be active
-	HASH_ITER(hh, default_loop->fd_events, s, tmp) {
+	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {
 		if (s->event->read_cb ||
 		    s->event->write_cb)
 			num_pfds++;
@@ -281,7 +295,7 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 
 	pfds = calloc(num_pfds, sizeof(struct pollfd));
 	i = 0;
-	HASH_ITER(hh, default_loop->fd_events, s, tmp) {
+	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {
 		if (s->event->read_cb) {
 			pfds[i].fd = s->id;
 			pfds[i].events |= POLLIN;
@@ -312,21 +326,21 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	now = get_now_plus(0);
 	for (i = 0; i < num_pfds; i++) {
 		int fd = pfds[i].fd;
-		_getdns_eventloop_info* fd_event = find_event(&default_loop->fd_events, fd);
+		_getdns_eventloop_info* fd_event = find_event(&poll_loop->fd_events, fd);
 		if (fd_event && fd_event->event) { 
 			getdns_eventloop_event* event = fd_event->event;
 			if (event->read_cb &&
 			    (pfds[i].revents & POLLIN))
-				default_read_cb(fd, event);
+				poll_read_cb(fd, event);
 
 			if (event->write_cb &&
 			    (pfds[i].revents & POLLOUT))
-				default_write_cb(fd, event);
+				poll_write_cb(fd, event);
 		}
 	}
 	if (pfds)
 		free(pfds);
-	HASH_ITER(hh, default_loop->fd_events, s, tmp) {
+	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {
 		if (s->event &&
 		    s->event->timeout_cb &&
 		    now > s->timeout_time)
@@ -338,9 +352,9 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		int fd = s->id;
 		getdns_eventloop_event* event = s->event;
 		delete_event(&fd_timeout_cbs, s);
-		default_timeout_cb(fd, event);
+		poll_timeout_cb(fd, event);
 	}
-	HASH_ITER(hh, default_loop->timeout_events, s, tmp) {
+	HASH_ITER(hh, poll_loop->timeout_events, s, tmp) {
 		if (s->event &&
 		    s->event->timeout_cb &&
 		    now > s->timeout_time)
@@ -351,46 +365,51 @@ default_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	HASH_ITER(hh, timeout_timeout_cbs, s, tmp) {
 		getdns_eventloop_event* event = s->event;
 		delete_event(&timeout_timeout_cbs, s);
-		default_timeout_cb(-1, event);
+		poll_timeout_cb(-1, event);
 	}
 
 }
 
 static void
-default_eventloop_run(getdns_eventloop *loop)
+poll_eventloop_run(getdns_eventloop *loop)
 {
-	_getdns_default_eventloop *default_loop  = (_getdns_default_eventloop *)loop;
+	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 
 	if (!loop)
 		return;
 
 	/* keep going until all the events are cleared */
-	while (default_loop->fd_events || default_loop->timeout_events) {
-		default_eventloop_run_once(loop, 1);
+	while (poll_loop->fd_events || poll_loop->timeout_events) {
+		poll_eventloop_run_once(loop, 1);
 	}
 }
 
 void
-_getdns_default_eventloop_init(_getdns_default_eventloop *loop)
+_getdns_poll_eventloop_init(_getdns_poll_eventloop *loop)
 {
-	static getdns_eventloop_vmt default_eventloop_vmt = {
-		default_eventloop_cleanup,
-		default_eventloop_schedule,
-		default_eventloop_clear,
-		default_eventloop_run,
-		default_eventloop_run_once
+#ifdef HAVE_GETRLIMIT
+	struct rlimit rl;
+#endif
+	static getdns_eventloop_vmt poll_eventloop_vmt = {
+		poll_eventloop_cleanup,
+		poll_eventloop_schedule,
+		poll_eventloop_clear,
+		poll_eventloop_run,
+		poll_eventloop_run_once
 	};
 
-	(void) memset(loop, 0, sizeof(_getdns_default_eventloop));
-	loop->loop.vmt = &default_eventloop_vmt;
+	(void) memset(loop, 0, sizeof(_getdns_poll_eventloop));
+	loop->loop.vmt = &poll_eventloop_vmt;
 
-	struct rlimit rl;
+#ifdef HAVE_GETRLIMIT
 	if (getrlimit(RLIMIT_NOFILE, &rl) == 0) {
 		loop->max_fds = rl.rlim_cur;
-		loop->max_timeouts = loop->max_fds; /* this is somewhat arbitrary */
 	} else {
 		DEBUG_SCHED("ERROR: could not obtain RLIMIT_NOFILE from getrlimit()\n");
+#endif
 		loop->max_fds = 0;
-		loop->max_timeouts = loop->max_fds;
+#if HAVE_GETRLIMIT
 	}
+#endif
+	loop->timeout_id = 0;
 }
diff --git a/src/extension/poll_eventloop.h b/src/extension/poll_eventloop.h
new file mode 100644
index 00000000..0c06aa4c
--- /dev/null
+++ b/src/extension/poll_eventloop.h
@@ -0,0 +1,60 @@
+/*
+ * \file poll_eventloop.h
+ * @brief Build in default eventloop extension that uses select.
+ *
+ */
+/*
+ * Copyright (c) 2013, NLNet Labs, Verisign, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef POLL_EVENTLOOP_H_
+#define POLL_EVENTLOOP_H_
+#include "config.h"
+#include "getdns/getdns.h"
+#include "getdns/getdns_extra.h"
+#include "util/uthash.h"
+
+/* Eventloop based on poll */
+
+typedef struct _getdns_eventloop_info {
+	int			id;
+	getdns_eventloop_event *event;
+	uint64_t                timeout_time;
+	UT_hash_handle		hh;
+} _getdns_eventloop_info;
+
+typedef struct _getdns_poll_eventloop {
+	getdns_eventloop        loop;
+	unsigned int		max_fds;
+	unsigned int		timeout_id;
+	_getdns_eventloop_info  *fd_events;
+	_getdns_eventloop_info  *timeout_events;
+} _getdns_poll_eventloop;
+
+void
+_getdns_poll_eventloop_init(_getdns_poll_eventloop *loop);
+
+#endif
+
diff --git a/src/extension/select_eventloop.c b/src/extension/select_eventloop.c
new file mode 100644
index 00000000..35aa64b7
--- /dev/null
+++ b/src/extension/select_eventloop.c
@@ -0,0 +1,300 @@
+/*
+ * Copyright (c) 2013, NLNet Labs, Verisign, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include "extension/select_eventloop.h"
+#include "debug.h"
+#include "types-internal.h"
+
+static uint64_t get_now_plus(uint64_t amount)
+{
+	struct timeval tv;
+	uint64_t       now;
+
+	if (gettimeofday(&tv, NULL)) {
+		perror("gettimeofday() failed");
+		exit(EXIT_FAILURE);
+	}
+	now = tv.tv_sec * 1000000 + tv.tv_usec;
+
+	return (now + amount * 1000) >= now
+	      ? now + amount * 1000 : TIMEOUT_FOREVER;
+}
+
+static getdns_return_t
+select_eventloop_schedule(getdns_eventloop *loop,
+    int fd, uint64_t timeout, getdns_eventloop_event *event)
+{
+	_getdns_select_eventloop *select_loop  = (_getdns_select_eventloop *)loop;
+	size_t i;
+
+	DEBUG_SCHED( "%s(loop: %p, fd: %d, timeout: %"PRIu64", event: %p, FD_SETSIZE: %d)\n"
+	        , __FUNC__, (void *)loop, fd, timeout, (void *)event, FD_SETSIZE);
+
+	if (!loop || !event)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (fd >= (int)FD_SETSIZE) {
+		DEBUG_SCHED( "ERROR: fd %d >= FD_SETSIZE: %d!\n"
+		           , fd, FD_SETSIZE);
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}
+	if (fd >= 0 && !(event->read_cb || event->write_cb)) {
+		DEBUG_SCHED("WARNING: fd event without "
+		            "read or write cb!\n");
+		fd = -1;
+	}
+	if (fd >= 0) {
+#if defined(SCHED_DEBUG) && SCHED_DEBUG
+		if (select_loop->fd_events[fd]) {
+			if (select_loop->fd_events[fd] == event) {
+				DEBUG_SCHED("WARNING: Event %p not cleared "
+				            "before being rescheduled!\n"
+				           , (void *)select_loop->fd_events[fd]);
+			} else {
+				DEBUG_SCHED("ERROR: A different event is "
+				            "already present at fd slot: %p!\n"
+				           , (void *)select_loop->fd_events[fd]);
+			}
+		}
+#endif
+		select_loop->fd_events[fd] = event;
+		select_loop->fd_timeout_times[fd] = get_now_plus(timeout);
+		event->ev = (void *)(intptr_t)(fd + 1);
+		DEBUG_SCHED( "scheduled read/write at %d\n", fd);
+		return GETDNS_RETURN_GOOD;
+	}
+	if (!event->timeout_cb) {
+		DEBUG_SCHED("ERROR: fd < 0 without timeout_cb!\n");
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}
+	if (event->read_cb) {
+		DEBUG_SCHED("ERROR: timeout event with read_cb! Clearing.\n");
+		event->read_cb = NULL;
+	}
+	if (event->write_cb) {
+		DEBUG_SCHED("ERROR: timeout event with write_cb! Clearing.\n");
+		event->write_cb = NULL;
+	}
+	for (i = 0; i < MAX_TIMEOUTS; i++) {
+		if (select_loop->timeout_events[i] == NULL) {
+			select_loop->timeout_events[i] = event;
+			select_loop->timeout_times[i] = get_now_plus(timeout);		
+			event->ev = (void *)(intptr_t)(i + 1);
+			DEBUG_SCHED( "scheduled timeout at %d\n", (int)i);
+			return GETDNS_RETURN_GOOD;
+		}
+	}
+	DEBUG_SCHED("ERROR: Out of timeout slots!\n");
+	return GETDNS_RETURN_GENERIC_ERROR;
+}
+
+static getdns_return_t
+select_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
+{
+	_getdns_select_eventloop *select_loop  = (_getdns_select_eventloop *)loop;
+	ssize_t i;
+
+	if (!loop || !event)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	DEBUG_SCHED( "%s(loop: %p, event: %p)\n", __FUNC__, (void *)loop, (void *)event);
+
+	i = (intptr_t)event->ev - 1;
+	if (i < 0 || i >= FD_SETSIZE) {
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}
+	if (event->timeout_cb && !event->read_cb && !event->write_cb) {
+#if defined(SCHED_DEBUG) && SCHED_DEBUG
+		if (select_loop->timeout_events[i] != event)
+			DEBUG_SCHED( "ERROR: Different/wrong event present at "
+			             "timeout slot: %p!\n"
+			           , (void *)select_loop->timeout_events[i]);
+#endif
+		select_loop->timeout_events[i] = NULL;
+	} else {
+#if defined(SCHED_DEBUG) && SCHED_DEBUG
+		if (select_loop->fd_events[i] != event)
+			DEBUG_SCHED( "ERROR: Different/wrong event present at "
+			             "fd slot: %p!\n"
+			           , (void *)select_loop->fd_events[i]);
+#endif
+		select_loop->fd_events[i] = NULL;
+	}
+	event->ev = NULL;
+	return GETDNS_RETURN_GOOD;
+}
+
+static void
+select_eventloop_cleanup(getdns_eventloop *loop)
+{
+	(void)loop;
+}
+
+static void
+select_read_cb(int fd, getdns_eventloop_event *event)
+{
+#if !defined(SCHED_DEBUG) || !SCHED_DEBUG
+	(void)fd;
+#endif
+	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
+	event->read_cb(event->userarg);
+}
+
+static void
+select_write_cb(int fd, getdns_eventloop_event *event)
+{
+#if !defined(SCHED_DEBUG) || !SCHED_DEBUG
+	(void)fd;
+#endif
+	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
+	event->write_cb(event->userarg);
+}
+
+static void
+select_timeout_cb(int fd, getdns_eventloop_event *event)
+{
+#if !defined(SCHED_DEBUG) || !SCHED_DEBUG
+	(void)fd;
+#endif
+	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
+	event->timeout_cb(event->userarg);
+}
+
+static void
+select_eventloop_run_once(getdns_eventloop *loop, int blocking)
+{
+	_getdns_select_eventloop *select_loop  = (_getdns_select_eventloop *)loop;
+
+	fd_set   readfds, writefds;
+	int      fd, max_fd = -1;
+	uint64_t now, timeout = TIMEOUT_FOREVER;
+	size_t   i;
+	struct timeval tv;
+
+	if (!loop)
+		return;
+
+	FD_ZERO(&readfds);
+	FD_ZERO(&writefds);
+	now = get_now_plus(0);
+
+	for (i = 0; i < MAX_TIMEOUTS; i++) {
+		if (!select_loop->timeout_events[i])
+			continue;
+		if (now > select_loop->timeout_times[i])
+			select_timeout_cb(-1, select_loop->timeout_events[i]);
+		else if (select_loop->timeout_times[i] < timeout)
+			timeout = select_loop->timeout_times[i];
+	}
+	for (fd = 0; fd < (int)FD_SETSIZE; fd++) {
+		if (!select_loop->fd_events[fd])
+			continue;
+		if (select_loop->fd_events[fd]->read_cb)
+			FD_SET(fd, &readfds);
+		if (select_loop->fd_events[fd]->write_cb)
+			FD_SET(fd, &writefds);
+		if (fd > max_fd)
+			max_fd = fd;
+		if (select_loop->fd_timeout_times[fd] < timeout)
+			timeout = select_loop->fd_timeout_times[fd];
+	}
+	if (max_fd == -1 && timeout == TIMEOUT_FOREVER)
+		return;
+
+	if (! blocking || now > timeout) {
+		tv.tv_sec = 0;
+		tv.tv_usec = 0;
+	} else {
+		tv.tv_sec  = (long)((timeout - now) / 1000000);
+		tv.tv_usec = (long)((timeout - now) % 1000000);
+	}
+	if (select(max_fd + 1, &readfds, &writefds, NULL,
+	    (timeout == TIMEOUT_FOREVER ? NULL : &tv)) < 0) {
+		perror("select() failed");
+		exit(EXIT_FAILURE);
+	}
+	now = get_now_plus(0);
+	for (fd = 0; fd < (int)FD_SETSIZE; fd++) {
+		if (select_loop->fd_events[fd] &&
+		    select_loop->fd_events[fd]->read_cb &&
+		    FD_ISSET(fd, &readfds))
+			select_read_cb(fd, select_loop->fd_events[fd]);
+
+		if (select_loop->fd_events[fd] &&
+		    select_loop->fd_events[fd]->write_cb &&
+		    FD_ISSET(fd, &writefds))
+			select_write_cb(fd, select_loop->fd_events[fd]);
+
+		if (select_loop->fd_events[fd] &&
+		    select_loop->fd_events[fd]->timeout_cb &&
+		    now > select_loop->fd_timeout_times[fd])
+			select_timeout_cb(fd, select_loop->fd_events[fd]);
+
+		i = fd;
+		if (select_loop->timeout_events[i] &&
+		    select_loop->timeout_events[i]->timeout_cb &&
+		    now > select_loop->timeout_times[i])
+			select_timeout_cb(-1, select_loop->timeout_events[i]);
+	}
+}
+
+static void
+select_eventloop_run(getdns_eventloop *loop)
+{
+	_getdns_select_eventloop *select_loop  = (_getdns_select_eventloop *)loop;
+	size_t        i;
+
+	if (!loop)
+		return;
+
+	i = 0;
+	while (i < MAX_TIMEOUTS) {
+		if (select_loop->fd_events[i] || select_loop->timeout_events[i]) {
+			select_eventloop_run_once(loop, 1);
+			i = 0;
+		} else {
+			i++;
+		}
+	}
+}
+
+void
+_getdns_select_eventloop_init(_getdns_select_eventloop *loop)
+{
+	static getdns_eventloop_vmt select_eventloop_vmt = {
+		select_eventloop_cleanup,
+		select_eventloop_schedule,
+		select_eventloop_clear,
+		select_eventloop_run,
+		select_eventloop_run_once
+	};
+
+	(void) memset(loop, 0, sizeof(_getdns_select_eventloop));
+	loop->loop.vmt = &select_eventloop_vmt;
+}
diff --git a/src/extension/select_eventloop.h b/src/extension/select_eventloop.h
new file mode 100644
index 00000000..40dfb549
--- /dev/null
+++ b/src/extension/select_eventloop.h
@@ -0,0 +1,58 @@
+/*
+ * \file select_eventloop.h
+ * @brief Build in default eventloop extension that uses select.
+ *
+ */
+/*
+ * Copyright (c) 2013, NLNet Labs, Verisign, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef SELECT_EVENTLOOP_H_
+#define SELECT_EVENTLOOP_H_
+#include "config.h"
+#include "getdns/getdns.h"
+#include "getdns/getdns_extra.h"
+
+/* No more than select's capability queries can be outstanding,
+ * The number of outstanding timeouts should be less or equal then
+ * the number of outstanding queries, so MAX_TIMEOUTS equal to
+ * FD_SETSIZE should be safe.
+ */
+#define MAX_TIMEOUTS FD_SETSIZE
+
+/* Eventloop based on select */
+typedef struct _getdns_select_eventloop {
+	getdns_eventloop        loop;
+	getdns_eventloop_event *fd_events[FD_SETSIZE];
+	uint64_t                fd_timeout_times[FD_SETSIZE];
+	getdns_eventloop_event *timeout_events[MAX_TIMEOUTS];
+	uint64_t                timeout_times[MAX_TIMEOUTS];
+} _getdns_select_eventloop;
+
+
+void
+_getdns_select_eventloop_init(_getdns_select_eventloop *loop);
+
+#endif

From 30e1683d2fa9128655b861a8da293ddfaca018c9 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 13 Feb 2017 12:32:10 +0100
Subject: [PATCH 119/249] Deal with windows vsnprintf in config.h

---
 configure.ac         | 27 +++++++++++++++------------
 src/gldns/gbuffer.c  |  7 +++----
 src/gldns/gbuffer.h  | 19 ++-----------------
 src/gldns/wire2str.c |  2 +-
 4 files changed, 21 insertions(+), 34 deletions(-)

diff --git a/configure.ac b/configure.ac
index f3b35c98..8ae4d4db 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1101,17 +1101,16 @@ AH_BOTTOM([
 #endif
 
 #ifdef GETDNS_ON_WINDOWS
-/* On windows it is allowed to increase the FD_SETSIZE
- * (and nescessary to make our custom eventloop work)
- * See: https://support.microsoft.com/en-us/kb/111855
- */
-#ifndef FD_SETSIZE
-#define FD_SETSIZE 1024
-#endif
-
-#define PRIsz "%Iu"
+ /* On windows it is allowed to increase the FD_SETSIZE
+  * (and nescessary to make our custom eventloop work)
+  * See: https://support.microsoft.com/en-us/kb/111855
+  */
+# ifndef FD_SETSIZE
+# define FD_SETSIZE 1024
+# endif
+# define PRIsz "%Iu"
 #else
-#define PRIsz "%zu"
+# define PRIsz "%zu"
 #endif
 
 #include <stdint.h>
@@ -1148,8 +1147,6 @@ AH_BOTTOM([
 #define FD_SET_T 
 #endif
 
-
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -1204,6 +1201,12 @@ int inet_pton(int af, const char* src, void* dst);
 const char *inet_ntop(int af, const void *src, char *dst, size_t size);
 #endif
 
+#ifdef USE_WINSOCK
+static inline int _gldns_custom_vsnprintf(char *str, size_t size, const char *format, va_list ap)
+{ int r = vsnprintf(str, size, format, ap); return r == -1 ? _vscprintf(format, ap) : r; }
+# define vsnprintf _gldns_custom_vsnprintf
+#endif
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/gldns/gbuffer.c b/src/gldns/gbuffer.c
index cecfe480..77398905 100644
--- a/src/gldns/gbuffer.c
+++ b/src/gldns/gbuffer.c
@@ -133,8 +133,8 @@ gldns_buffer_printf(gldns_buffer *buffer, const char *format, ...)
 
 		remaining = gldns_buffer_remaining(buffer);
 		va_start(args, format);
-		written = _gldns_vsnprintf((char*)gldns_buffer_current(buffer),
-		    remaining, format, args);
+		written = vsnprintf((char *) gldns_buffer_current(buffer), remaining,
+				    format, args);
 		va_end(args);
 		if (written == -1) {
 			buffer->_status_err = 1;
@@ -145,8 +145,7 @@ gldns_buffer_printf(gldns_buffer *buffer, const char *format, ...)
 				return -1;
 			}
 			va_start(args, format);
-			written = _gldns_vsnprintf(
-			    (char *) gldns_buffer_current(buffer),
+			written = vsnprintf((char *) gldns_buffer_current(buffer),
 			    gldns_buffer_remaining(buffer), format, args);
 			va_end(args);
 			if (written == -1) {
diff --git a/src/gldns/gbuffer.h b/src/gldns/gbuffer.h
index 67539424..15dca675 100644
--- a/src/gldns/gbuffer.h
+++ b/src/gldns/gbuffer.h
@@ -27,21 +27,6 @@ extern "C" {
 #  endif
 #endif
 
-#ifndef USE_WINSOCK
-#define _gldns_vsnprintf vsnprintf
-#else
-/* Unlike Linux and BSD, vsnprintf on Windows returns -1 on overflow.
- * Here it is redefined to always return the amount printed
- * if enough space had been available.
- */
-INLINE int
-_gldns_vsnprintf(char *str, size_t size, const char *format, va_list ap)
-{
-	int r = vsnprintf(str, size, format, ap);
-	return r == -1 ? _vscprintf(format, ap) : r;
-}
-#endif
-
 /*
  * Copy data allowing for unaligned accesses in network byte order
  * (big endian).
@@ -175,7 +160,7 @@ gldns_buffer_invariant(gldns_buffer *buffer)
 	assert(buffer != NULL);
 	assert(buffer->_position <= buffer->_limit || buffer->_vfixed);
 	assert(buffer->_limit <= buffer->_capacity);
-	assert(buffer->_data != NULL || (buffer->_capacity == 0 && buffer->_vfixed));
+	assert(buffer->_data != NULL || (buffer->_vfixed && buffer->_capacity == 0));
 }
 #endif
 
@@ -210,7 +195,7 @@ void gldns_buffer_init_frm_data(gldns_buffer *buffer, void *data, size_t size);
 /**
  * Setup a buffer with the data pointed to. No data copied, no memory allocs.
  * The buffer is fixed.  Writes beyond size (the capacity) will update the 
- * position (and not write data.  This allows to determine how big the buffer
+ * position (and not write data).  This allows to determine how big the buffer
  * should have been to contain all the written data.
  * \param[in] buffer pointer to the buffer to put the data in
  * \param[in] data the data to encapsulate in the buffer
diff --git a/src/gldns/wire2str.c b/src/gldns/wire2str.c
index 50d00967..2d427d86 100644
--- a/src/gldns/wire2str.c
+++ b/src/gldns/wire2str.c
@@ -279,7 +279,7 @@ int gldns_wire2str_dname_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
 
 int gldns_str_vprint(char** str, size_t* slen, const char* format, va_list args)
 {
-	int w = _gldns_vsnprintf(*str, *slen, format, args);
+	int w = vsnprintf(*str, *slen, format, args);
 	if(w < 0) {
 		/* error in printout */
 		return 0;

From 1587e2f8f5ffc9613b41b14afff336370e61ad4f Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Mon, 13 Feb 2017 18:28:46 -1000
Subject: [PATCH 120/249] Code to manage the MDNS cache using LRUHASH

---
 src/context.h |    6 +-
 src/debug.h   |    4 +
 src/mdns.c    | 1187 +++++++++++++++++++++++++++++++++++++++++++++++--
 src/mdns.h    |   41 +-
 src/server.c  |    4 +
 5 files changed, 1198 insertions(+), 44 deletions(-)

diff --git a/src/context.h b/src/context.h
index b5d2148e..2267c06e 100644
--- a/src/context.h
+++ b/src/context.h
@@ -348,10 +348,10 @@ struct getdns_context {
 	 * by name, RR type and data value.
 	 */
 	int mdns_extended_support; /* 0 = no support, 1 = supported, 2 = initialization needed */
-	int mdns_fdv4;
-	int mdns_fdv6;
+	int mdns_connection_nb; /* typically 0 or 2 for IPv4 and IPv6 */
+	struct mdns_network_connection * mdns_connection;
+	struct lruhash * mdns_cache;
 	_getdns_rbtree_t mdns_continuous_queries_by_name_rrtype;
-	_getdns_rbtree_t mdns_known_records_by_value;
 
 #endif /* HAVE_MDNS_SUPPORT */
 }; /* getdns_context */
diff --git a/src/debug.h b/src/debug.h
index c9cbe248..5299f351 100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -139,5 +139,9 @@
 #define DEBUG_MDNS(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 
+#ifndef log_info
+#define log_info(...) fprintf(stderr, __VA_ARGS__)
+#endif
+
 #endif
 /* debug.h */
diff --git a/src/mdns.c b/src/mdns.c
index 52310db0..f21bea38 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -41,6 +41,14 @@ typedef u_short sa_family_t;
 
 uint64_t _getdns_get_time_as_uintt64();
 
+#include "util/storage/lruhash.h"
+#include "util/storage/lookup3.h"
+
+#ifndef HAVE_LIBUNBOUND
+#include "util/storage/lruhash.c"
+#include "util/storage/lookup3.c"
+#endif
+
 /*
  * Constants defined in RFC 6762
  */
@@ -76,22 +84,615 @@ static uint8_t mdns_suffix_b_e_f_ip6_arpa[] = {
 	3, 'i', 'p', '6',
 	4, 'a', 'r', 'p', 'a', 0 };
 
+/*
+ * MDNS cache management using LRU Hash.
+ *
+ * Each record contains a DNS query + response, formatted as received from
+ * the network. By convention, there will be exactly one query, and
+ * a variable number of answers. Auth and AD sections will not be cached.
+ * For maintenance purpose, each recontains a last accessed time stamp.
+ *
+ * This structure works very well for classic DNS caches, but for MDNS we 
+ * have to consider processing a new record for an existing cache entry. If
+ * the record is present, its TTL should be updated. If the record is not
+ * present, it should be added to the existing data.
+ *
+ * After an update, the TTL of all the records should be updated. Some
+ * records will end up with a TTL value of zero. These records should be 
+ * deleted, using a "compression" procedure.
+ */
 
 /*
-* Compare function for the netreq_by_query_id,
-* used in the red-black tree of all netreq by continuous query.
+ * Missing LRU hash function: create only if not currently in cache,
+ * and return the created or found entry.
+ *
+ * TODO: move this to lruhash.c, once source control issues are fixed.
+ */
+static struct lruhash_entry*
+lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash,
+struct lruhash_entry* entry, void* data, void* cb_arg)
+{
+	struct lruhash_bin* bin;
+	struct lruhash_entry* found, *reclaimlist = NULL;
+	size_t need_size;
+	fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc));
+	fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
+	fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
+	fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc));
+	fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
+	need_size = table->sizefunc(entry->key, data);
+	if (cb_arg == NULL) cb_arg = table->cb_arg;
+
+	/* find bin */
+	lock_quick_lock(&table->lock);
+	bin = &table->array[hash & table->size_mask];
+	lock_quick_lock(&bin->lock);
+
+	/* see if entry exists already */
+	if ((found = bin_find_entry(table, bin, hash, entry->key)) != NULL) {
+		/* if so: keep the existing data - acquire a writelock */
+		lock_rw_wrlock(&found->lock);
+	}
+	else
+	{
+		/* if not: add to bin */
+		entry->overflow_next = bin->overflow_list;
+		bin->overflow_list = entry;
+		lru_front(table, entry);
+		table->num++;
+		table->space_used += need_size;
+		/* return the entry that was presented, and lock it */
+		found = entry;
+		lock_rw_wrlock(&found->lock);
+	}
+	lock_quick_unlock(&bin->lock);
+	if (table->space_used > table->space_max)
+		reclaim_space(table, &reclaimlist);
+	if (table->num >= table->size)
+		table_grow(table);
+	lock_quick_unlock(&table->lock);
+
+	/* finish reclaim if any (outside of critical region) */
+	while (reclaimlist) {
+		struct lruhash_entry* n = reclaimlist->overflow_next;
+		void* d = reclaimlist->data;
+		(*table->delkeyfunc)(reclaimlist->key, cb_arg);
+		(*table->deldatafunc)(d, cb_arg);
+		reclaimlist = n;
+	}
+
+	/* return the entry that was selected */
+	return found;
+}
+
+/*
+ * For the data part, we want to allocate in rounded increments, so as to reduce the
+ * number of calls to XMALLOC
+ */
+
+static uint32_t 
+mdns_util_suggest_size(uint32_t required_size)
+{
+	return (required_size <= 512) ? ((required_size <= 256) ? 256 : 512) :
+		((required_size + 1023) & 0xFFFFFC00);
+}
+
+/*
+ * Cache management utilities
+ */
+static int
+mdns_util_skip_name(uint8_t *p)
+{
+	int x = 0;
+	int l;
+
+	for (;;) {
+		l = p[x];
+		if (l == 0)
+		{
+			x++;
+			break;
+		}
+		else if (l >= 0xC0)
+		{
+			x += 2;
+			break;
+		}
+		else
+		{
+			x += l + 1;
+		}
+	}
+	return x;
+}
+
+static int
+mdns_util_skip_query(uint8_t *p)
+{
+	return mdns_util_skip_name(p) + 4;
+}
+
+/*
+ * Comparison and other functions required for cache management
+ */
+
+ /**
+ * Calculates the size of an entry.
+ *
+ * size = mdns_cache_size (key, data).
+ */
+static size_t mdns_cache_entry_size(void* vkey, void* vdata)
+{
+	size_t sz = 0;
+
+	if (vkey != NULL)
+	{
+		sz += sizeof(getdns_mdns_cached_key_header) + ((getdns_mdns_cached_key_header*)vkey)->name_len;
+	}
+
+	if (vdata != NULL)
+	{
+		sz += ((getdns_mdns_cached_record_header*)vdata)->allocated_length;
+	}
+
+	return  sz;
+}
+
+/** type of function that compares two keys. return 0 if equal. */
+static int mdns_cache_key_comp(void* vkey1, void* vkey2)
+{
+	getdns_mdns_cached_key_header *header1 = (getdns_mdns_cached_key_header*)vkey1;
+	getdns_mdns_cached_key_header *header2 = (getdns_mdns_cached_key_header*)vkey2;
+
+	return (header1->record_type == header2->record_type &&
+		header1->record_class == header2->record_class &&
+		header1->name_len == header2->name_len)
+		? memcmp(((uint8_t*)vkey1) + sizeof(getdns_mdns_cached_key_header),
+			((uint8_t*)vkey2) + sizeof(getdns_mdns_cached_key_header),
+			header1->name_len)
+		: -1;
+}
+
+/** old keys are deleted.
+* markdel() is used first.
+* This function is called: func(key, userarg)
+* the userarg is set to the context in which the LRU hash table was created
 */
-static int mdns_cmp_netreq_by_query_id(const void * id1, const void * id2)
+static void msdn_cache_delkey(void* vkey, void* vcontext)
+{
+	GETDNS_FREE(((struct getdns_context *) vcontext)->mf, vkey);
+}
+
+/** old data is deleted. This function is called: func(data, userarg). */
+static void msdn_cache_deldata(void* vdata, void* vcontext)
+{
+	GETDNS_FREE(((struct getdns_context *) vcontext)->mf, vdata);
+}
+
+/*
+ * Create a key in preallocated buffer
+ * the allocated size of key should be >= sizeof(getdns_mdns_cached_key_header) + name_len
+ */
+static void msdn_cache_create_key_in_buffer(
+	uint8_t* key, 
+	uint8_t * name, int name_len,
+	int record_type, int record_class)
+{
+	getdns_mdns_cached_key_header * header = (getdns_mdns_cached_key_header*)key;
+	header->record_type = record_type;
+	header->record_class = record_class;
+	header->name_len = name_len;
+	(void) memcpy(key + sizeof(getdns_mdns_cached_key_header), name, name_len);
+}
+
+static uint8_t * mdns_cache_create_key(
+	uint8_t * name, int name_len,
+	int record_type, int record_class,
+	struct getdns_context * context)
+{
+	uint8_t* key = GETDNS_XMALLOC(context->mf, uint8_t, sizeof(getdns_mdns_cached_key_header) + name_len);
+
+	if (key != NULL)
+	{
+		msdn_cache_create_key_in_buffer(key, name, name_len, record_type, record_class);
+	}
+
+	return key;
+}
+
+static uint8_t * mdns_cache_create_data(
+	uint8_t * name, int name_len,
+	int record_type, int record_class,
+	int record_data_len,
+	uint64_t current_time,
+	struct getdns_context * context)
+{
+	getdns_mdns_cached_record_header * header;
+	int current_index;
+	size_t data_size = sizeof(getdns_mdns_cached_record_header) + name_len + 4;
+	size_t alloc_size = mdns_util_suggest_size(data_size + record_data_len + 2 + 2 + 2 + 4 + 2);
+
+	uint8_t* data = GETDNS_XMALLOC(context->mf, uint8_t, alloc_size);
+
+	if (data != NULL)
+	{
+		header = (getdns_mdns_cached_record_header *)data;
+		header->insertion_microsec = current_time;
+		header->content_len = data_size;
+		header->allocated_length = alloc_size;
+		current_index = sizeof(getdns_mdns_cached_record_header);
+		memcpy(data + current_index, name, name_len);
+		current_index += name_len;
+		data[current_index++] = (uint8_t)(record_type >> 8);
+		data[current_index++] = (uint8_t)(record_type);
+		data[current_index++] = (uint8_t)(record_class >> 8);
+		data[current_index++] = (uint8_t)(record_class);
+	}
+
+	return data;
+}
+
+
+/*
+ * Add a record.
+ */
+static int
+mdns_add_record_to_cache_entry(struct getdns_context *context,
+	uint8_t * old_record, uint8_t ** new_record,
+	int record_type, int record_class, int ttl,
+	uint8_t * record_data, int record_data_len)
+{
+	int ret = 0;
+	getdns_mdns_cached_record_header *header = (getdns_mdns_cached_record_header*)old_record;
+	/* Compute the record length */
+	uint32_t record_length = 2 + 2 + 2 + 4 + 2 + record_data_len;
+	uint32_t current_length = header->content_len;
+	/* update the number of records */
+	uint8_t *start_answer_code = old_record + sizeof(getdns_mdns_cached_record_header) + 2 + 2;
+	uint16_t nb_answers = (start_answer_code[0] << 8) + start_answer_code[1];
+	nb_answers++;
+	start_answer_code[0] = (uint8_t)(nb_answers >> 8);
+	start_answer_code[1] = (uint8_t)(nb_answers&0xFF);
+
+	/* Update the content length */
+	header->content_len += record_length;
+	if (header->content_len > header->allocated_length)
+	{
+		/* realloc to a new length, */
+		do {
+			header->allocated_length = mdns_util_suggest_size(header->content_len);
+		} while (header->content_len > header->allocated_length);
+
+		*new_record = GETDNS_XREALLOC(context->mf, old_record, uint8_t, header->allocated_length); 
+	}
+	else
+	{
+		*new_record = old_record;
+	}
+
+	if (*new_record == NULL)
+	{
+		ret = GETDNS_RETURN_MEMORY_ERROR;
+	}
+	else
+	{
+		/* copy the record */
+		/* First, point name relative to beginning of DNS message */
+		(*new_record)[current_length++] = 0xC0;
+		(*new_record)[current_length++] = 0x12;
+		/* encode the components of the per record header */
+		(*new_record)[current_length++] = (uint8_t)((record_type >> 8) & 0xFF);
+		(*new_record)[current_length++] = (uint8_t)((record_type)& 0xFF);
+		(*new_record)[current_length++] = (uint8_t)((record_class >> 8) & 0xFF);
+		(*new_record)[current_length++] = (uint8_t)((record_class)& 0xFF);
+		(*new_record)[current_length++] = (uint8_t)((ttl >> 24) & 0xFF);
+		(*new_record)[current_length++] = (uint8_t)((ttl >> 16) & 0xFF);
+		(*new_record)[current_length++] = (uint8_t)((ttl >> 8) & 0xFF);
+		(*new_record)[current_length++] = (uint8_t)((ttl)& 0xFF);
+		(*new_record)[current_length++] = (uint8_t)((record_data_len >> 8) & 0xFF);
+		(*new_record)[current_length++] = (uint8_t)((record_data_len) & 0xFF);
+		memcpy(*new_record + current_length, record_data, record_data_len);
+	}
+
+	return ret;
+}
+
+static int
+mdns_update_cache_ttl_and_prune(struct getdns_context *context,
+	uint8_t * old_record, uint8_t ** new_record,
+	int record_type, int record_class, int ttl,
+	uint8_t * record_data, int record_data_len,
+	uint64_t current_time)
+{
+	/*
+	 * Compute the TTL delta
+	 */
+	int ret = 0;
+	getdns_mdns_cached_record_header *header = (getdns_mdns_cached_record_header*)old_record;
+	uint32_t delta_t_sec = (uint32_t)((current_time - header->insertion_microsec) / 1000000ll);
+	header->insertion_microsec += delta_t_sec * 1000000;
+	int message_index;
+	int answer_index;
+	int nb_answers;
+	int nb_answers_left;
+	int current_record_length;
+	int current_record_data_len;
+	uint32_t current_record_ttl;
+	int not_matched_yet = (record_data == NULL) ? 0 : 1;
+	int current_record_match;
+	int last_copied_index;
+	int current_hole_index;
+
+	/*
+	 * Skip the query
+	 */
+	message_index = sizeof(getdns_mdns_cached_record_header);
+	nb_answers = (old_record[message_index + 4] << 8) | old_record[message_index + 5];
+	nb_answers_left = nb_answers;
+	answer_index = mdns_util_skip_query(old_record + message_index + 12);
+	last_copied_index = answer_index;
+
+	/*
+	 * Examine each record
+	 */
+	for (int i = 0; i < nb_answers; i++)
+	{
+		current_record_ttl = (old_record[answer_index + 2 + 2 + 2] << 24)
+			| (old_record[answer_index + 2 + 2 + 2 + 1] << 16)
+			| (old_record[answer_index + 2 + 2 + 2 + 2] << 8)
+			| (old_record[answer_index + 2 + 2 + 2 + 3]);
+
+		current_record_data_len = (old_record[answer_index + 2 + 2 + 2 + 4] << 8)
+			| (old_record[answer_index + 2 + 2 + 2 + 4 + 1]);
+
+		current_record_length = 2 + 2 + 2 + 4 + 2 + current_record_data_len;
+
+		if (not_matched_yet &&
+		    current_record_data_len == record_data_len &&
+			memcmp(old_record + answer_index + 2 + 2 + 2 + 4 + 2, record_data, record_data_len) == 0)
+		{
+			current_record_match = 1;
+			not_matched_yet = 0;
+			current_record_ttl = ttl;
+		}
+		else
+		{
+			/* Not a match */
+			current_record_match = 0;
+
+			if (current_record_ttl > delta_t_sec)
+			{
+				current_record_ttl -= delta_t_sec;
+			}
+			else
+			{
+				current_record_ttl = 0;
+			}
+		}
+
+		if (current_record_ttl != 0)
+		{
+			nb_answers_left--;
+
+			/* this record should be compacted away */
+			if (current_hole_index == 0)
+			{
+				/* encountering the first hole in the message,
+				 * no need to copy anything yet.
+				 */
+				last_copied_index = answer_index;
+			}
+			else if (current_hole_index != answer_index)
+			{
+				/* copy the data from hole to answer */
+				memmove(old_record + last_copied_index, old_record + current_hole_index,
+					answer_index - current_hole_index);
+				last_copied_index += answer_index - current_hole_index;
+			}
+			
+			/* in all cases, the current hole begins after the message's encoding */
+			current_hole_index = answer_index + current_record_length;
+		}
+		else
+		{
+			/* keeping this record, but updating the TTL */
+			old_record[answer_index + 2 + 2 + 2] = (uint8_t)(current_record_ttl >> 24);
+			old_record[answer_index + 2 + 2 + 2 + 1] = (uint8_t)(current_record_ttl >> 16);
+			old_record[answer_index + 2 + 2 + 2 + 2] = (uint8_t)(current_record_ttl >> 8);
+			old_record[answer_index + 2 + 2 + 2 + 3] = (uint8_t)(current_record_ttl);
+		}
+		/* progress to the next record */
+		answer_index += current_record_length;
+	}
+
+	/* if necessary, copy the pending data */
+	if (current_hole_index != answer_index)
+	{
+		/* copy the data from hole to last answer */
+		memmove(old_record + last_copied_index, old_record + current_hole_index,
+			answer_index - current_hole_index);
+		last_copied_index += answer_index - current_hole_index;
+	}
+
+	/* if some records were deleted, update the record headers */
+	if (nb_answers != nb_answers_left)
+	{
+		header->content_len = last_copied_index;
+		old_record[message_index + 4] = (uint8_t)(nb_answers >> 8);
+		old_record[message_index + 5] = (uint8_t)(nb_answers);
+	}
+
+	/*
+	* if the update was never seen, ask for an addition
+	*/
+	if (ttl == 0 && not_matched_yet)
+	{
+		mdns_add_record_to_cache_entry(context, old_record, new_record,
+			record_type, record_class, ttl, record_data, record_data_len);
+		nb_answers_left++;
+	}
+	else
+	{
+		*new_record = old_record;
+	}
+
+	/*
+	 * TODO: if there are no record left standing, return a signal that the cache should be pruned.
+	 */
+
+	return ret;
+}
+
+
+/*
+* Add entry function for the MDNS record cache.
+*/
+static int
+mdns_propose_entry_to_cache(
+	struct getdns_context *context,
+	uint8_t * name, int name_len,
+	int record_type, int record_class, int ttl,
+	uint8_t * record_data, int record_data_len,
+	uint64_t current_time)
+{
+	int ret = 0;
+	size_t required_memory = 0;
+	uint8_t temp_key[256 + sizeof(getdns_mdns_cached_key_header)];
+	hashvalue_type hash;
+	struct lruhash_entry *entry, *new_entry;
+	uint8_t *key, *data;
+
+	msdn_cache_create_key_in_buffer(temp_key, name, name_len, record_type, record_class);
+
+	
+	/* TODO: make hash init value a random number in the context, for defense against DOS */
+	hash = hashlittle(temp_key, name_len + sizeof(getdns_mdns_cached_key_header), 0xCAC8E);
+
+	entry = lruhash_lookup(context->mdns_cache, hash, temp_key, 1);
+
+	if (entry == NULL && ttl != 0)
+	{
+		/*
+		 * Create an empty entry.
+		 */
+		key = mdns_cache_create_key(name, name_len, record_type, record_class, context);
+		data = mdns_cache_create_data(name, name_len, record_type, record_class,
+				record_data_len, current_time, context);
+		new_entry = GETDNS_XMALLOC(context->mf, struct lruhash_entry, 1);
+
+		if (key == NULL || data == NULL || new_entry == NULL)
+		{
+			if (key != NULL)
+			{
+				GETDNS_FREE(context->mf, key);
+				key = NULL;
+			}
+
+			if (data != NULL)
+			{
+				GETDNS_FREE(context->mf, data);
+				data = NULL;
+			}
+
+			if (new_entry != NULL)
+			{
+				GETDNS_FREE(context->mf, new_entry);
+				new_entry = NULL;
+			}
+
+		}
+		else
+		{
+			memset(new_entry, 0, sizeof(struct lruhash_entry));
+			lock_rw_init(new_entry->lock);
+			new_entry->hash = hash;
+			new_entry->key = key;
+			new_entry->data = data;
+
+			entry = lruhash_insert_or_retrieve(context->mdns_cache, hash, new_entry, data, NULL);
+
+			if (entry != new_entry)
+			{
+				lock_rw_destroy(new_entry->lock);
+				GETDNS_FREE(context->mf, new_entry);
+			}
+		}
+	}
+
+	if (entry != NULL)
+	{
+		ret = mdns_update_cache_ttl_and_prune(context,
+			(uint8_t*)entry->data, &data,
+			record_type, record_class, ttl, record_data, record_data_len,
+			current_time);
+
+		/* then, unlock the entry */
+		lock_rw_unlock(entry->lock);
+
+		/* TODO: if the entry was marked for deletion, move it to the bottom of the LRU */
+	} 
+
+	return ret;
+}
+
+#if 0
+/*
+ * Add record function for the MDNS record cache.
+ */
+static int
+mdns_add_record_to_cache(struct getdns_context *context,
+	uint8_t * name, int name_len,
+	int record_type, int record_class, int ttl,
+	uint8_t * record_data, int record_data_len)
 {
 	int ret = 0;
 
-	if (id1 != id2)
-	{
-		ret = (((intptr_t)id1) < ((intptr_t)id2)) ? -1 : 1;
-	}
+	/* First, format a key */
+
+	/* Next, get the record from the LRU cache */
+
+	/* If there is no record, need to create one */
+
+	/* Else, just do  simple update */
+
 	return ret;
 }
 
+
+/*
+* MDNS cache management.
+*
+* This is provisional, until we can get a proper cache by reusing the outbound code.
+*
+* The cache is a collection of getdns_mdns_known_record structures, each holding
+* one record: name, type, class, ttl, rdata length and rdata, plus a 64 bit time stamp.
+* The collection is organized as an RB tree. The comparison function in mdns_cmp_known_records
+* is somewhat arbitrary: compare by numeric fields class, type, name length, and
+* record length first, then by name value, and then by record value.
+*
+* When a message is received, it will be parsed, and each valid record in the
+* ANSWER, AUTH or additional section will be added to the cache. If there is already
+* a matching record, only the TTL and time stamp will be updated. If the new TTL is zero,
+* the matching record will be removed from the cache.
+*
+* When a request is first presented, we will try  to solve it from the cache. If there
+* is response present, we will format a reply containing all the matching records, with
+* an updated TTL. If the updated TTL is negative, the record will be deleted from the
+* cache and will not be added to the query.
+*
+* For continuing requests, we may need to send queries with the list of known answers.
+* These will be extracted from the cache.
+*
+* We may want to periodically check all the records in the cache and remove all those
+* that have expired. This could be treated as a garbage collection task.
+*
+* The cache is emptied and deleted upon context deletion.
+*
+* In a multithreaded environment, we will assume that whoever accesses the cache holds a
+* on the context. This is not ideal, but fine grain locks can lead to all kinds of
+* synchronization issues.
+*/
+
 /*
  * Compare function for the getdns_mdns_known_record type,
  * used in the red-black tree of known records per query.
@@ -103,30 +704,413 @@ static int mdns_cmp_known_records(const void * nkr1, const void * nkr2)
 	getdns_mdns_known_record * kr1 = (getdns_mdns_known_record *)nkr1;
 	getdns_mdns_known_record * kr2 = (getdns_mdns_known_record *)nkr2;
 
-	if (kr1->request_class != kr2->request_class)
+	if (kr1->record_class != kr2->record_class)
 	{
-		ret = (kr1->request_class < kr2->request_class) ? -1 : 1;
+		ret = (kr1->record_class < kr2->record_class) ? -1 : 1;
 	}
-	else if (kr1->request_type != kr2->request_type)
+	else if (kr1->record_type != kr2->record_type)
 	{
-		ret = (kr1->request_type < kr2->request_type) ? -1 : 1;
+		ret = (kr1->record_type < kr2->record_type) ? -1 : 1;
 	}
 	else if (kr1->name_len != kr2->name_len)
 	{
 		ret = (kr1->name_len < kr2->name_len) ? -1 : 1;
 	}
-	else if (kr1->record_len != kr2->record_len)
+	else if (kr1->record_data_len != kr2->record_data_len)
 	{
-		ret = (kr1->record_len < kr2->record_len) ? -1 : 1;
+		ret = (kr1->record_data_len < kr2->record_data_len) ? -1 : 1;
 	}
 	else if ((ret = memcmp((void*)kr1->name, (void*)kr2->name, kr2->name_len)) == 0)
 	{
-		ret = memcmp((const void*)kr1->record_data, (const void*)kr2->record_data, kr1->record_len);
+		ret = memcmp((const void*)kr1->record_data, (const void*)kr2->record_data, kr1->record_data_len);
 	}
 
 	return ret;
 }
 
+/*
+ * Add record function for the MDNS record cache.
+ */
+static int 
+mdns_add_known_record_to_cache(
+struct getdns_context *context,
+	uint8_t * name, int name_len,
+	int record_type, int record_class, int ttl,
+	uint8_t * record_data, int record_data_len)
+{
+	int ret = 0;
+	getdns_mdns_known_record temp, *record, *inserted_record;
+	size_t required_memory = 0;
+	_getdns_rbnode_t * node_found, *to_delete;
+
+	temp.name = name;
+	temp.name_len = name_len;
+	temp.record_class = record_class;
+	temp.record_type = record_type;
+	temp.record_data = record_data;
+	temp.record_data_len = record_data_len;
+
+
+	if (ttl == 0)
+	{
+		to_delete = _getdns_rbtree_delete(
+			&context->mdns_known_records_by_value, &temp);
+
+		if (to_delete != NULL)
+		{
+			GETDNS_FREE(context->mf, to_delete->key);
+		}
+	}
+	else
+	{
+		node_found = _getdns_rbtree_search(&context->mdns_known_records_by_value, &temp);
+
+		if (node_found != NULL)
+		{
+			record = (getdns_mdns_known_record *)node_found->key;
+			record->ttl = ttl;
+			record->insertion_microsec = _getdns_get_time_as_uintt64();
+		}
+		else
+		{
+			required_memory = sizeof(getdns_mdns_known_record) + name_len + record_data_len;
+
+			record = (getdns_mdns_known_record *)
+				GETDNS_XMALLOC(context->mf, uint8_t, required_memory);
+
+			if (record == NULL)
+			{
+				ret = GETDNS_RETURN_MEMORY_ERROR;
+			}
+			else
+			{
+				record->node.parent = NULL;
+				record->node.left = NULL;
+				record->node.right = NULL;
+				record->node.key = (void*)record;
+				record->record_class = temp.record_class;
+				record->name = ((uint8_t*)record) + sizeof(getdns_mdns_known_record);
+				record->name_len = name_len;
+				record->record_class = record_class;
+				record->record_type = record_type;
+				record->record_data = record->name + name_len;
+				record->record_data_len = record_data_len;
+				record->insertion_microsec = _getdns_get_time_as_uintt64();
+
+				memcpy(record->name, name, name_len);
+				memcpy(record->record_data, record_data, record_data_len);
+
+				inserted_record = (getdns_mdns_known_record *)
+					_getdns_rbtree_insert(&context->mdns_known_records_by_value,
+						&record->node);
+				if (inserted_record == NULL)
+				{
+					/* Weird. This can only happen in a race condition */
+					GETDNS_FREE(context->mf, record);
+					ret = GETDNS_RETURN_GENERIC_ERROR;
+				}
+			}
+		}
+	}
+
+	return ret;
+}
+
+/*
+ * Get the position of the first matching record in the cache
+ */
+static _getdns_rbnode_t *
+mdns_get_first_record_from_cache(
+struct getdns_context *context,
+	uint8_t * name, int name_len,
+	int record_type, int record_class,
+	getdns_mdns_known_record* next_key)
+{
+	/* First, get a search key */
+	getdns_mdns_known_record temp;
+	_getdns_rbnode_t *next_node;
+
+	if (next_key == NULL)
+	{
+		temp.name = name;
+		temp.name_len = name_len;
+		temp.record_class = record_class;
+		temp.record_type = record_type;
+		temp.record_data = name;
+		temp.record_data_len = 0;
+
+		next_key = &temp;
+	}
+
+	/*
+	 * Find the starting point
+	 */
+	if (!_getdns_rbtree_find_less_equal(
+		&context->mdns_known_records_by_value,
+		next_key,
+		&next_node))
+	{
+		/*
+		* The key was not an exact match. Need to find the first node larger
+		* than the key.
+		*/
+		if (next_node == NULL)
+		{
+			/*
+			* The key was smallest than the smallest key in the tree, or the tree is empty
+			*/
+			next_node = _getdns_rbtree_first(&context->mdns_known_records_by_value);
+		}
+		else
+		{
+			/*
+			* Search retrurned a key smaller than target, so we pick the next one.
+			*/
+			next_node = _getdns_rbtree_next(next_node);
+		}
+	}
+
+	/*
+	 * At this point, we do not check that this is the right node
+	 */
+
+	return next_node;
+}
+
+/*
+ * Count the number of records for this name and type, purging those that have expired.
+ * Return the first valid node in the set, or NULL if there are no such nodes.
+ */
+static _getdns_rbnode_t *
+mdns_count_and_purge_record_from_cache(
+	struct getdns_context *context,
+	uint8_t * name, int name_len,
+	int record_type, int record_class,
+	_getdns_rbnode_t* next_node,
+	uint64_t current_time_microsec,
+	int *nb_records, int *total_content)
+{
+	int current_record = 0;
+	int record_length_sum = 0;
+	int valid_ttl = 0;
+	getdns_mdns_known_record *next_key;
+	_getdns_rbnode_t *first_valid_node = NULL, *old_node = NULL;
+
+	while (next_node)
+	{
+		next_key = (getdns_mdns_known_record *)next_node->key;
+		if (next_key->name_len != name_len ||
+			next_key->record_class != record_class ||
+			next_key->record_type != record_type ||
+			memcmp(next_key->name, name, name_len) != 0)
+		{
+			next_node = NULL;
+			next_key = NULL;
+			break;
+		}
+
+		old_node = next_node;
+		next_node = _getdns_rbtree_next(next_node);
+
+		if (next_key->insertion_microsec + (((uint64_t)next_key->ttl) << 20) >=
+			current_time_microsec)
+		{
+			current_record++;
+			record_length_sum += next_key->record_data_len;
+
+			if (first_valid_node == NULL)
+			{
+				first_valid_node = old_node;
+			}
+		}
+		else
+		{
+			_getdns_rbnode_t * deleted = _getdns_rbtree_delete(
+				&context->mdns_known_records_by_value, next_key);
+
+			if (deleted != NULL)
+			{
+				GETDNS_FREE(context->mf, next_key);
+			}
+		}
+	}
+
+	*nb_records = current_record;
+	*total_content = record_length_sum;
+
+	return first_valid_node;
+}
+
+/*
+ * Fill a response buffer with the records present in the set,
+ * up to a limit
+ */
+_getdns_rbnode_t *
+mdns_fill_response_buffer_from_cache(
+struct getdns_context *context,
+	uint8_t * name, int name_len,
+	int record_type, int record_class,
+	uint8_t * response, int* response_len, int response_len_max,
+	int * nb_records,
+	_getdns_rbnode_t* next_node,
+	uint64_t current_time_microsec,
+	int name_offset
+	)
+{
+	int current_length = 0;
+	getdns_mdns_known_record * next_key;
+	int64_t ttl_64;
+	int32_t current_ttl;
+	int current_record = 0;
+	int coding_length;
+	int name_coding_length = (name_offset < 0) ? name_len : 2;
+
+	while (next_node)
+	{
+		next_key = (getdns_mdns_known_record *)next_node->key;
+		if (next_key->name_len != name_len ||
+			next_key->record_class != record_class ||
+			next_key->record_type != record_type ||
+			memcmp(next_key->name, name, name_len) != 0)
+		{
+			next_node = NULL;
+			next_key = NULL;
+			break;
+		}
+
+		/*
+		 * Compute the required size.
+		 */
+		coding_length = name_len + name_coding_length + 2 + 4 + 2 + next_key->record_data_len;
+
+		if (current_length + coding_length > response_len_max)
+		{
+			break;
+		}
+
+		/*
+		 * encode the record with the updated TTL
+		 */
+
+		ttl_64 = current_time_microsec - next_key->insertion_microsec;
+		ttl_64 += (((uint64_t)next_key->ttl) << 20);
+
+		if (ttl_64 > 0)
+		{
+			current_ttl = max(ttl_64 >> 20, 1);
+		}
+		else
+		{
+			current_ttl = 1;
+		}
+
+		if (name_offset >= 0)
+		{
+			/* Perform name compression, per DNS spec */
+			response[current_length++] = (uint8_t)((0xC0 | (name_offset >> 8)) & 0xFF);
+			response[current_length++] = (uint8_t)(name_offset & 0xFF);
+		}
+		else
+		{
+			memcpy(response + current_length, name, name_len);
+			current_length += name_len;
+		}
+		response[current_length++] = (uint8_t)((record_type >> 8) & 0xFF);
+		response[current_length++] = (uint8_t)((record_type)& 0xFF);
+		response[current_length++] = (uint8_t)((record_class >> 8) & 0xFF);
+		response[current_length++] = (uint8_t)((record_class)& 0xFF);
+		response[current_length++] = (uint8_t)((current_ttl >> 24) & 0xFF);
+		response[current_length++] = (uint8_t)((current_ttl >> 16) & 0xFF);
+		response[current_length++] = (uint8_t)((current_ttl >> 8) & 0xFF);
+		response[current_length++] = (uint8_t)((current_ttl)& 0xFF);
+		response[current_length++] = (uint8_t)((next_key->record_data_len >> 8) & 0xFF);
+		response[current_length++] = (uint8_t)((next_key->record_data_len)& 0xFF);
+		memcpy(response + current_length, next_key->record_data, next_key->record_data_len);
+		current_length += next_key->record_data_len;
+
+		/*
+		 * continue with the next node
+		 */
+		current_record++;
+		next_node = _getdns_rbtree_next(next_node);
+	}
+
+	*response_len = current_length;
+	*nb_records = current_record;
+
+	return next_node;
+}
+
+/*
+ * Compose a response from the MDNS record cache.
+ */
+static int
+mdns_compose_response_from_cache(
+	struct getdns_context *context,
+	uint8_t * name, int name_len,
+	int record_type, int record_class,
+	uint8_t ** response, int* response_len, int response_len_max,
+	int query_id,
+	getdns_mdns_known_record** next_key)
+{
+	int ret = 0;
+	/* First, get a search key */
+	int nb_records = 0;
+	int total_content = 0;
+	int total_length = 0;
+	uint64_t current_time = _getdns_get_time_as_uintt64();
+
+	_getdns_rbnode_t * first_node = mdns_get_first_record_from_cache(
+		context, name, name_len, record_type, record_class, *next_key);
+	/* Purge the expired records and compute the desired length */
+	first_node = mdns_count_and_purge_record_from_cache(
+		context, name, name_len, record_type, record_class, first_node, current_time,
+		&nb_records, &total_content);
+
+	/* todo: check whether encoding an empty message is OK */
+	/* todo: check whether something special is needed for continuation records */
+
+	/* Allocate the required memory */
+	total_length = 12 /* DNS header */
+		+ name_len + 4 /* Query */
+		+ total_content + (2 + 2 + 2 + 4 + 2)*nb_records /* answers */;
+	/* TODO: do we need EDNS encoding? */
+
+	if (response_len_max == 0)
+	{
+		/* setting this parameter to zero indicates that a full buffer allocation is desired */
+		{
+			if (*response == NULL)
+			{
+				*response = GETDNS_XMALLOC(context->mf, uint8_t, total_length);
+			}
+			else
+			{
+				*response = GETDNS_XREALLOC(context->mf, *response, uint8_t, total_length);
+			}
+
+			if (*response == NULL)
+			{
+				ret = GETDNS_RETURN_MEMORY_ERROR;
+			}
+			else
+			{
+				response_len_max = total_length;
+			}
+		}
+	}
+	if (ret == 0)
+	{
+
+		/*
+		 * Now, proceed with the encoding
+		 */
+	}
+}
+#endif /* if 0, remove the RB based cache code */
+
+
+
 /*
  * Compare function for the mdns_continuous_query_by_name_rrtype,
  * used in the red-black tree of all ongoing queries.
@@ -156,11 +1140,56 @@ static int mdns_cmp_continuous_queries_by_name_rrtype(const void * nqnr1, const
 	return ret;
 }
 
+/*
+ * Multicast receive event callback
+ */
+static void
+mdns_udp_multicast_read_cb(void *userarg)
+{
+	mdns_network_connection * cnx = (mdns_network_connection *)userarg;
+	ssize_t       read;
+	DEBUG_MDNS("%s %-35s: CTX: %p, NET=%d \n", MDNS_DEBUG_MREAD,
+		__FUNCTION__, cnx->context, cnx->addr_mcast.ss_family);
+
+	GETDNS_CLEAR_EVENT(
+		cnx->context->extension, &cnx->event);
+
+	read = recvfrom(cnx->fd, (void *)cnx->response,
+		sizeof(cnx->response), 0, NULL, NULL);
+
+
+	if (read == -1 && _getdns_EWOULDBLOCK)
+		return; /* TODO: this will stop the receive loop! */
+
+	if (read >= GLDNS_HEADER_SIZE)
+	{
+		/* parse the response, find the relevant queries, submit the records to the cache */
+
+		/*
+		netreq->response_len = read;
+		netreq->debug_end_time = _getdns_get_time_as_uintt64();
+		netreq->state = NET_REQ_FINISHED;
+		_getdns_check_dns_req_complete(dnsreq);
+		*/
+	}
+	else
+	{
+		/* bogus packet.. Should log. */
+	}
+
+	/*
+	 * Relaunch the event, so we can go read the next packet.
+	 */
+	GETDNS_SCHEDULE_EVENT(
+		cnx->context->extension, cnx->fd, 0,
+		getdns_eventloop_event_init(&cnx->event, cnx,
+			mdns_udp_multicast_read_cb, NULL, NULL));
+}
 
 /*
-* Create the two required multicast sockets
-*/
-static int mdns_open_ipv4_multicast()
+ * Create the two required multicast sockets
+ */
+static int mdns_open_ipv4_multicast(SOCKADDR_STORAGE* mcast_dest, int* mcast_dest_len)
 {
 	getdns_return_t ret = 0;
 	SOCKET fd4 = -1;
@@ -170,6 +1199,8 @@ static int mdns_open_ipv4_multicast()
 	uint8_t ttl = 255;
 	IP_MREQ mreq4;
 
+	memset(&mcast_dest, 0, sizeof(SOCKADDR_STORAGE));
+	*mcast_dest_len = 0;
 	memset(&ipv4_dest, 0, sizeof(ipv4_dest));
 	memset(&ipv4_port, 0, sizeof(ipv4_dest));
 	ipv4_dest.sin_family = AF_INET;
@@ -221,10 +1252,16 @@ static int mdns_open_ipv4_multicast()
 			fd4 = -1;
 	}
 
+	if (ret == 0)
+	{
+		memcpy(&mcast_dest, &ipv4_dest, sizeof(ipv4_dest));
+		*mcast_dest_len = sizeof(ipv4_dest);
+	}
+
 	return fd4;
 }
 
-static int mdns_open_ipv6_multicast()
+static int mdns_open_ipv6_multicast(SOCKADDR_STORAGE* mcast_dest, int* mcast_dest_len)
 {
 	getdns_return_t ret = 0;
 	SOCKET fd6 = -1;
@@ -234,6 +1271,8 @@ static int mdns_open_ipv6_multicast()
 	uint8_t ttl = 255;
 	IPV6_MREQ mreq6;
 
+	memset(&mcast_dest, 0, sizeof(SOCKADDR_STORAGE));
+	*mcast_dest_len = 0;
 	memset(&ipv6_dest, 0, sizeof(ipv6_dest));
 	memset(&ipv6_port, 0, sizeof(ipv6_dest));
 	ipv6_dest.sin6_family = AF_INET6;
@@ -288,6 +1327,11 @@ static int mdns_open_ipv6_multicast()
 		fd6 = -1;
 	}
 
+	if (ret == 0)
+	{
+		memcpy(&mcast_dest, &ipv6_dest, sizeof(ipv6_dest));
+		*mcast_dest_len = sizeof(ipv6_dest);
+	}
 	return fd6;
 }
 
@@ -300,23 +1344,86 @@ static getdns_return_t mdns_delayed_network_init(struct getdns_context *context)
 
 	if (context->mdns_extended_support == 2)
 	{
-		context->mdns_fdv4 = mdns_open_ipv4_multicast();
-		context->mdns_fdv6 = mdns_open_ipv6_multicast();
+		context->mdns_cache = lruhash_create(100, 1000,
+			mdns_cache_entry_size, mdns_cache_key_comp,
+			msdn_cache_delkey, msdn_cache_deldata,
+			context);
 
-		if (context->mdns_fdv4 == -1 || context->mdns_fdv6 == -1)
+		if (context->mdns_cache == NULL)
 		{
-			if (context->mdns_fdv4 != -1)
-#ifdef USE_WINSOCK
-				closesocket(context->mdns_fdv4);
-#else
-				close(context->mdns_fdv4);
-#endif
-			ret = GETDNS_RETURN_GENERIC_ERROR;
+			ret = GETDNS_RETURN_MEMORY_ERROR;
 		}
 		else
 		{
-			/* TODO: launch the receive loops */
-		}
+			context->mdns_connection = (mdns_network_connection *)
+				GETDNS_XMALLOC(context->my_mf, mdns_network_connection, 2);
+
+			if (context->mdns_connection == NULL)
+			{
+				ret = GETDNS_RETURN_MEMORY_ERROR;
+			}
+			else
+			{
+				context->mdns_connection_nb = 2;
+
+				context->mdns_connection[0].fd = mdns_open_ipv4_multicast(
+					&context->mdns_connection[0].addr_mcast
+					, &context->mdns_connection[0].addr_mcast_len);
+				context->mdns_connection[1].fd = mdns_open_ipv6_multicast(
+					&context->mdns_connection[0].addr_mcast
+					, &context->mdns_connection[0].addr_mcast_len);
+
+				if (context->mdns_connection[0].fd == -1 ||
+					context->mdns_connection[1].fd == -1)
+				{
+					ret = GETDNS_RETURN_GENERIC_ERROR;
+				}
+				else
+				{
+					/* TODO: launch the receive loops */
+					for (int i = 0; i < 2; i++)
+					{
+						GETDNS_CLEAR_EVENT(context->extension, &context->mdns_connection[i].event);
+						GETDNS_SCHEDULE_EVENT(
+							context->extension, context->mdns_connection[i].fd, 0,
+							getdns_eventloop_event_init(&context->mdns_connection[i].event,
+								&context->mdns_connection[i],
+								mdns_udp_multicast_read_cb, NULL, NULL));
+					}
+				}
+
+				if (ret != 0)
+				{
+					for (int i = 0; i < 2; i++)
+					{
+						if (context->mdns_connection[i].fd != -1)
+						{
+
+							GETDNS_CLEAR_EVENT(context->extension
+								, &context->mdns_connection[i].event);
+#ifdef USE_WINSOCK
+							closesocket(context->mdns_connection[i].fd);
+#else
+							close(context->mdns_connection[i].fd);
+#endif
+						}
+					}
+
+					GETDNS_FREE(context->my_mf, context->mdns_connection);
+					context->mdns_connection = NULL;
+					context->mdns_connection_nb = 0;
+				}
+			} /* mdns-connection != NULL */
+
+			if (ret != 0)
+			{
+				/* delete the cache that was just created, since the network connection failed */
+				lruhash_delete(context->mdns_cache);
+				context->mdns_cache = NULL;
+			}
+		} /* cache != NULL */
+
+		context->mdns_extended_support = (ret == 0) ? 1 : 0;
 	}
 
 	return ret;
@@ -331,6 +1438,8 @@ static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *ne
 	getdns_mdns_continuous_query temp_query, *continuous_query, *inserted_query;
 	getdns_dns_req *dnsreq = netreq->owner;
 	struct getdns_context *context = dnsreq->context;
+	_getdns_rbnode_t * node_found;
+
 	/*
 	 * Fill the target request, but only initialize name and request_type
 	 */
@@ -344,9 +1453,13 @@ static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *ne
 	 * if there is not, create one.
 	 * TODO: should lock the context object when doing that.
 	 */
-	continuous_query = (getdns_mdns_continuous_query *)
-		_getdns_rbtree_search(&context->mdns_continuous_queries_by_name_rrtype, &temp_query);
-	if (continuous_query == NULL)
+	node_found = _getdns_rbtree_search(&context->mdns_continuous_queries_by_name_rrtype, &temp_query);
+
+	if (node_found != NULL)
+	{
+		continuous_query = (getdns_mdns_continuous_query *)node_found->key;
+	}
+	else
 	{
 		continuous_query = (getdns_mdns_continuous_query *)
 			GETDNS_MALLOC(context->mf, getdns_mdns_continuous_query);
@@ -391,14 +1504,12 @@ static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *ne
  */
 void _getdns_mdns_context_init(struct getdns_context *context)
 {
-
 	context->mdns_extended_support = 2; /* 0 = no support, 1 = supported, 2 = initialization needed */
-	context->mdns_fdv4 = -1; /* invalid socket, i.e. not initialized */
-	context->mdns_fdv6 = -1; /* invalid socket, i.e. not initialized */
+	context->mdns_connection = NULL;
+	context->mdns_connection_nb = 0;
+	context->mdns_cache = NULL;
 	_getdns_rbtree_init(&context->mdns_continuous_queries_by_name_rrtype
 		, mdns_cmp_continuous_queries_by_name_rrtype);
-	_getdns_rbtree_init(&context->mdns_known_records_by_value
-		, mdns_cmp_known_records);
 }
 
 /*
diff --git a/src/mdns.h b/src/mdns.h
index b2ac131b..d5cc9f79 100644
--- a/src/mdns.h
+++ b/src/mdns.h
@@ -40,15 +40,40 @@ typedef struct getdns_mdns_known_record
 	/* For storage in context->mdns_known_records_by_value */
 	_getdns_rbnode_t node;
 	uint64_t insertion_microsec;
-	uint16_t request_type;
-	uint16_t request_class;
+	uint16_t record_type;
+	uint16_t record_class;
 	uint32_t ttl;
 	int name_len;
-	int record_len;
+	int record_data_len;
 	uint8_t* name;
 	uint8_t * record_data;
 } getdns_mdns_known_record;
 
+/* 
+ * Each entry in the hash table is keyed by type, class and name.
+ * The data part contains:
+ * - 64 bit time stamp
+ * - 32 bit word describing the record size
+ * - 32 bit word describing teh allocated memory size
+ * - valid DNS response, including 1 query and N answers, 0 AUTH, 0 AD.
+ * For economy, all answers are encoded using header compression, pointing
+ * to the name in the query, i.e. offset 12 from beginning of message
+ */
+
+typedef struct getdns_mdns_cached_key_header
+{
+	uint16_t record_type;
+	uint16_t record_class;
+	int name_len;
+} getdns_mdns_cached_key_header;
+
+typedef struct getdns_mdns_cached_record_header
+{
+	uint64_t insertion_microsec;
+	uint32_t content_len;
+	uint32_t allocated_length;
+} getdns_mdns_cached_record_header;
+
 typedef struct getdns_mdns_continuous_query
 {
 	/* For storage in context->mdns_continuous_queries_by_name_rrtype */
@@ -63,6 +88,16 @@ typedef struct getdns_mdns_continuous_query
 	/* todo: do we need an update mark for showing last results? */
 } getdns_mdns_continuous_query;
 
+typedef struct mdns_network_connection
+{
+	struct getdns_context* context;
+	int fd;
+	int addr_mcast_len;
+	SOCKADDR_STORAGE addr_mcast;
+	getdns_eventloop_event  event;
+	uint8_t response[1500];
+} mdns_network_connection;
+
 
 void _getdns_mdns_context_init(struct getdns_context *context);
 void _getdns_mdns_context_destroy(struct getdns_context *context);
diff --git a/src/server.c b/src/server.c
index 91553725..ef167179 100644
--- a/src/server.c
+++ b/src/server.c
@@ -708,7 +708,11 @@ static void remove_listeners(listen_set *set)
 			continue;
 
 		loop->vmt->clear(loop, &l->event);
+#ifdef USE_WINSOCK
+		closesocket(l->fd);
+#else
 		close(l->fd);
+#endif
 		l->fd = -1;
 
 		if (l->transport != GETDNS_TRANSPORT_TCP)

From 549de0de60549053c0109be0ed6653a3f9a49780 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 14 Feb 2017 13:41:58 +0100
Subject: [PATCH 121/249] Use of custom mem funcs by uthash

---
 src/extension/poll_eventloop.c | 34 ++++++++++++++++++++--------------
 src/extension/poll_eventloop.h |  5 +++++
 2 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index ede0f20a..17e51552 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -37,7 +37,6 @@
 #endif
 #include "extension/poll_eventloop.h"
 #include "debug.h"
-#include "types-internal.h"
 
 static _getdns_eventloop_info *
 find_event(_getdns_eventloop_info** events, int id)
@@ -50,7 +49,8 @@ find_event(_getdns_eventloop_info** events, int id)
 }
 
 static void
-add_event(_getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
+add_event(struct mem_funcs *mf,
+    _getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
 {
 	DEBUG_SCHED("poll_eventloop: add_event with id %d\n", id);
 	_getdns_eventloop_info* myevent = calloc(1, sizeof(_getdns_eventloop_info));
@@ -61,7 +61,8 @@ add_event(_getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
 }
 
 static void
-delete_event(_getdns_eventloop_info** events, _getdns_eventloop_info* ev)
+delete_event(struct mem_funcs *mf,
+    _getdns_eventloop_info** events,_getdns_eventloop_info* ev)
 {
 	DEBUG_SCHED("poll_eventloop: delete_event with id %d\n", ev->id);
 	HASH_DEL(*events, ev);
@@ -88,6 +89,7 @@ poll_eventloop_schedule(getdns_eventloop *loop,
     int fd, uint64_t timeout, getdns_eventloop_event *event)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
+	struct mem_funcs *mf = &poll_loop->mf;
 	size_t i;
 
 	DEBUG_SCHED( "%s(loop: %p, fd: %d, timeout: %"PRIu64", event: %p, max_fds: %d)\n"
@@ -126,13 +128,13 @@ poll_eventloop_schedule(getdns_eventloop *loop,
 #endif
 		/* cleanup the old event if it exists */
 		if (fd_event) {
-			delete_event(&poll_loop->fd_events, fd_event);
+			delete_event(mf, &poll_loop->fd_events, fd_event);
 		}
 		_getdns_eventloop_info fd_ev;
 		event->ev = (void *) (intptr_t) (fd + 1);
 		fd_ev.event = event;
 		fd_ev.timeout_time = get_now_plus(timeout);
-		add_event(&poll_loop->fd_events, fd, &fd_ev);
+		add_event(mf, &poll_loop->fd_events, fd, &fd_ev);
 
 		DEBUG_SCHED( "scheduled read/write at fd %d\n", fd);
 		return GETDNS_RETURN_GOOD;
@@ -154,7 +156,7 @@ poll_eventloop_schedule(getdns_eventloop *loop,
 			_getdns_eventloop_info timeout_ev;
 			timeout_ev.event = event;
 			timeout_ev.timeout_time = get_now_plus(timeout);
-			add_event(&poll_loop->timeout_events, i, &timeout_ev);
+			add_event(mf, &poll_loop->timeout_events, i, &timeout_ev);
 			event->ev = (void *) (intptr_t) (i + 1);
 
 			DEBUG_SCHED( "scheduled timeout at slot %d\n", (int)i);
@@ -169,6 +171,7 @@ static getdns_return_t
 poll_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
+	struct mem_funcs *mf = &poll_loop->mf;
 	ssize_t i;
 
 	if (!loop || !event)
@@ -194,7 +197,7 @@ poll_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 
 #endif
 		if (timeout_event) {
-			delete_event(&poll_loop->timeout_events, timeout_event);
+			delete_event(mf, &poll_loop->timeout_events, timeout_event);
 		}
 	} else {
 		_getdns_eventloop_info* fd_event = find_event(&poll_loop->fd_events, i);
@@ -205,7 +208,7 @@ poll_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 			           , (void *)fd_event);
 #endif
 		if (fd_event) {
-			delete_event(&poll_loop->fd_events, fd_event);
+			delete_event(mf, &poll_loop->fd_events, fd_event);
 		}
 	}
 	event->ev = NULL;
@@ -216,6 +219,8 @@ static void
 poll_eventloop_cleanup(getdns_eventloop *loop)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
+	struct mem_funcs *mf = &poll_loop->mf;
+
 	HASH_CLEAR(hh, poll_loop->fd_events);
 	HASH_CLEAR(hh, poll_loop->timeout_events);
 }
@@ -254,6 +259,7 @@ static void
 poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
+	struct mem_funcs *mf = &poll_loop->mf;
 	_getdns_eventloop_info *s, *tmp;
 	uint64_t now, timeout = TIMEOUT_FOREVER;
 	size_t   i=0;
@@ -270,7 +276,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 
 	HASH_ITER(hh, poll_loop->timeout_events, s, tmp) {
 		if (now > s->timeout_time)
-			add_event(&timeout_timeout_cbs, s->id, s);
+			add_event(mf, &timeout_timeout_cbs, s->id, s);
 		else if (s->timeout_time < timeout)
 			timeout = s->timeout_time;
 	}
@@ -278,7 +284,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	   and thus messes with the iteration */
 	HASH_ITER(hh, timeout_timeout_cbs, s, tmp) {
 		getdns_eventloop_event* event = s->event;
-		delete_event(&timeout_timeout_cbs, s);
+		delete_event(mf, &timeout_timeout_cbs, s);
 		poll_timeout_cb(-1, event);
 	}
 	// first we count the number of fds that will be active
@@ -344,27 +350,27 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		if (s->event &&
 		    s->event->timeout_cb &&
 		    now > s->timeout_time)
-			add_event(&fd_timeout_cbs, s->id, s);
+			add_event(mf, &fd_timeout_cbs, s->id, s);
 	}
 	/* this is in case the timeout callback deletes the event
 	   and thus messes with the iteration */
 	HASH_ITER(hh, fd_timeout_cbs, s, tmp) {
 		int fd = s->id;
 		getdns_eventloop_event* event = s->event;
-		delete_event(&fd_timeout_cbs, s);
+		delete_event(mf, &fd_timeout_cbs, s);
 		poll_timeout_cb(fd, event);
 	}
 	HASH_ITER(hh, poll_loop->timeout_events, s, tmp) {
 		if (s->event &&
 		    s->event->timeout_cb &&
 		    now > s->timeout_time)
-			add_event(&timeout_timeout_cbs, s->id, s);
+			add_event(mf, &timeout_timeout_cbs, s->id, s);
 	}
 	/* this is in case the timeout callback deletes the event
 	   and thus messes with the iteration */
 	HASH_ITER(hh, timeout_timeout_cbs, s, tmp) {
 		getdns_eventloop_event* event = s->event;
-		delete_event(&timeout_timeout_cbs, s);
+		delete_event(mf, &timeout_timeout_cbs, s);
 		poll_timeout_cb(-1, event);
 	}
 
diff --git a/src/extension/poll_eventloop.h b/src/extension/poll_eventloop.h
index 0c06aa4c..aef3a57d 100644
--- a/src/extension/poll_eventloop.h
+++ b/src/extension/poll_eventloop.h
@@ -34,6 +34,10 @@
 #include "config.h"
 #include "getdns/getdns.h"
 #include "getdns/getdns_extra.h"
+#include "types-internal.h"
+
+#define uthash_malloc(sz) ((void *)GETDNS_XMALLOC(*mf, unsigned char, sz))
+#define uthash_free(ptr,sz) GETDNS_FREE(*mf, ptr)
 #include "util/uthash.h"
 
 /* Eventloop based on poll */
@@ -47,6 +51,7 @@ typedef struct _getdns_eventloop_info {
 
 typedef struct _getdns_poll_eventloop {
 	getdns_eventloop        loop;
+	struct mem_funcs        mf;
 	unsigned int		max_fds;
 	unsigned int		timeout_id;
 	_getdns_eventloop_info  *fd_events;

From 6d3e0c7ca215b867a6d6662aa9d720e819c3953d Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Tue, 14 Feb 2017 11:30:29 -1000
Subject: [PATCH 122/249] Rewrote the continuous query organization to use the
 LRU cache instead of an RB tree.

---
 src/context.h        |   1 -
 src/mdns.c           | 615 +++++--------------------------------------
 src/mdns.h           |   2 +
 src/types-internal.h |   5 +-
 4 files changed, 74 insertions(+), 549 deletions(-)

diff --git a/src/context.h b/src/context.h
index 2267c06e..69eb4d21 100644
--- a/src/context.h
+++ b/src/context.h
@@ -351,7 +351,6 @@ struct getdns_context {
 	int mdns_connection_nb; /* typically 0 or 2 for IPv4 and IPv6 */
 	struct mdns_network_connection * mdns_connection;
 	struct lruhash * mdns_cache;
-	_getdns_rbtree_t mdns_continuous_queries_by_name_rrtype;
 
 #endif /* HAVE_MDNS_SUPPORT */
 }; /* getdns_context */
diff --git a/src/mdns.c b/src/mdns.c
index f21bea38..eec9c740 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -263,9 +263,32 @@ static void msdn_cache_delkey(void* vkey, void* vcontext)
 	GETDNS_FREE(((struct getdns_context *) vcontext)->mf, vkey);
 }
 
-/** old data is deleted. This function is called: func(data, userarg). */
+/** old data is deleted. This function is called: func(data, userarg). 
+ * Since we use the hash table for both data and requests, need to
+ * terminate whatever request was ongoing. TODO: we should have some smarts
+ * in cache management and never drop cached entries with active requests.
+ */
 static void msdn_cache_deldata(void* vdata, void* vcontext)
 {
+	/* need to terminate the pending queries? */
+	getdns_mdns_cached_record_header* header = ((getdns_mdns_cached_record_header*)vdata);
+
+	while (header->netreq_first)
+	{
+		/* Need to unchain the request from that entry */
+		getdns_network_req* netreq = header->netreq_first;
+		header->netreq_first = netreq->mdns_netreq_next;
+		netreq->mdns_netreq_next = NULL;
+
+		/* TODO: treating as a timeout for now, may consider treating as error */
+		netreq->debug_end_time = _getdns_get_time_as_uintt64();
+		netreq->state = NET_REQ_TIMED_OUT;
+		if (netreq->owner->user_callback) {
+			(void)_getdns_context_request_timed_out(netreq->owner);
+		}
+		_getdns_check_dns_req_complete(netreq->owner);
+
+	}
 	GETDNS_FREE(((struct getdns_context *) vcontext)->mf, vdata);
 }
 
@@ -309,7 +332,7 @@ static uint8_t * mdns_cache_create_data(
 {
 	getdns_mdns_cached_record_header * header;
 	int current_index;
-	size_t data_size = sizeof(getdns_mdns_cached_record_header) + name_len + 4;
+	size_t data_size = sizeof(getdns_mdns_cached_record_header) + 12 + name_len + 4;
 	size_t alloc_size = mdns_util_suggest_size(data_size + record_data_len + 2 + 2 + 2 + 4 + 2);
 
 	uint8_t* data = GETDNS_XMALLOC(context->mf, uint8_t, alloc_size);
@@ -320,7 +343,10 @@ static uint8_t * mdns_cache_create_data(
 		header->insertion_microsec = current_time;
 		header->content_len = data_size;
 		header->allocated_length = alloc_size;
+		header->netreq_first = NULL;
 		current_index = sizeof(getdns_mdns_cached_record_header);
+		memset(data + current_index, 0, 12);
+		current_index += 12;
 		memcpy(data + current_index, name, name_len);
 		current_index += name_len;
 		data[current_index++] = (uint8_t)(record_type >> 8);
@@ -553,6 +579,7 @@ mdns_propose_entry_to_cache(
 	uint8_t * name, int name_len,
 	int record_type, int record_class, int ttl,
 	uint8_t * record_data, int record_data_len,
+	getdns_network_req * netreq,
 	uint64_t current_time)
 {
 	int ret = 0;
@@ -561,6 +588,7 @@ mdns_propose_entry_to_cache(
 	hashvalue_type hash;
 	struct lruhash_entry *entry, *new_entry;
 	uint8_t *key, *data;
+	getdns_mdns_cached_record_header * header;
 
 	msdn_cache_create_key_in_buffer(temp_key, name, name_len, record_type, record_class);
 
@@ -621,10 +649,19 @@ mdns_propose_entry_to_cache(
 
 	if (entry != NULL)
 	{
-		ret = mdns_update_cache_ttl_and_prune(context,
-			(uint8_t*)entry->data, &data,
-			record_type, record_class, ttl, record_data, record_data_len,
-			current_time);
+		if (record_data != NULL && record_data_len > 0)
+			ret = mdns_update_cache_ttl_and_prune(context,
+				(uint8_t*)entry->data, &data,
+				record_type, record_class, ttl, record_data, record_data_len,
+				current_time);
+
+		if (netreq != NULL)
+		{
+			/* chain the continuous request to the cache line */
+			header = (getdns_mdns_cached_record_header *) entry->data;
+			netreq->mdns_netreq_next = header->netreq_first;
+			header->netreq_first = netreq;
+		}
 
 		/* then, unlock the entry */
 		lock_rw_unlock(entry->lock);
@@ -635,482 +672,6 @@ mdns_propose_entry_to_cache(
 	return ret;
 }
 
-#if 0
-/*
- * Add record function for the MDNS record cache.
- */
-static int
-mdns_add_record_to_cache(struct getdns_context *context,
-	uint8_t * name, int name_len,
-	int record_type, int record_class, int ttl,
-	uint8_t * record_data, int record_data_len)
-{
-	int ret = 0;
-
-	/* First, format a key */
-
-	/* Next, get the record from the LRU cache */
-
-	/* If there is no record, need to create one */
-
-	/* Else, just do  simple update */
-
-	return ret;
-}
-
-
-/*
-* MDNS cache management.
-*
-* This is provisional, until we can get a proper cache by reusing the outbound code.
-*
-* The cache is a collection of getdns_mdns_known_record structures, each holding
-* one record: name, type, class, ttl, rdata length and rdata, plus a 64 bit time stamp.
-* The collection is organized as an RB tree. The comparison function in mdns_cmp_known_records
-* is somewhat arbitrary: compare by numeric fields class, type, name length, and
-* record length first, then by name value, and then by record value.
-*
-* When a message is received, it will be parsed, and each valid record in the
-* ANSWER, AUTH or additional section will be added to the cache. If there is already
-* a matching record, only the TTL and time stamp will be updated. If the new TTL is zero,
-* the matching record will be removed from the cache.
-*
-* When a request is first presented, we will try  to solve it from the cache. If there
-* is response present, we will format a reply containing all the matching records, with
-* an updated TTL. If the updated TTL is negative, the record will be deleted from the
-* cache and will not be added to the query.
-*
-* For continuing requests, we may need to send queries with the list of known answers.
-* These will be extracted from the cache.
-*
-* We may want to periodically check all the records in the cache and remove all those
-* that have expired. This could be treated as a garbage collection task.
-*
-* The cache is emptied and deleted upon context deletion.
-*
-* In a multithreaded environment, we will assume that whoever accesses the cache holds a
-* on the context. This is not ideal, but fine grain locks can lead to all kinds of
-* synchronization issues.
-*/
-
-/*
- * Compare function for the getdns_mdns_known_record type,
- * used in the red-black tree of known records per query.
- */
-
-static int mdns_cmp_known_records(const void * nkr1, const void * nkr2)
-{
-	int ret = 0;
-	getdns_mdns_known_record * kr1 = (getdns_mdns_known_record *)nkr1;
-	getdns_mdns_known_record * kr2 = (getdns_mdns_known_record *)nkr2;
-
-	if (kr1->record_class != kr2->record_class)
-	{
-		ret = (kr1->record_class < kr2->record_class) ? -1 : 1;
-	}
-	else if (kr1->record_type != kr2->record_type)
-	{
-		ret = (kr1->record_type < kr2->record_type) ? -1 : 1;
-	}
-	else if (kr1->name_len != kr2->name_len)
-	{
-		ret = (kr1->name_len < kr2->name_len) ? -1 : 1;
-	}
-	else if (kr1->record_data_len != kr2->record_data_len)
-	{
-		ret = (kr1->record_data_len < kr2->record_data_len) ? -1 : 1;
-	}
-	else if ((ret = memcmp((void*)kr1->name, (void*)kr2->name, kr2->name_len)) == 0)
-	{
-		ret = memcmp((const void*)kr1->record_data, (const void*)kr2->record_data, kr1->record_data_len);
-	}
-
-	return ret;
-}
-
-/*
- * Add record function for the MDNS record cache.
- */
-static int 
-mdns_add_known_record_to_cache(
-struct getdns_context *context,
-	uint8_t * name, int name_len,
-	int record_type, int record_class, int ttl,
-	uint8_t * record_data, int record_data_len)
-{
-	int ret = 0;
-	getdns_mdns_known_record temp, *record, *inserted_record;
-	size_t required_memory = 0;
-	_getdns_rbnode_t * node_found, *to_delete;
-
-	temp.name = name;
-	temp.name_len = name_len;
-	temp.record_class = record_class;
-	temp.record_type = record_type;
-	temp.record_data = record_data;
-	temp.record_data_len = record_data_len;
-
-
-	if (ttl == 0)
-	{
-		to_delete = _getdns_rbtree_delete(
-			&context->mdns_known_records_by_value, &temp);
-
-		if (to_delete != NULL)
-		{
-			GETDNS_FREE(context->mf, to_delete->key);
-		}
-	}
-	else
-	{
-		node_found = _getdns_rbtree_search(&context->mdns_known_records_by_value, &temp);
-
-		if (node_found != NULL)
-		{
-			record = (getdns_mdns_known_record *)node_found->key;
-			record->ttl = ttl;
-			record->insertion_microsec = _getdns_get_time_as_uintt64();
-		}
-		else
-		{
-			required_memory = sizeof(getdns_mdns_known_record) + name_len + record_data_len;
-
-			record = (getdns_mdns_known_record *)
-				GETDNS_XMALLOC(context->mf, uint8_t, required_memory);
-
-			if (record == NULL)
-			{
-				ret = GETDNS_RETURN_MEMORY_ERROR;
-			}
-			else
-			{
-				record->node.parent = NULL;
-				record->node.left = NULL;
-				record->node.right = NULL;
-				record->node.key = (void*)record;
-				record->record_class = temp.record_class;
-				record->name = ((uint8_t*)record) + sizeof(getdns_mdns_known_record);
-				record->name_len = name_len;
-				record->record_class = record_class;
-				record->record_type = record_type;
-				record->record_data = record->name + name_len;
-				record->record_data_len = record_data_len;
-				record->insertion_microsec = _getdns_get_time_as_uintt64();
-
-				memcpy(record->name, name, name_len);
-				memcpy(record->record_data, record_data, record_data_len);
-
-				inserted_record = (getdns_mdns_known_record *)
-					_getdns_rbtree_insert(&context->mdns_known_records_by_value,
-						&record->node);
-				if (inserted_record == NULL)
-				{
-					/* Weird. This can only happen in a race condition */
-					GETDNS_FREE(context->mf, record);
-					ret = GETDNS_RETURN_GENERIC_ERROR;
-				}
-			}
-		}
-	}
-
-	return ret;
-}
-
-/*
- * Get the position of the first matching record in the cache
- */
-static _getdns_rbnode_t *
-mdns_get_first_record_from_cache(
-struct getdns_context *context,
-	uint8_t * name, int name_len,
-	int record_type, int record_class,
-	getdns_mdns_known_record* next_key)
-{
-	/* First, get a search key */
-	getdns_mdns_known_record temp;
-	_getdns_rbnode_t *next_node;
-
-	if (next_key == NULL)
-	{
-		temp.name = name;
-		temp.name_len = name_len;
-		temp.record_class = record_class;
-		temp.record_type = record_type;
-		temp.record_data = name;
-		temp.record_data_len = 0;
-
-		next_key = &temp;
-	}
-
-	/*
-	 * Find the starting point
-	 */
-	if (!_getdns_rbtree_find_less_equal(
-		&context->mdns_known_records_by_value,
-		next_key,
-		&next_node))
-	{
-		/*
-		* The key was not an exact match. Need to find the first node larger
-		* than the key.
-		*/
-		if (next_node == NULL)
-		{
-			/*
-			* The key was smallest than the smallest key in the tree, or the tree is empty
-			*/
-			next_node = _getdns_rbtree_first(&context->mdns_known_records_by_value);
-		}
-		else
-		{
-			/*
-			* Search retrurned a key smaller than target, so we pick the next one.
-			*/
-			next_node = _getdns_rbtree_next(next_node);
-		}
-	}
-
-	/*
-	 * At this point, we do not check that this is the right node
-	 */
-
-	return next_node;
-}
-
-/*
- * Count the number of records for this name and type, purging those that have expired.
- * Return the first valid node in the set, or NULL if there are no such nodes.
- */
-static _getdns_rbnode_t *
-mdns_count_and_purge_record_from_cache(
-	struct getdns_context *context,
-	uint8_t * name, int name_len,
-	int record_type, int record_class,
-	_getdns_rbnode_t* next_node,
-	uint64_t current_time_microsec,
-	int *nb_records, int *total_content)
-{
-	int current_record = 0;
-	int record_length_sum = 0;
-	int valid_ttl = 0;
-	getdns_mdns_known_record *next_key;
-	_getdns_rbnode_t *first_valid_node = NULL, *old_node = NULL;
-
-	while (next_node)
-	{
-		next_key = (getdns_mdns_known_record *)next_node->key;
-		if (next_key->name_len != name_len ||
-			next_key->record_class != record_class ||
-			next_key->record_type != record_type ||
-			memcmp(next_key->name, name, name_len) != 0)
-		{
-			next_node = NULL;
-			next_key = NULL;
-			break;
-		}
-
-		old_node = next_node;
-		next_node = _getdns_rbtree_next(next_node);
-
-		if (next_key->insertion_microsec + (((uint64_t)next_key->ttl) << 20) >=
-			current_time_microsec)
-		{
-			current_record++;
-			record_length_sum += next_key->record_data_len;
-
-			if (first_valid_node == NULL)
-			{
-				first_valid_node = old_node;
-			}
-		}
-		else
-		{
-			_getdns_rbnode_t * deleted = _getdns_rbtree_delete(
-				&context->mdns_known_records_by_value, next_key);
-
-			if (deleted != NULL)
-			{
-				GETDNS_FREE(context->mf, next_key);
-			}
-		}
-	}
-
-	*nb_records = current_record;
-	*total_content = record_length_sum;
-
-	return first_valid_node;
-}
-
-/*
- * Fill a response buffer with the records present in the set,
- * up to a limit
- */
-_getdns_rbnode_t *
-mdns_fill_response_buffer_from_cache(
-struct getdns_context *context,
-	uint8_t * name, int name_len,
-	int record_type, int record_class,
-	uint8_t * response, int* response_len, int response_len_max,
-	int * nb_records,
-	_getdns_rbnode_t* next_node,
-	uint64_t current_time_microsec,
-	int name_offset
-	)
-{
-	int current_length = 0;
-	getdns_mdns_known_record * next_key;
-	int64_t ttl_64;
-	int32_t current_ttl;
-	int current_record = 0;
-	int coding_length;
-	int name_coding_length = (name_offset < 0) ? name_len : 2;
-
-	while (next_node)
-	{
-		next_key = (getdns_mdns_known_record *)next_node->key;
-		if (next_key->name_len != name_len ||
-			next_key->record_class != record_class ||
-			next_key->record_type != record_type ||
-			memcmp(next_key->name, name, name_len) != 0)
-		{
-			next_node = NULL;
-			next_key = NULL;
-			break;
-		}
-
-		/*
-		 * Compute the required size.
-		 */
-		coding_length = name_len + name_coding_length + 2 + 4 + 2 + next_key->record_data_len;
-
-		if (current_length + coding_length > response_len_max)
-		{
-			break;
-		}
-
-		/*
-		 * encode the record with the updated TTL
-		 */
-
-		ttl_64 = current_time_microsec - next_key->insertion_microsec;
-		ttl_64 += (((uint64_t)next_key->ttl) << 20);
-
-		if (ttl_64 > 0)
-		{
-			current_ttl = max(ttl_64 >> 20, 1);
-		}
-		else
-		{
-			current_ttl = 1;
-		}
-
-		if (name_offset >= 0)
-		{
-			/* Perform name compression, per DNS spec */
-			response[current_length++] = (uint8_t)((0xC0 | (name_offset >> 8)) & 0xFF);
-			response[current_length++] = (uint8_t)(name_offset & 0xFF);
-		}
-		else
-		{
-			memcpy(response + current_length, name, name_len);
-			current_length += name_len;
-		}
-		response[current_length++] = (uint8_t)((record_type >> 8) & 0xFF);
-		response[current_length++] = (uint8_t)((record_type)& 0xFF);
-		response[current_length++] = (uint8_t)((record_class >> 8) & 0xFF);
-		response[current_length++] = (uint8_t)((record_class)& 0xFF);
-		response[current_length++] = (uint8_t)((current_ttl >> 24) & 0xFF);
-		response[current_length++] = (uint8_t)((current_ttl >> 16) & 0xFF);
-		response[current_length++] = (uint8_t)((current_ttl >> 8) & 0xFF);
-		response[current_length++] = (uint8_t)((current_ttl)& 0xFF);
-		response[current_length++] = (uint8_t)((next_key->record_data_len >> 8) & 0xFF);
-		response[current_length++] = (uint8_t)((next_key->record_data_len)& 0xFF);
-		memcpy(response + current_length, next_key->record_data, next_key->record_data_len);
-		current_length += next_key->record_data_len;
-
-		/*
-		 * continue with the next node
-		 */
-		current_record++;
-		next_node = _getdns_rbtree_next(next_node);
-	}
-
-	*response_len = current_length;
-	*nb_records = current_record;
-
-	return next_node;
-}
-
-/*
- * Compose a response from the MDNS record cache.
- */
-static int
-mdns_compose_response_from_cache(
-	struct getdns_context *context,
-	uint8_t * name, int name_len,
-	int record_type, int record_class,
-	uint8_t ** response, int* response_len, int response_len_max,
-	int query_id,
-	getdns_mdns_known_record** next_key)
-{
-	int ret = 0;
-	/* First, get a search key */
-	int nb_records = 0;
-	int total_content = 0;
-	int total_length = 0;
-	uint64_t current_time = _getdns_get_time_as_uintt64();
-
-	_getdns_rbnode_t * first_node = mdns_get_first_record_from_cache(
-		context, name, name_len, record_type, record_class, *next_key);
-	/* Purge the expired records and compute the desired length */
-	first_node = mdns_count_and_purge_record_from_cache(
-		context, name, name_len, record_type, record_class, first_node, current_time,
-		&nb_records, &total_content);
-
-	/* todo: check whether encoding an empty message is OK */
-	/* todo: check whether something special is needed for continuation records */
-
-	/* Allocate the required memory */
-	total_length = 12 /* DNS header */
-		+ name_len + 4 /* Query */
-		+ total_content + (2 + 2 + 2 + 4 + 2)*nb_records /* answers */;
-	/* TODO: do we need EDNS encoding? */
-
-	if (response_len_max == 0)
-	{
-		/* setting this parameter to zero indicates that a full buffer allocation is desired */
-		{
-			if (*response == NULL)
-			{
-				*response = GETDNS_XMALLOC(context->mf, uint8_t, total_length);
-			}
-			else
-			{
-				*response = GETDNS_XREALLOC(context->mf, *response, uint8_t, total_length);
-			}
-
-			if (*response == NULL)
-			{
-				ret = GETDNS_RETURN_MEMORY_ERROR;
-			}
-			else
-			{
-				response_len_max = total_length;
-			}
-		}
-	}
-	if (ret == 0)
-	{
-
-		/*
-		 * Now, proceed with the encoding
-		 */
-	}
-}
-#endif /* if 0, remove the RB based cache code */
-
-
-
 /*
  * Compare function for the mdns_continuous_query_by_name_rrtype,
  * used in the red-black tree of all ongoing queries.
@@ -1344,7 +905,7 @@ static getdns_return_t mdns_delayed_network_init(struct getdns_context *context)
 
 	if (context->mdns_extended_support == 2)
 	{
-		context->mdns_cache = lruhash_create(100, 1000,
+		context->mdns_cache = lruhash_create(128, 10000000,
 			mdns_cache_entry_size, mdns_cache_key_comp,
 			msdn_cache_delkey, msdn_cache_deldata,
 			context);
@@ -1435,64 +996,12 @@ static getdns_return_t mdns_delayed_network_init(struct getdns_context *context)
 static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *netreq)
 {
 	int ret = 0;
-	getdns_mdns_continuous_query temp_query, *continuous_query, *inserted_query;
 	getdns_dns_req *dnsreq = netreq->owner;
 	struct getdns_context *context = dnsreq->context;
-	_getdns_rbnode_t * node_found;
 
-	/*
-	 * Fill the target request, but only initialize name and request_type
-	 */
-	temp_query.request_class = dnsreq->request_class;
-	temp_query.request_type = netreq->request_type;
-	temp_query.name_len = dnsreq->name_len;
-	/* TODO: check that dnsreq is in canonical form */
-	memcpy(temp_query.name, dnsreq->name, dnsreq->name_len);
-	/*
-	 * Check whether the continuous query is already in the RB tree.
-	 * if there is not, create one.
-	 * TODO: should lock the context object when doing that.
-	 */
-	node_found = _getdns_rbtree_search(&context->mdns_continuous_queries_by_name_rrtype, &temp_query);
-
-	if (node_found != NULL)
-	{
-		continuous_query = (getdns_mdns_continuous_query *)node_found->key;
-	}
-	else
-	{
-		continuous_query = (getdns_mdns_continuous_query *)
-			GETDNS_MALLOC(context->mf, getdns_mdns_continuous_query);
-		if (continuous_query != NULL)
-		{
-			continuous_query->node.parent = NULL;
-			continuous_query->node.left = NULL;
-			continuous_query->node.right = NULL;
-			continuous_query->node.key = (void*)continuous_query;
-			continuous_query->request_class = temp_query.request_class;
-			continuous_query->request_type = temp_query.request_type;
-			continuous_query->name_len = temp_query.name_len;
-			memcpy(continuous_query->name, temp_query.name, temp_query.name_len);
-			continuous_query->netreq_first = NULL;
-			/* Add the new continuous query to the context */
-			inserted_query = (getdns_mdns_continuous_query *)
-				_getdns_rbtree_insert(&context->mdns_continuous_queries_by_name_rrtype,
-				&continuous_query->node);
-			if (inserted_query == NULL)
-			{
-				/* Weird. This can only happen in a race condition */
-				GETDNS_FREE(context->mf, &continuous_query);
-				ret = GETDNS_RETURN_GENERIC_ERROR;
-			}
-		}
-		else
-		{
-			ret = GETDNS_RETURN_MEMORY_ERROR;
-		}
-	}
-	/* insert netreq into query list */
-	netreq->mdns_netreq_next = continuous_query->netreq_first;
-	continuous_query->netreq_first = netreq;
+	ret = mdns_propose_entry_to_cache(context, dnsreq->name, dnsreq->name_len,
+		netreq->request_type, dnsreq->request_class, 1, NULL, 0,
+		netreq, _getdns_get_time_as_uintt64());
 
 	/* to do: queue message request to socket */
 
@@ -1508,8 +1017,6 @@ void _getdns_mdns_context_init(struct getdns_context *context)
 	context->mdns_connection = NULL;
 	context->mdns_connection_nb = 0;
 	context->mdns_cache = NULL;
-	_getdns_rbtree_init(&context->mdns_continuous_queries_by_name_rrtype
-		, mdns_cmp_continuous_queries_by_name_rrtype);
 }
 
 /*
@@ -1517,11 +1024,31 @@ void _getdns_mdns_context_init(struct getdns_context *context)
  */
 void _getdns_mdns_context_destroy(struct getdns_context *context)
 {
-	/* Close the sockets */
+	/* Clear all the cached records. This will terminate all pending network requests */
+	if (context->mdns_cache != NULL)
+	{
+		lruhash_delete(context->mdns_cache);
+		context->mdns_cache = NULL;
+	}
+	/* Close the connections */
+	if (context->mdns_connection != NULL)
+	{
+		for (int i = 0; i < context->mdns_connection_nb; i++)
+		{
+			/* suppress the receive event */
+			GETDNS_CLEAR_EVENT(context->extension, &context->mdns_connection[i].event);
+			/* close the socket */
+#ifdef USE_WINSOCK
+			closesocket(context->mdns_connection[i].fd);
+#else
+			close(context->mdns_connection[i].fd);
+#endif
+		}
 
-	/* Clear all the continuous queries */
-
-	/* Clear all the cached records */
+		GETDNS_FREE(context->mf, context->mdns_connection);
+		context->mdns_connection = NULL;
+		context->mdns_connection_nb = 0;
+	}
 }
 
 /* TODO: actualy delete what is required.. */
diff --git a/src/mdns.h b/src/mdns.h
index d5cc9f79..9642bde1 100644
--- a/src/mdns.h
+++ b/src/mdns.h
@@ -72,6 +72,8 @@ typedef struct getdns_mdns_cached_record_header
 	uint64_t insertion_microsec;
 	uint32_t content_len;
 	uint32_t allocated_length;
+	/* list of user queries */
+	getdns_network_req *netreq_first;
 } getdns_mdns_cached_record_header;
 
 typedef struct getdns_mdns_continuous_query
diff --git a/src/types-internal.h b/src/types-internal.h
index 162762e4..8f3e7ce2 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -192,12 +192,9 @@ typedef struct getdns_network_req
 	_getdns_rbnode_t node;
 #ifdef HAVE_MDNS_SUPPORT
 	/*
-	 * for storage in continuous query context. We never
-	 * expect much more than one query per msdn context,
-	 * so no need for RB Tree.
+	 * for storage of continuous query context in hash table of cached results. 
 	 */
 	struct getdns_network_req * mdns_netreq_next;
-	struct getdns_mdns_continuous_query * mdns_continuous_query;
 #endif /* HAVE_MDNS_SUPPORT */
 	/* the async_id from unbound */
 	int unbound_id;

From 7484b8c37b0ca4cb14efc04b5025172abf601f65 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 15 Feb 2017 10:22:41 +0100
Subject: [PATCH 123/249] Initialize default eventloop with custom mem funcs

---
 src/Makefile.in                  | 92 +++++++++++++++++++-------------
 src/context.c                    |  6 +--
 src/extension/poll_eventloop.c   |  3 +-
 src/extension/poll_eventloop.h   |  2 +-
 src/extension/select_eventloop.c |  4 +-
 src/extension/select_eventloop.h |  2 +-
 6 files changed, 63 insertions(+), 46 deletions(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index 94f1500b..77297c42 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -220,85 +220,97 @@ const-info.lo const-info.o: $(srcdir)/const-info.c getdns/getdns.h getdns/getdns
 context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
  $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h \
  getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
- $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h \
- $(srcdir)/pubkey-pinning.h
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
 convert.lo convert.o: $(srcdir)/convert.c config.h getdns/getdns.h getdns/getdns_extra.h \
  getdns/getdns.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
- $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
+ $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
  $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h \
  $(srcdir)/const-info.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
 dict.lo dict.o: $(srcdir)/dict.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
  getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h
+ $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h \
+ $(srcdir)/gldns/wire2str.h
 dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h $(srcdir)/debug.h getdns/getdns.h $(srcdir)/context.h \
  getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
- $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h \
- $(srcdir)/list.h $(srcdir)/util/val_secalgo.h
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h \
+ $(srcdir)/util/val_secalgo.h
 general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/general.h getdns/getdns.h $(srcdir)/types-internal.h \
  getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
  $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- getdns/getdns_extra.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/util/uthash.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h \
  $(srcdir)/mdns.h
 list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
  getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h config.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
- $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/list.h $(srcdir)/dict.h
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
+ $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h \
+ $(srcdir)/dict.h
 mdns.lo mdns.o: $(srcdir)/mdns.c config.h $(srcdir)/debug.h $(srcdir)/context.h getdns/getdns.h \
  getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
- $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/mdns.h
 pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c config.h $(srcdir)/debug.h getdns/getdns.h \
  $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
  $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- getdns/getdns_extra.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
 request-internal.lo request-internal.o: $(srcdir)/request-internal.c config.h $(srcdir)/types-internal.h \
  getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- getdns/getdns_extra.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h \
  $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h $(srcdir)/convert.h
 rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h config.h getdns/getdns.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/util-internal.h $(srcdir)/context.h getdns/getdns_extra.h getdns/getdns.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- getdns/getdns_extra.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
 rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h config.h getdns/getdns.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
 server.lo server.o: $(srcdir)/server.c config.h getdns/getdns_extra.h getdns/getdns.h \
  $(srcdir)/context.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
- $(srcdir)/debug.h $(srcdir)/server.h
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
+ $(srcdir)/server.h
 stub.lo stub.o: $(srcdir)/stub.c config.h $(srcdir)/debug.h $(srcdir)/stub.h getdns/getdns.h $(srcdir)/types-internal.h \
  getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
  $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
- $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
 sync.lo sync.o: $(srcdir)/sync.c getdns/getdns.h config.h $(srcdir)/context.h getdns/getdns_extra.h \
  getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h getdns/getdns_extra.h $(srcdir)/ub_loop.h \
- $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
- $(srcdir)/gldns/wire2str.h
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
+ $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
 ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h config.h getdns/getdns.h \
  getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
  $(srcdir)/debug.h
 util-internal.lo util-internal.o: $(srcdir)/util-internal.c config.h getdns/getdns.h $(srcdir)/dict.h \
  $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h getdns/getdns_extra.h getdns/getdns.h \
  $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- getdns/getdns_extra.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h \
  $(srcdir)/gldns/rrdef.h
 version.lo version.o: version.c
@@ -331,10 +343,6 @@ rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcd
 val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/log.h \
  $(srcdir)/debug.h config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/gbuffer.h
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
-default_eventloop.lo default_eventloop.o: $(srcdir)/extension/default_eventloop.c config.h \
- $(srcdir)/extension/default_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/debug.h config.h $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h
 libev.lo libev.o: $(srcdir)/extension/libev.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
  getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
  $(srcdir)/getdns/getdns_ext_libev.h getdns/getdns_extra.h
@@ -344,3 +352,11 @@ libevent.lo libevent.o: $(srcdir)/extension/libevent.c config.h $(srcdir)/types-
 libuv.lo libuv.o: $(srcdir)/extension/libuv.c config.h $(srcdir)/debug.h config.h $(srcdir)/types-internal.h \
  getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
  $(srcdir)/getdns/getdns_ext_libuv.h getdns/getdns_extra.h
+poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/uthash.h $(srcdir)/debug.h config.h
+select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c config.h \
+ $(srcdir)/extension/select_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/debug.h config.h $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h
diff --git a/src/context.c b/src/context.c
index c4f5d0f7..7dab4ecf 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1388,8 +1388,8 @@ getdns_context_create_with_extended_memory_functions(
 	result->tls_ctx = NULL;
 
 	result->extension = &result->default_eventloop.loop;
-	_getdns_default_eventloop_init(&result->default_eventloop);
-	_getdns_default_eventloop_init(&result->sync_eventloop);
+	_getdns_default_eventloop_init(&result->mf, &result->default_eventloop);
+	_getdns_default_eventloop_init(&result->mf, &result->sync_eventloop);
 
 	/* request extension defaults
 	 */
@@ -3403,7 +3403,7 @@ getdns_context_detach_eventloop(struct getdns_context* context)
 	cancel_outstanding_requests(context, 1);
 	context->extension->vmt->cleanup(context->extension);
 	context->extension = &context->default_eventloop.loop;
-	_getdns_default_eventloop_init(&context->default_eventloop);
+	_getdns_default_eventloop_init(&context->mf, &context->default_eventloop);
 #ifdef HAVE_UNBOUND_EVENT_API
 	if (_getdns_ub_loop_enabled(&context->ub_loop))
 		context->ub_loop.extension = context->extension;
diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index 17e51552..b5c95c85 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -391,7 +391,7 @@ poll_eventloop_run(getdns_eventloop *loop)
 }
 
 void
-_getdns_poll_eventloop_init(_getdns_poll_eventloop *loop)
+_getdns_poll_eventloop_init(struct mem_funcs *mf, _getdns_poll_eventloop *loop)
 {
 #ifdef HAVE_GETRLIMIT
 	struct rlimit rl;
@@ -406,6 +406,7 @@ _getdns_poll_eventloop_init(_getdns_poll_eventloop *loop)
 
 	(void) memset(loop, 0, sizeof(_getdns_poll_eventloop));
 	loop->loop.vmt = &poll_eventloop_vmt;
+	loop->mf = *mf;
 
 #ifdef HAVE_GETRLIMIT
 	if (getrlimit(RLIMIT_NOFILE, &rl) == 0) {
diff --git a/src/extension/poll_eventloop.h b/src/extension/poll_eventloop.h
index aef3a57d..9c58b042 100644
--- a/src/extension/poll_eventloop.h
+++ b/src/extension/poll_eventloop.h
@@ -59,7 +59,7 @@ typedef struct _getdns_poll_eventloop {
 } _getdns_poll_eventloop;
 
 void
-_getdns_poll_eventloop_init(_getdns_poll_eventloop *loop);
+_getdns_poll_eventloop_init(struct mem_funcs *mf, _getdns_poll_eventloop *loop);
 
 #endif
 
diff --git a/src/extension/select_eventloop.c b/src/extension/select_eventloop.c
index 35aa64b7..1b889fc1 100644
--- a/src/extension/select_eventloop.c
+++ b/src/extension/select_eventloop.c
@@ -285,7 +285,7 @@ select_eventloop_run(getdns_eventloop *loop)
 }
 
 void
-_getdns_select_eventloop_init(_getdns_select_eventloop *loop)
+_getdns_select_eventloop_init(struct mem_funcs *mf, _getdns_select_eventloop *loop)
 {
 	static getdns_eventloop_vmt select_eventloop_vmt = {
 		select_eventloop_cleanup,
@@ -294,7 +294,7 @@ _getdns_select_eventloop_init(_getdns_select_eventloop *loop)
 		select_eventloop_run,
 		select_eventloop_run_once
 	};
-
+	(void) mf;
 	(void) memset(loop, 0, sizeof(_getdns_select_eventloop));
 	loop->loop.vmt = &select_eventloop_vmt;
 }
diff --git a/src/extension/select_eventloop.h b/src/extension/select_eventloop.h
index 40dfb549..e830a2ac 100644
--- a/src/extension/select_eventloop.h
+++ b/src/extension/select_eventloop.h
@@ -53,6 +53,6 @@ typedef struct _getdns_select_eventloop {
 
 
 void
-_getdns_select_eventloop_init(_getdns_select_eventloop *loop);
+_getdns_select_eventloop_init(struct mem_funcs *mf, _getdns_select_eventloop *loop);
 
 #endif

From c936f0c51d38d540583822aee6e918c54d27a623 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 15 Feb 2017 10:56:19 +0100
Subject: [PATCH 124/249] Other allocs and frees with custom mem funcs too

---
 src/extension/poll_eventloop.c | 59 +++++++++++++++++++++++-----------
 src/extension/poll_eventloop.h |  6 ++--
 2 files changed, 45 insertions(+), 20 deletions(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index b5c95c85..d85e254f 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -53,7 +53,8 @@ add_event(struct mem_funcs *mf,
     _getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
 {
 	DEBUG_SCHED("poll_eventloop: add_event with id %d\n", id);
-	_getdns_eventloop_info* myevent = calloc(1, sizeof(_getdns_eventloop_info));
+	_getdns_eventloop_info* myevent = GETDNS_MALLOC(*mf, _getdns_eventloop_info);
+	/* not necessary -- (void) memset(myevent, 0, sizeof(_getdns_eventloop_info)); */
 	myevent->event = ev->event;
 	myevent->id = id;
 	myevent->timeout_time = ev->timeout_time;
@@ -62,11 +63,11 @@ add_event(struct mem_funcs *mf,
 
 static void
 delete_event(struct mem_funcs *mf,
-    _getdns_eventloop_info** events,_getdns_eventloop_info* ev)
+    _getdns_eventloop_info** events, _getdns_eventloop_info* ev)
 {
 	DEBUG_SCHED("poll_eventloop: delete_event with id %d\n", ev->id);
 	HASH_DEL(*events, ev);
-	free(ev);
+	GETDNS_FREE(*mf, ev);
 }
 
 static uint64_t get_now_plus(uint64_t amount)
@@ -221,6 +222,11 @@ poll_eventloop_cleanup(getdns_eventloop *loop)
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 	struct mem_funcs *mf = &poll_loop->mf;
 
+	if (poll_loop->pfds) {
+		GETDNS_FREE(*mf, poll_loop->pfds);
+		poll_loop->pfds = NULL;
+		poll_loop->pfds_capacity = 0;
+	}
 	HASH_CLEAR(hh, poll_loop->fd_events);
 	HASH_CLEAR(hh, poll_loop->timeout_events);
 }
@@ -255,6 +261,17 @@ poll_timeout_cb(int fd, getdns_eventloop_event *event)
 	event->timeout_cb(event->userarg);
 }
 
+static unsigned long up_pow2(unsigned long v)
+{
+	v--;
+	v |= v >>  1;
+	v |= v >>  2;
+	v |= v >>  4;
+	v |= v >>  8;
+	v |= v >> 16;
+	return v + 1;
+}
+
 static void
 poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 {
@@ -264,7 +281,6 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	uint64_t now, timeout = TIMEOUT_FOREVER;
 	size_t   i=0;
 	int poll_timeout = 0;
-	struct pollfd* pfds = NULL;
 	unsigned int num_pfds = 0;
 	_getdns_eventloop_info* timeout_timeout_cbs = NULL;
 	_getdns_eventloop_info* fd_timeout_cbs = NULL;
@@ -287,7 +303,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		delete_event(mf, &timeout_timeout_cbs, s);
 		poll_timeout_cb(-1, event);
 	}
-	// first we count the number of fds that will be active
+	/* first we count the number of fds that will be active */
 	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {
 		if (s->event->read_cb ||
 		    s->event->write_cb)
@@ -299,16 +315,22 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	if ((timeout == TIMEOUT_FOREVER) && (num_pfds == 0))
 		return;
 
-	pfds = calloc(num_pfds, sizeof(struct pollfd));
+	if (num_pfds > poll_loop->pfds_capacity) {
+		poll_loop->pfds_capacity = up_pow2(num_pfds);
+		if (poll_loop->pfds) {
+			poll_loop->pfds = GETDNS_XMALLOC(poll_loop->mf, struct pollfd, poll_loop->pfds_capacity);
+		} else
+			poll_loop->pfds = GETDNS_XREALLOC(poll_loop->mf, poll_loop->pfds, struct pollfd, poll_loop->pfds_capacity);
+	}
 	i = 0;
 	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {
 		if (s->event->read_cb) {
-			pfds[i].fd = s->id;
-			pfds[i].events |= POLLIN;
+			poll_loop->pfds[i].fd = s->id;
+			poll_loop->pfds[i].events |= POLLIN;
 		}	
 		if (s->event->write_cb) {
-			pfds[i].fd = s->id;
-			pfds[i].events |= POLLOUT;
+			poll_loop->pfds[i].fd = s->id;
+			poll_loop->pfds[i].events |= POLLOUT;
 		}
 		i++;
 	}
@@ -322,30 +344,28 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		poll_timeout = (timeout - now) / 1000; /* turn microseconds into milliseconds */
 	}
 #ifdef USE_WINSOCK
-	if (WSAPoll(pfds, num_pfds, poll_timeout) < 0) {
+	if (WSAPoll(poll_loop->pfds, num_pfds, poll_timeout) < 0) {
 #else	
-	if (poll(pfds, num_pfds, poll_timeout) < 0) {
+	if (poll(poll_loop->pfds, num_pfds, poll_timeout) < 0) {
 #endif
 		perror("poll() failed");
 		exit(EXIT_FAILURE);
 	}
 	now = get_now_plus(0);
 	for (i = 0; i < num_pfds; i++) {
-		int fd = pfds[i].fd;
+		int fd = poll_loop->pfds[i].fd;
 		_getdns_eventloop_info* fd_event = find_event(&poll_loop->fd_events, fd);
 		if (fd_event && fd_event->event) { 
 			getdns_eventloop_event* event = fd_event->event;
 			if (event->read_cb &&
-			    (pfds[i].revents & POLLIN))
+			    (poll_loop->pfds[i].revents & POLLIN))
 				poll_read_cb(fd, event);
 
 			if (event->write_cb &&
-			    (pfds[i].revents & POLLOUT))
+			    (poll_loop->pfds[i].revents & POLLOUT))
 				poll_write_cb(fd, event);
 		}
 	}
-	if (pfds)
-		free(pfds);
 	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {
 		if (s->event &&
 		    s->event->timeout_cb &&
@@ -404,7 +424,6 @@ _getdns_poll_eventloop_init(struct mem_funcs *mf, _getdns_poll_eventloop *loop)
 		poll_eventloop_run_once
 	};
 
-	(void) memset(loop, 0, sizeof(_getdns_poll_eventloop));
 	loop->loop.vmt = &poll_eventloop_vmt;
 	loop->mf = *mf;
 
@@ -419,4 +438,8 @@ _getdns_poll_eventloop_init(struct mem_funcs *mf, _getdns_poll_eventloop *loop)
 	}
 #endif
 	loop->timeout_id = 0;
+	loop->pfds = NULL;
+	loop->pfds_capacity = 0;
+	loop->fd_events = NULL;
+	loop->timeout_events = NULL;
 }
diff --git a/src/extension/poll_eventloop.h b/src/extension/poll_eventloop.h
index 9c58b042..8c742e20 100644
--- a/src/extension/poll_eventloop.h
+++ b/src/extension/poll_eventloop.h
@@ -54,8 +54,10 @@ typedef struct _getdns_poll_eventloop {
 	struct mem_funcs        mf;
 	unsigned int		max_fds;
 	unsigned int		timeout_id;
-	_getdns_eventloop_info  *fd_events;
-	_getdns_eventloop_info  *timeout_events;
+	struct pollfd          *pfds;
+	unsigned long           pfds_capacity;
+	_getdns_eventloop_info *fd_events;
+	_getdns_eventloop_info *timeout_events;
 } _getdns_poll_eventloop;
 
 void

From 3e8822e0e23f81dc9a65d3fe675f5a460a48cc42 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 15 Feb 2017 11:43:07 +0100
Subject: [PATCH 125/249] Fix uninitialized data error in valgrind check

---
 src/extension/poll_eventloop.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index d85e254f..1eba706a 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -324,16 +324,18 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	}
 	i = 0;
 	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {
-		if (s->event->read_cb) {
-			poll_loop->pfds[i].fd = s->id;
+		if (!s->event->read_cb && !s->event->write_cb)
+			continue;
+		poll_loop->pfds[i].fd = s->id;
+		poll_loop->pfds[i].events = 0;
+		poll_loop->pfds[i].revents = 0; /* <-- probably not needed */
+		if (s->event->read_cb)
 			poll_loop->pfds[i].events |= POLLIN;
-		}	
-		if (s->event->write_cb) {
-			poll_loop->pfds[i].fd = s->id;
+		if (s->event->write_cb) 
 			poll_loop->pfds[i].events |= POLLOUT;
-		}
 		i++;
 	}
+	assert(i == num_pfds);
 
 	if (timeout == TIMEOUT_FOREVER) {
 		poll_timeout = -1;

From b7c2e53a82f9f49202854fb9fbc75132a7139b5c Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 15 Feb 2017 12:21:29 +0100
Subject: [PATCH 126/249] Off by one problem?

---
 src/extension/poll_eventloop.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index 1eba706a..331e5d4b 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -315,12 +315,16 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	if ((timeout == TIMEOUT_FOREVER) && (num_pfds == 0))
 		return;
 
-	if (num_pfds > poll_loop->pfds_capacity) {
-		poll_loop->pfds_capacity = up_pow2(num_pfds);
+	if (num_pfds >= poll_loop->pfds_capacity) {
+		poll_loop->pfds_capacity = up_pow2(num_pfds + 1);
 		if (poll_loop->pfds) {
 			poll_loop->pfds = GETDNS_XMALLOC(poll_loop->mf, struct pollfd, poll_loop->pfds_capacity);
 		} else
 			poll_loop->pfds = GETDNS_XREALLOC(poll_loop->mf, poll_loop->pfds, struct pollfd, poll_loop->pfds_capacity);
+		if (poll_loop->pfds == 0) {
+			poll_loop->pfds_capacity = 0;
+			return;
+		}
 	}
 	i = 0;
 	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {

From 840ba8c85d29d52b51cf17e83dadf969f559a8ee Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 15 Feb 2017 12:46:48 +0100
Subject: [PATCH 127/249] Reference fixes jsmn

---
 src/jsmn | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/jsmn b/src/jsmn
index 49024a6e..868c22e3 160000
--- a/src/jsmn
+++ b/src/jsmn
@@ -1 +1 @@
-Subproject commit 49024a6e11739c866bce0e9f3617278b98906ad0
+Subproject commit 868c22e35ec223fc26ddefdb9ca83901dc6e2534

From 04f6a2b13b6382575e8351ab7859d611e6946afb Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 15 Feb 2017 12:47:55 +0100
Subject: [PATCH 128/249] Fixed dependencies

---
 spec/example/Makefile.in |  24 ++-
 src/Makefile.in          | 368 ++++++++++++++++++++++++---------------
 src/test/Makefile.in     |  71 +++++---
 src/tools/Makefile.in    |   7 +-
 4 files changed, 298 insertions(+), 172 deletions(-)

diff --git a/spec/example/Makefile.in b/spec/example/Makefile.in
index 7bf5e016..8ff7f2d1 100644
--- a/spec/example/Makefile.in
+++ b/spec/example/Makefile.in
@@ -149,16 +149,24 @@ depend:
 
 # Dependencies for the examples
 example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
-example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h ../../src/config.h \
- ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/getdns/getdns_extra.h
+example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
 example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/getdns/getdns_extra.h
 example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
  ../../src/getdns/getdns.h
-example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h ../../src/config.h \
- ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
diff --git a/src/Makefile.in b/src/Makefile.in
index 77297c42..33a6c946 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -215,148 +215,236 @@ depend:
 FORCE:
 
 # Dependencies for gldns, utils, the extensions and compat functions
-const-info.lo const-info.o: $(srcdir)/const-info.c getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/const-info.h
-context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
- $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
-convert.lo convert.o: $(srcdir)/convert.c config.h getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
- $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h \
- $(srcdir)/const-info.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
-dict.lo dict.o: $(srcdir)/dict.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h \
- $(srcdir)/gldns/wire2str.h
-dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h $(srcdir)/debug.h getdns/getdns.h $(srcdir)/context.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
- $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h \
- $(srcdir)/util/val_secalgo.h
-general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/general.h getdns/getdns.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/util/uthash.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h \
- $(srcdir)/mdns.h
-list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h config.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
- $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h \
- $(srcdir)/dict.h
-mdns.lo mdns.o: $(srcdir)/mdns.c config.h $(srcdir)/debug.h $(srcdir)/context.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
- $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+const-info.lo const-info.o: $(srcdir)/const-info.c \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/const-info.h
+context.lo context.o: $(srcdir)/context.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
+ $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h \
+ $(srcdir)/pubkey-pinning.h
+convert.lo convert.o: $(srcdir)/convert.c \
+ config.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
+ $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
+dict.lo dict.o: $(srcdir)/dict.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
+ $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h
+dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
+ config.h \
+ $(srcdir)/debug.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
+ $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h \
+ $(srcdir)/list.h $(srcdir)/util/val_secalgo.h
+general.lo general.o: $(srcdir)/general.c \
+ config.h \
+ $(srcdir)/general.h \
+ getdns/getdns.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
+ $(srcdir)/dict.h $(srcdir)/mdns.h
+list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h \
+ config.h \
+ $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
+mdns.lo mdns.o: $(srcdir)/mdns.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/context.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
+ $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/mdns.h
-pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c config.h $(srcdir)/debug.h getdns/getdns.h \
- $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
-request-internal.lo request-internal.o: $(srcdir)/request-internal.c config.h $(srcdir)/types-internal.h \
- getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h $(srcdir)/convert.h
-rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h config.h getdns/getdns.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/util-internal.h $(srcdir)/context.h getdns/getdns_extra.h getdns/getdns.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
-rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h config.h getdns/getdns.h \
+pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
+ config.h \
+ $(srcdir)/debug.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
+ $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h
+request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
+ $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h $(srcdir)/convert.h
+rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
+ $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
+rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ config.h \
+ getdns/getdns.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
-server.lo server.o: $(srcdir)/server.c config.h getdns/getdns_extra.h getdns/getdns.h \
- $(srcdir)/context.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
- $(srcdir)/server.h
-stub.lo stub.o: $(srcdir)/stub.c config.h $(srcdir)/debug.h $(srcdir)/stub.h getdns/getdns.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
- $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
-sync.lo sync.o: $(srcdir)/sync.c getdns/getdns.h config.h $(srcdir)/context.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
- $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
-ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h config.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/debug.h
-util-internal.lo util-internal.o: $(srcdir)/util-internal.c config.h getdns/getdns.h $(srcdir)/dict.h \
- $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h getdns/getdns_extra.h getdns/getdns.h \
- $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h \
- $(srcdir)/gldns/rrdef.h
-version.lo version.o: version.c
-gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c config.h $(srcdir)/gldns/gbuffer.h
-keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c config.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
-parse.lo parse.o: $(srcdir)/gldns/parse.c config.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h \
+server.lo server.o: $(srcdir)/server.c \
+ config.h \
+ getdns/getdns_extra.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
+ $(srcdir)/debug.h $(srcdir)/server.h
+stub.lo stub.o: $(srcdir)/stub.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/stub.h \
+ getdns/getdns.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h \
+ $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
+sync.lo sync.o: $(srcdir)/sync.c \
+ getdns/getdns.h \
+ config.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
+ $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
+ $(srcdir)/gldns/wire2str.h
+ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
+ config.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/debug.h
+util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
+ $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
+gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
+ config.h \
  $(srcdir)/gldns/gbuffer.h
-parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c config.h $(srcdir)/gldns/parseutil.h
-rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
-str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c config.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
-wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c config.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/keyraw.h
-arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h
-arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
-arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c config.h
-explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
-getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
-getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h
-getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
+keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
+ config.h \
+ $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
+parse.lo parse.o: $(srcdir)/gldns/parse.c \
+ config.h \
+ $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
+parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
+ config.h \
+ $(srcdir)/gldns/parseutil.h
+rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
+ config.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
+str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
+ config.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
+wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
+ config.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
+arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
+ config.h
+arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
+ config.h \
+ $(srcdir)/compat/chacha_private.h
+arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c \
+ config.h
+explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c \
+ config.h
+getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c \
+ config.h
+getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c \
+ config.h
+getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c \
+ config.h
 getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
-gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c config.h
-inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
-inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
-sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
-strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
-rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/debug.h config.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/rbtree.h
-val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/log.h \
- $(srcdir)/debug.h config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/gbuffer.h
+gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c \
+ config.h
+inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c \
+ config.h
+inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c \
+ config.h
+sha512.lo sha512.o: $(srcdir)/compat/sha512.c \
+ config.h
+strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
+ config.h
+rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
+ config.h \
+ $(srcdir)/util/log.h $(srcdir)/debug.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/rbtree.h
+val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
+ config.h \
+ $(srcdir)/util/val_secalgo.h $(srcdir)/util/log.h $(srcdir)/debug.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/keyraw.h \
+ $(srcdir)/gldns/gbuffer.h
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
-libev.lo libev.o: $(srcdir)/extension/libev.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/getdns/getdns_ext_libev.h getdns/getdns_extra.h
-libevent.lo libevent.o: $(srcdir)/extension/libevent.c config.h $(srcdir)/types-internal.h \
- getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/getdns/getdns_ext_libevent.h getdns/getdns_extra.h
-libuv.lo libuv.o: $(srcdir)/extension/libuv.c config.h $(srcdir)/debug.h config.h $(srcdir)/types-internal.h \
- getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/getdns/getdns_ext_libuv.h getdns/getdns_extra.h
-poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/uthash.h $(srcdir)/debug.h config.h
-select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c config.h \
- $(srcdir)/extension/select_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/debug.h config.h $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h
+libev.lo libev.o: $(srcdir)/extension/libev.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
+libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
+libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
+poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
+ config.h \
+ $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/uthash.h $(srcdir)/debug.h
+select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
+ config.h \
+ $(srcdir)/extension/select_eventloop.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h
diff --git a/src/test/Makefile.in b/src/test/Makefile.in
index c481fdab..758435c1 100644
--- a/src/test/Makefile.in
+++ b/src/test/Makefile.in
@@ -216,10 +216,13 @@ depend:
 .PHONY: clean test
 
 # Dependencies for the unit tests
-check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_address.h \
- $(srcdir)/check_getdns_address_sync.h $(srcdir)/check_getdns_cancel_callback.h \
- $(srcdir)/check_getdns_context_create.h $(srcdir)/check_getdns_context_destroy.h \
+check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
+ ../getdns/getdns.h \
+ $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_address.h $(srcdir)/check_getdns_address_sync.h \
+ $(srcdir)/check_getdns_cancel_callback.h $(srcdir)/check_getdns_context_create.h \
+ $(srcdir)/check_getdns_context_destroy.h \
  $(srcdir)/check_getdns_context_set_context_update_callback.h \
  $(srcdir)/check_getdns_context_set_dns_transport.h \
  $(srcdir)/check_getdns_context_set_timeout.h \
@@ -239,34 +242,58 @@ check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(sr
  $(srcdir)/check_getdns_list_get_list.h $(srcdir)/check_getdns_pretty_print_dict.h \
  $(srcdir)/check_getdns_service.h $(srcdir)/check_getdns_service_sync.h \
  $(srcdir)/check_getdns_transport.h
-check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c ../getdns/getdns.h \
- ../config.h $(srcdir)/check_getdns_common.h ../getdns/getdns_extra.h \
+check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c \
+ ../getdns/getdns.h \
+ ../config.h \
+ $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h \
  $(srcdir)/check_getdns_eventloop.h
 check_getdns_context_set_timeout.lo check_getdns_context_set_timeout.o: $(srcdir)/check_getdns_context_set_timeout.c \
  $(srcdir)/check_getdns_context_set_timeout.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h
 check_getdns_libev.lo check_getdns_libev.o: $(srcdir)/check_getdns_libev.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libev.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libev.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_common.h
 check_getdns_libevent.lo check_getdns_libevent.o: $(srcdir)/check_getdns_libevent.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libevent.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libevent.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
 check_getdns_libuv.lo check_getdns_libuv.o: $(srcdir)/check_getdns_libuv.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libuv.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libuv.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_common.h
 check_getdns_selectloop.lo check_getdns_selectloop.o: $(srcdir)/check_getdns_selectloop.c \
- $(srcdir)/check_getdns_eventloop.h ../config.h ../getdns/getdns.h \
+ $(srcdir)/check_getdns_eventloop.h \
+ ../config.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 check_getdns_transport.lo check_getdns_transport.o: $(srcdir)/check_getdns_transport.c \
- $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h ../getdns/getdns.h \
+ $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
-scratchpad.template.lo scratchpad.template.o: scratchpad.template.c ../getdns/getdns.h \
+scratchpad.template.lo scratchpad.template.o: scratchpad.template.c \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 testmessages.lo testmessages.o: $(srcdir)/testmessages.c $(srcdir)/testmessages.h
-tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c ../config.h $(srcdir)/testmessages.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
-tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h ../getdns/getdns.h \
+tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c \
+ ../config.h \
+ $(srcdir)/testmessages.h \
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h
+tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index d98cf437..d066e824 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -113,5 +113,8 @@ depend:
 .PHONY: clean test
 
 # Dependencies for getdns_query
-getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c ../config.h $(srcdir)/../debug.h ../config.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
+getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c \
+ ../config.h \
+ $(srcdir)/../debug.h \
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h

From b2fe9673de39bf638f6b8ec64e99ce58952fb07d Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 15 Feb 2017 13:08:47 +0100
Subject: [PATCH 129/249] Fix realloc pfds set error + callback order error

---
 src/extension/poll_eventloop.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index 331e5d4b..f5e609ab 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -317,7 +317,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 
 	if (num_pfds >= poll_loop->pfds_capacity) {
 		poll_loop->pfds_capacity = up_pow2(num_pfds + 1);
-		if (poll_loop->pfds) {
+		if (!poll_loop->pfds) {
 			poll_loop->pfds = GETDNS_XMALLOC(poll_loop->mf, struct pollfd, poll_loop->pfds_capacity);
 		} else
 			poll_loop->pfds = GETDNS_XREALLOC(poll_loop->mf, poll_loop->pfds, struct pollfd, poll_loop->pfds_capacity);
@@ -363,13 +363,13 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		_getdns_eventloop_info* fd_event = find_event(&poll_loop->fd_events, fd);
 		if (fd_event && fd_event->event) { 
 			getdns_eventloop_event* event = fd_event->event;
-			if (event->read_cb &&
-			    (poll_loop->pfds[i].revents & POLLIN))
-				poll_read_cb(fd, event);
-
 			if (event->write_cb &&
 			    (poll_loop->pfds[i].revents & POLLOUT))
 				poll_write_cb(fd, event);
+
+			else if (event->read_cb &&
+			    (poll_loop->pfds[i].revents & POLLIN))
+				poll_read_cb(fd, event);
 		}
 	}
 	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {

From c805d40585b977fb4f20d9ae1a3462e6362540a9 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 15 Feb 2017 14:04:34 +0100
Subject: [PATCH 130/249] Clean in place executed unit tests

---
 src/test/tpkg/clean.sh | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100755 src/test/tpkg/clean.sh

diff --git a/src/test/tpkg/clean.sh b/src/test/tpkg/clean.sh
new file mode 100755
index 00000000..b3ebef5e
--- /dev/null
+++ b/src/test/tpkg/clean.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+export SRCDIR=`dirname $0`
+(	cd $SRCDIR
+	./tpkg clean
+	rm -fr build build-stub-only build-event-loops install scan-build-reports .tpkg.var.master
+)

From 7b6b0ff642fdb0c2a735818e2759fac2b77eeca6 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 15 Feb 2017 14:57:30 +0100
Subject: [PATCH 131/249] No helper copy variables

---
 src/extension/poll_eventloop.c | 25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index f5e609ab..65fd17c9 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -49,15 +49,16 @@ find_event(_getdns_eventloop_info** events, int id)
 }
 
 static void
-add_event(struct mem_funcs *mf,
-    _getdns_eventloop_info** events, int id, _getdns_eventloop_info* ev)
+add_event(struct mem_funcs *mf, _getdns_eventloop_info** events,
+    int id, getdns_eventloop_event *event, uint64_t timeout_time)
 {
 	DEBUG_SCHED("poll_eventloop: add_event with id %d\n", id);
 	_getdns_eventloop_info* myevent = GETDNS_MALLOC(*mf, _getdns_eventloop_info);
 	/* not necessary -- (void) memset(myevent, 0, sizeof(_getdns_eventloop_info)); */
-	myevent->event = ev->event;
+
 	myevent->id = id;
-	myevent->timeout_time = ev->timeout_time;
+	myevent->event = event;
+	myevent->timeout_time = timeout_time;
 	HASH_ADD_INT(*events, id, myevent);
 }
 
@@ -131,11 +132,8 @@ poll_eventloop_schedule(getdns_eventloop *loop,
 		if (fd_event) {
 			delete_event(mf, &poll_loop->fd_events, fd_event);
 		}
-		_getdns_eventloop_info fd_ev;
 		event->ev = (void *) (intptr_t) (fd + 1);
-		fd_ev.event = event;
-		fd_ev.timeout_time = get_now_plus(timeout);
-		add_event(mf, &poll_loop->fd_events, fd, &fd_ev);
+		add_event(mf, &poll_loop->fd_events, fd, event, get_now_plus(timeout));
 
 		DEBUG_SCHED( "scheduled read/write at fd %d\n", fd);
 		return GETDNS_RETURN_GOOD;
@@ -154,11 +152,8 @@ poll_eventloop_schedule(getdns_eventloop *loop,
 	}
 	for (i = poll_loop->timeout_id + 1; i != poll_loop->timeout_id; i++) {
 		if (find_event(&poll_loop->timeout_events, i) == NULL) {
-			_getdns_eventloop_info timeout_ev;
-			timeout_ev.event = event;
-			timeout_ev.timeout_time = get_now_plus(timeout);
-			add_event(mf, &poll_loop->timeout_events, i, &timeout_ev);
 			event->ev = (void *) (intptr_t) (i + 1);
+			add_event(mf, &poll_loop->timeout_events, i, event, get_now_plus(timeout));
 
 			DEBUG_SCHED( "scheduled timeout at slot %d\n", (int)i);
 			return GETDNS_RETURN_GOOD;
@@ -292,7 +287,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 
 	HASH_ITER(hh, poll_loop->timeout_events, s, tmp) {
 		if (now > s->timeout_time)
-			add_event(mf, &timeout_timeout_cbs, s->id, s);
+			add_event(mf, &timeout_timeout_cbs, s->id, s->event, s->timeout_time);
 		else if (s->timeout_time < timeout)
 			timeout = s->timeout_time;
 	}
@@ -376,7 +371,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		if (s->event &&
 		    s->event->timeout_cb &&
 		    now > s->timeout_time)
-			add_event(mf, &fd_timeout_cbs, s->id, s);
+			add_event(mf, &fd_timeout_cbs, s->id, s->event, s->timeout_time);
 	}
 	/* this is in case the timeout callback deletes the event
 	   and thus messes with the iteration */
@@ -390,7 +385,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		if (s->event &&
 		    s->event->timeout_cb &&
 		    now > s->timeout_time)
-			add_event(mf, &timeout_timeout_cbs, s->id, s);
+			add_event(mf, &timeout_timeout_cbs, s->id, s->event, s->timeout_time);
 	}
 	/* this is in case the timeout callback deletes the event
 	   and thus messes with the iteration */

From e4eddca2592c638b42d9457237236c83953a8af1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 15 Feb 2017 15:10:11 +0100
Subject: [PATCH 132/249] Reference event_info directly

---
 src/extension/poll_eventloop.c | 53 +++++++++-------------------------
 1 file changed, 13 insertions(+), 40 deletions(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index 65fd17c9..2f40c30a 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -48,7 +48,7 @@ find_event(_getdns_eventloop_info** events, int id)
 	return ev;
 }
 
-static void
+static _getdns_eventloop_info *
 add_event(struct mem_funcs *mf, _getdns_eventloop_info** events,
     int id, getdns_eventloop_event *event, uint64_t timeout_time)
 {
@@ -60,6 +60,7 @@ add_event(struct mem_funcs *mf, _getdns_eventloop_info** events,
 	myevent->event = event;
 	myevent->timeout_time = timeout_time;
 	HASH_ADD_INT(*events, id, myevent);
+	return myevent;
 }
 
 static void
@@ -132,8 +133,7 @@ poll_eventloop_schedule(getdns_eventloop *loop,
 		if (fd_event) {
 			delete_event(mf, &poll_loop->fd_events, fd_event);
 		}
-		event->ev = (void *) (intptr_t) (fd + 1);
-		add_event(mf, &poll_loop->fd_events, fd, event, get_now_plus(timeout));
+		event->ev = add_event(mf, &poll_loop->fd_events, fd, event, get_now_plus(timeout));
 
 		DEBUG_SCHED( "scheduled read/write at fd %d\n", fd);
 		return GETDNS_RETURN_GOOD;
@@ -152,8 +152,7 @@ poll_eventloop_schedule(getdns_eventloop *loop,
 	}
 	for (i = poll_loop->timeout_id + 1; i != poll_loop->timeout_id; i++) {
 		if (find_event(&poll_loop->timeout_events, i) == NULL) {
-			event->ev = (void *) (intptr_t) (i + 1);
-			add_event(mf, &poll_loop->timeout_events, i, event, get_now_plus(timeout));
+			event->ev = add_event(mf, &poll_loop->timeout_events, i, event, get_now_plus(timeout));
 
 			DEBUG_SCHED( "scheduled timeout at slot %d\n", (int)i);
 			return GETDNS_RETURN_GOOD;
@@ -168,46 +167,20 @@ poll_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 	struct mem_funcs *mf = &poll_loop->mf;
-	ssize_t i;
 
 	if (!loop || !event)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
 	DEBUG_SCHED( "%s(loop: %p, event: %p)\n", __FUNC__, (void *)loop, (void *)event);
 
-	i = (intptr_t)event->ev - 1;
-	if (i < 0
-#ifdef HAVE_GETRLIMIT
-			|| i > poll_loop->max_fds
-#endif
-			) {
-		return GETDNS_RETURN_GENERIC_ERROR;
-	}
-	if (event->timeout_cb && !event->read_cb && !event->write_cb) {
-		_getdns_eventloop_info* timeout_event = find_event(&poll_loop->timeout_events, i);
-#if defined(SCHED_DEBUG) && SCHED_DEBUG
-		if (timeout_event && timeout_event->event != event)
-			DEBUG_SCHED( "ERROR: Different/wrong event present at "
-			             "timeout slot: %p!\n"
-				     , (void *)timeout_event);
+	assert(event->ev);
 
-#endif
-		if (timeout_event) {
-			delete_event(mf, &poll_loop->timeout_events, timeout_event);
-		}
-	} else {
-		_getdns_eventloop_info* fd_event = find_event(&poll_loop->fd_events, i);
-#if defined(SCHED_DEBUG) && SCHED_DEBUG
-		if (fd_event && fd_event->event != event)
-			DEBUG_SCHED( "ERROR: Different/wrong event present at "
-			             "fd slot: %p!\n"
-			           , (void *)fd_event);
-#endif
-		if (fd_event) {
-			delete_event(mf, &poll_loop->fd_events, fd_event);
-		}
-	}
+	delete_event(mf,
+	    ( event->timeout_cb && !event->read_cb && !event->write_cb
+	    ? &poll_loop->timeout_events : &poll_loop->fd_events
+	    ), event->ev);
 	event->ev = NULL;
+
 	return GETDNS_RETURN_GOOD;
 }
 
@@ -287,7 +260,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 
 	HASH_ITER(hh, poll_loop->timeout_events, s, tmp) {
 		if (now > s->timeout_time)
-			add_event(mf, &timeout_timeout_cbs, s->id, s->event, s->timeout_time);
+			(void) add_event(mf, &timeout_timeout_cbs, s->id, s->event, s->timeout_time);
 		else if (s->timeout_time < timeout)
 			timeout = s->timeout_time;
 	}
@@ -371,7 +344,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		if (s->event &&
 		    s->event->timeout_cb &&
 		    now > s->timeout_time)
-			add_event(mf, &fd_timeout_cbs, s->id, s->event, s->timeout_time);
+			(void) add_event(mf, &fd_timeout_cbs, s->id, s->event, s->timeout_time);
 	}
 	/* this is in case the timeout callback deletes the event
 	   and thus messes with the iteration */
@@ -385,7 +358,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		if (s->event &&
 		    s->event->timeout_cb &&
 		    now > s->timeout_time)
-			add_event(mf, &timeout_timeout_cbs, s->id, s->event, s->timeout_time);
+			(void) add_event(mf, &timeout_timeout_cbs, s->id, s->event, s->timeout_time);
 	}
 	/* this is in case the timeout callback deletes the event
 	   and thus messes with the iteration */

From 445470d831c125a9fb8af52eeffd9d760fc0862c Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 16 Feb 2017 10:32:17 +0100
Subject: [PATCH 133/249] Rename a gldns function

---
 src/context.c          |  4 ++--
 src/convert.c          |  8 ++++----
 src/dict.c             |  8 ++++----
 src/gldns/gbuffer.c    |  2 +-
 src/gldns/gbuffer.h    | 10 ++++++----
 src/request-internal.c |  2 +-
 src/util-internal.c    |  4 ++--
 7 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/src/context.c b/src/context.c
index 88eb0e4d..14c78a09 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1354,7 +1354,7 @@ getdns_context_create_with_extended_memory_functions(
 	result->suffixes = no_suffixes;
 	result->suffixes_len = sizeof(no_suffixes);
 
-	gldns_buffer_init_frm_data_v(&gbuf, result->trust_anchors_spc
+	gldns_buffer_init_vfixed_frm_data(&gbuf, result->trust_anchors_spc
 	                                , sizeof(result->trust_anchors_spc));
 
 	if (!_getdns_parse_ta_file(NULL, &gbuf)) {
@@ -2333,7 +2333,7 @@ getdns_context_set_suffix(getdns_context *context, getdns_list *value)
 		context->suffixes_len = sizeof(no_suffixes);
 		return GETDNS_RETURN_GOOD;
 	}
-	gldns_buffer_init_frm_data_v(&gbuf, buf_spc, sizeof(buf_spc));
+	gldns_buffer_init_vfixed_frm_data(&gbuf, buf_spc, sizeof(buf_spc));
 	for (;;) {
 		for ( i = 0
 		    ; !(r = getdns_list_get_bindata(value, i, &bindata))
diff --git a/src/convert.c b/src/convert.c
index df2ff0e5..11919107 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -297,7 +297,7 @@ getdns_rr_dict2wire_scan(
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
 
-	gldns_buffer_init_frm_data_v(&gbuf, *wire, *wire_sz);
+	gldns_buffer_init_vfixed_frm_data(&gbuf, *wire, *wire_sz);
 	if ((r = _getdns_rr_dict2wire(rr_dict, &gbuf)))
 		return r;
 
@@ -447,7 +447,7 @@ getdns_rr_dict2str_scan(
 	if (!rr_dict || !str || !*str || !str_len)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	gldns_buffer_init_frm_data_v(&gbuf, buf, sizeof(buf_spc));
+	gldns_buffer_init_vfixed_frm_data(&gbuf, buf, sizeof(buf_spc));
 	r = _getdns_rr_dict2wire(rr_dict, &gbuf);
 	if (gldns_buffer_position(&gbuf) > sizeof(buf_spc)) {
 		if (!(buf = GETDNS_XMALLOC(
@@ -960,7 +960,7 @@ getdns_msg_dict2wire_scan(
 	if (!msg_dict || !wire || !wire_sz || (!*wire && *wire_sz))
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	gldns_buffer_init_frm_data_v(&gbuf, *wire, *wire_sz);
+	gldns_buffer_init_vfixed_frm_data(&gbuf, *wire, *wire_sz);
 	if ((r = _getdns_msg_dict2wire_buf(msg_dict, &gbuf)))
 		return r;
 
@@ -1036,7 +1036,7 @@ getdns_msg_dict2str_scan(
 	if (!msg_dict || !str || !*str || !str_len)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	gldns_buffer_init_frm_data_v(&gbuf, buf, sizeof(buf_spc));
+	gldns_buffer_init_vfixed_frm_data(&gbuf, buf, sizeof(buf_spc));
 	r = _getdns_msg_dict2wire_buf(msg_dict, &gbuf);
 	if (gldns_buffer_position(&gbuf) > sizeof(buf_spc)) {
 		if (!(buf = GETDNS_XMALLOC(
diff --git a/src/dict.c b/src/dict.c
index 70fa3836..23b42531 100644
--- a/src/dict.c
+++ b/src/dict.c
@@ -1186,7 +1186,7 @@ getdns_pretty_snprint_dict(char *str, size_t size, const getdns_dict *dict)
 
 	if (!dict) return -1;
 
-	gldns_buffer_init_frm_data_v(&buf, str, size);
+	gldns_buffer_init_vfixed_frm_data(&buf, str, size);
 	return getdns_pp_dict(&buf, 0, dict, 0) < 0
 	     ? -1 : (int)gldns_buffer_position(&buf);
 }
@@ -1220,7 +1220,7 @@ getdns_pretty_snprint_list(char *str, size_t size, const getdns_list *list)
 
 	if (!list) return -1;
 
-	gldns_buffer_init_frm_data_v(&buf, str, size);
+	gldns_buffer_init_vfixed_frm_data(&buf, str, size);
 	return getdns_pp_list(&buf, 0, list, 0, 0) < 0
 	     ? -1 : (int)gldns_buffer_position(&buf);
 }
@@ -1255,7 +1255,7 @@ getdns_snprint_json_dict(
 
 	if (!dict) return -1;
 
-	gldns_buffer_init_frm_data_v(&buf, str, size);
+	gldns_buffer_init_vfixed_frm_data(&buf, str, size);
 	return getdns_pp_dict(&buf, 0, dict, pretty ? 1 : 2) < 0
 	     ? -1 : (int)gldns_buffer_position(&buf);
 }
@@ -1290,7 +1290,7 @@ getdns_snprint_json_list(
 
 	if (!list) return -1;
 
-	gldns_buffer_init_frm_data_v(&buf, str, size);
+	gldns_buffer_init_vfixed_frm_data(&buf, str, size);
 	return getdns_pp_list(&buf, 0, list, 0, pretty ? 1 : 2) < 0
 	     ? -1 : (int)gldns_buffer_position(&buf);
 }
diff --git a/src/gldns/gbuffer.c b/src/gldns/gbuffer.c
index 77398905..04c257fb 100644
--- a/src/gldns/gbuffer.c
+++ b/src/gldns/gbuffer.c
@@ -72,7 +72,7 @@ gldns_buffer_init_frm_data(gldns_buffer *buffer, void *data, size_t size)
 }
 
 void
-gldns_buffer_init_frm_data_v(gldns_buffer *buffer, void *data, size_t size)
+gldns_buffer_init_vfixed_frm_data(gldns_buffer *buffer, void *data, size_t size)
 {
 	memset(buffer, 0, sizeof(*buffer));
 	buffer->_data = data;
diff --git a/src/gldns/gbuffer.h b/src/gldns/gbuffer.h
index 15dca675..1b1eb498 100644
--- a/src/gldns/gbuffer.h
+++ b/src/gldns/gbuffer.h
@@ -194,14 +194,16 @@ void gldns_buffer_init_frm_data(gldns_buffer *buffer, void *data, size_t size);
 
 /**
  * Setup a buffer with the data pointed to. No data copied, no memory allocs.
- * The buffer is fixed.  Writes beyond size (the capacity) will update the 
- * position (and not write data).  This allows to determine how big the buffer
- * should have been to contain all the written data.
+ * The buffer is "virtually" fixed.  Writes beyond size (the capacity) will
+ * only update position, but no data will be written beyond capacity.  This
+ * allows to determine how big the buffer should have been to contain all the
+ * written data, by looking at the position with gldns_buffer_position(),
+ * similarly to the return value of POSIX's snprintf.
  * \param[in] buffer pointer to the buffer to put the data in
  * \param[in] data the data to encapsulate in the buffer
  * \param[in] size the size of the data
  */
-void gldns_buffer_init_frm_data_v(gldns_buffer *buffer, void *data, size_t size);
+void gldns_buffer_init_vfixed_frm_data(gldns_buffer *buffer, void *data, size_t size);
 
 /**
  * clears the buffer and make it ready for writing.  The buffer's limit
diff --git a/src/request-internal.c b/src/request-internal.c
index 7b8af65a..8193acb7 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -383,7 +383,7 @@ _getdns_network_req_add_tsig(getdns_network_req *req)
 #endif
 	tsig_info = _getdns_get_tsig_info(upstream->tsig_alg);
 
-	gldns_buffer_init_frm_data_v(&gbuf, req->response, MAXIMUM_TSIG_SPACE);
+	gldns_buffer_init_vfixed_frm_data(&gbuf, req->response, MAXIMUM_TSIG_SPACE);
 	gldns_buffer_write(&gbuf,
 	    upstream->tsig_dname, upstream->tsig_dname_len);	/* Name */
 	gldns_buffer_write_u16(&gbuf, GETDNS_RRCLASS_ANY);	/* Class */
diff --git a/src/util-internal.c b/src/util-internal.c
index 2bbad80d..fe05cd83 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -1510,7 +1510,7 @@ uint8_t *_getdns_list2wire(
 	gldns_buffer gbuf;
 	size_t sz;
 
-	gldns_buffer_init_frm_data_v(&gbuf, buf, *buf_len);
+	gldns_buffer_init_vfixed_frm_data(&gbuf, buf, *buf_len);
 	_getdns_list2wire_buf(&gbuf, l);
 
 	if ((sz = gldns_buffer_position(&gbuf)) <= *buf_len) {
@@ -1531,7 +1531,7 @@ uint8_t *_getdns_reply2wire(
 	gldns_buffer gbuf;
 	size_t sz;
 
-	gldns_buffer_init_frm_data_v(&gbuf, buf, *buf_len);
+	gldns_buffer_init_vfixed_frm_data(&gbuf, buf, *buf_len);
 	_getdns_reply2wire_buf(&gbuf, r);
 
 	if ((sz = gldns_buffer_position(&gbuf)) <= *buf_len) {

From e87e907128c480196c89a4aa3317360b9e1e0e6e Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 16 Feb 2017 11:01:48 +0100
Subject: [PATCH 134/249] Constants for Edward Curves

---
 src/gldns/rrdef.h    | 2 ++
 src/gldns/wire2str.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/src/gldns/rrdef.h b/src/gldns/rrdef.h
index f00fa33c..58132c23 100644
--- a/src/gldns/rrdef.h
+++ b/src/gldns/rrdef.h
@@ -372,6 +372,8 @@ enum gldns_enum_algorithm
         GLDNS_ECC_GOST           = 12,  /* RFC 5933 */
         GLDNS_ECDSAP256SHA256    = 13,  /* RFC 6605 */
         GLDNS_ECDSAP384SHA384    = 14,  /* RFC 6605 */
+	GLDNS_ED25519		= 15,  /* RFC 8080 */
+	GLDNS_ED448		= 16,  /* RFC 8080 */
         GLDNS_INDIRECT           = 252,
         GLDNS_PRIVATEDNS         = 253,
         GLDNS_PRIVATEOID         = 254
diff --git a/src/gldns/wire2str.c b/src/gldns/wire2str.c
index 2d427d86..35a6df9d 100644
--- a/src/gldns/wire2str.c
+++ b/src/gldns/wire2str.c
@@ -47,6 +47,8 @@ static gldns_lookup_table gldns_algorithms_data[] = {
 	{ GLDNS_ECC_GOST, "ECC-GOST"},
 	{ GLDNS_ECDSAP256SHA256, "ECDSAP256SHA256"},
 	{ GLDNS_ECDSAP384SHA384, "ECDSAP384SHA384"},
+	{ GLDNS_ED25519, "ED25519"},
+	{ GLDNS_ED448, "ED448"},
 	{ GLDNS_INDIRECT, "INDIRECT" },
 	{ GLDNS_PRIVATEDNS, "PRIVATEDNS" },
 	{ GLDNS_PRIVATEOID, "PRIVATEOID" },

From 2d35993c836fc776845d48343f6af86e634eaa95 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 16 Feb 2017 15:22:57 +0100
Subject: [PATCH 135/249] Timeout events in array

---
 src/extension/poll_eventloop.c | 150 +++++++++++++++++++++++----------
 src/extension/poll_eventloop.h |  11 ++-
 2 files changed, 114 insertions(+), 47 deletions(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index 2f40c30a..a88fb231 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -38,6 +38,44 @@
 #include "extension/poll_eventloop.h"
 #include "debug.h"
 
+enum { init_pfds_capacity = 64
+     , init_to_events_capacity = 64 };
+
+static void *get_to_event(_getdns_poll_eventloop *loop,
+    getdns_eventloop_event *event, uint64_t timeout_time)
+{
+	unsigned long i = 0;
+
+	while (i < loop->to_events_capacity && loop->to_events[i].event) i++;
+
+	if (i == loop->to_events_capacity) {
+		if (i) {
+			_getdns_poll_to_event *to_events = GETDNS_XREALLOC(
+			    loop->mf, loop->to_events, _getdns_poll_to_event, i * 2);
+			if (!to_events)
+				return NULL;
+			(void) memset(&loop->to_events[i], 0,
+			    sizeof(_getdns_poll_to_event) * i);
+
+			loop->to_events_capacity = i * 2;
+			loop->to_events = to_events;
+		} else {
+			if (!(loop->to_events = GETDNS_XMALLOC(loop->mf,
+			    _getdns_poll_to_event, init_to_events_capacity)))
+				return NULL;
+
+			(void) memset(loop->to_events, 0,
+			    sizeof(_getdns_poll_to_event)
+			    * init_to_events_capacity);
+
+			loop->to_events_capacity = init_to_events_capacity;
+		}
+	}
+	loop->to_events[i].event = event;
+	loop->to_events[i].timeout_time = timeout_time;
+	return (void *) (intptr_t) (i + 1);
+}
+
 static _getdns_eventloop_info *
 find_event(_getdns_eventloop_info** events, int id)
 {
@@ -93,7 +131,6 @@ poll_eventloop_schedule(getdns_eventloop *loop,
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 	struct mem_funcs *mf = &poll_loop->mf;
-	size_t i;
 
 	DEBUG_SCHED( "%s(loop: %p, fd: %d, timeout: %"PRIu64", event: %p, max_fds: %d)\n"
 	        , __FUNC__, (void *)loop, fd, timeout, (void *)event, poll_loop->max_fds);
@@ -150,13 +187,9 @@ poll_eventloop_schedule(getdns_eventloop *loop,
 		DEBUG_SCHED("ERROR: timeout event with write_cb! Clearing.\n");
 		event->write_cb = NULL;
 	}
-	for (i = poll_loop->timeout_id + 1; i != poll_loop->timeout_id; i++) {
-		if (find_event(&poll_loop->timeout_events, i) == NULL) {
-			event->ev = add_event(mf, &poll_loop->timeout_events, i, event, get_now_plus(timeout));
-
-			DEBUG_SCHED( "scheduled timeout at slot %d\n", (int)i);
-			return GETDNS_RETURN_GOOD;
-		}
+	if ((event->ev = get_to_event(poll_loop, event, get_now_plus(timeout)))) {
+		DEBUG_SCHED("scheduled timeout at slot %p\n", event->ev);
+		return GETDNS_RETURN_GOOD;
 	}
 	DEBUG_SCHED("ERROR: Out of timeout slots!\n");
 	return GETDNS_RETURN_GENERIC_ERROR;
@@ -175,12 +208,29 @@ poll_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 
 	assert(event->ev);
 
-	delete_event(mf,
-	    ( event->timeout_cb && !event->read_cb && !event->write_cb
-	    ? &poll_loop->timeout_events : &poll_loop->fd_events
-	    ), event->ev);
-	event->ev = NULL;
+	if (event->timeout_cb && !event->read_cb && !event->write_cb) {
+		unsigned long i = ((unsigned long) (intptr_t) event->ev) - 1;
 
+		/* This may happen with full recursive synchronous requests
+		 * with the unbound pluggable event API, because the default
+		 * poll_eventloop is temporarily replaced by a poll_eventloop
+		 * used only in synchronous calls. When the synchronous request
+		 * had an answer, the poll_eventloop for the synchronous is
+		 * cleaned, however it could still have outstanding events.
+		 */
+		if (i >= poll_loop->to_events_capacity ||
+		    poll_loop->to_events[i].event != event) {
+			event->ev = NULL;
+			DEBUG_SCHED( "ERROR: Event mismatch %p\n", (void *)event->ev);
+			return GETDNS_RETURN_GENERIC_ERROR;
+		}
+
+		poll_loop->to_events[i].event = NULL;
+		DEBUG_SCHED( "cleared timeout at slot %p\n", event->ev);
+	} else
+		delete_event(mf, &poll_loop->fd_events, event->ev);
+
+	event->ev = NULL;
 	return GETDNS_RETURN_GOOD;
 }
 
@@ -195,8 +245,12 @@ poll_eventloop_cleanup(getdns_eventloop *loop)
 		poll_loop->pfds = NULL;
 		poll_loop->pfds_capacity = 0;
 	}
+	if (poll_loop->to_events) {
+		GETDNS_FREE(*mf, poll_loop->to_events);
+		poll_loop->to_events = NULL;
+		poll_loop->to_events_capacity = 0;
+	}
 	HASH_CLEAR(hh, poll_loop->fd_events);
-	HASH_CLEAR(hh, poll_loop->timeout_events);
 }
 
 static void
@@ -247,10 +301,9 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	struct mem_funcs *mf = &poll_loop->mf;
 	_getdns_eventloop_info *s, *tmp;
 	uint64_t now, timeout = TIMEOUT_FOREVER;
-	size_t   i=0;
+	size_t   i = 0;
 	int poll_timeout = 0;
 	unsigned int num_pfds = 0;
-	_getdns_eventloop_info* timeout_timeout_cbs = NULL;
 	_getdns_eventloop_info* fd_timeout_cbs = NULL;
 
 	if (!loop)
@@ -258,18 +311,15 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 
 	now = get_now_plus(0);
 
-	HASH_ITER(hh, poll_loop->timeout_events, s, tmp) {
-		if (now > s->timeout_time)
-			(void) add_event(mf, &timeout_timeout_cbs, s->id, s->event, s->timeout_time);
-		else if (s->timeout_time < timeout)
-			timeout = s->timeout_time;
+	for (i = 0; i < poll_loop->to_events_capacity; i++) {
+		if (poll_loop->to_events[i].event &&
+		    poll_loop->to_events[i].timeout_time < now)
+			poll_timeout_cb(-1, poll_loop->to_events[i].event);
 	}
-	/* this is in case the timeout callback deletes the event
-	   and thus messes with the iteration */
-	HASH_ITER(hh, timeout_timeout_cbs, s, tmp) {
-		getdns_eventloop_event* event = s->event;
-		delete_event(mf, &timeout_timeout_cbs, s);
-		poll_timeout_cb(-1, event);
+	for (i = 0; i < poll_loop->to_events_capacity; i++) {
+		if (poll_loop->to_events[i].event &&
+		    poll_loop->to_events[i].timeout_time < timeout)
+			timeout = poll_loop->to_events[i].timeout_time;
 	}
 	/* first we count the number of fds that will be active */
 	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {
@@ -354,20 +404,22 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		delete_event(mf, &fd_timeout_cbs, s);
 		poll_timeout_cb(fd, event);
 	}
-	HASH_ITER(hh, poll_loop->timeout_events, s, tmp) {
-		if (s->event &&
-		    s->event->timeout_cb &&
-		    now > s->timeout_time)
-			(void) add_event(mf, &timeout_timeout_cbs, s->id, s->event, s->timeout_time);
-	}
-	/* this is in case the timeout callback deletes the event
-	   and thus messes with the iteration */
-	HASH_ITER(hh, timeout_timeout_cbs, s, tmp) {
-		getdns_eventloop_event* event = s->event;
-		delete_event(mf, &timeout_timeout_cbs, s);
-		poll_timeout_cb(-1, event);
+	for (i = 0; i < poll_loop->to_events_capacity; i++) {
+		if (poll_loop->to_events[i].event &&
+		    poll_loop->to_events[i].timeout_time < now)
+			poll_timeout_cb(-1, poll_loop->to_events[i].event);
 	}
+}
 
+static unsigned long to_events_used(_getdns_poll_eventloop *loop)
+{
+	unsigned int i, count = 0;
+
+	for (i = 0; i < loop->to_events_capacity; i++) {
+		if (loop->to_events[i].event)
+			count++;
+	}
+	return count;
 }
 
 static void
@@ -379,7 +431,7 @@ poll_eventloop_run(getdns_eventloop *loop)
 		return;
 
 	/* keep going until all the events are cleared */
-	while (poll_loop->fd_events || poll_loop->timeout_events) {
+	while (poll_loop->fd_events || to_events_used(poll_loop)) {
 		poll_eventloop_run_once(loop, 1);
 	}
 }
@@ -411,9 +463,19 @@ _getdns_poll_eventloop_init(struct mem_funcs *mf, _getdns_poll_eventloop *loop)
 #if HAVE_GETRLIMIT
 	}
 #endif
-	loop->timeout_id = 0;
-	loop->pfds = NULL;
-	loop->pfds_capacity = 0;
+	loop->pfds_capacity = init_pfds_capacity;
+	if (!(loop->pfds = GETDNS_XMALLOC(
+	    *mf, struct pollfd, init_pfds_capacity)))
+		loop->pfds_capacity = 0;
+
 	loop->fd_events = NULL;
-	loop->timeout_events = NULL;
+	loop->to_events_capacity = init_to_events_capacity;
+	if ((loop->to_events = GETDNS_XMALLOC(
+	    *mf, _getdns_poll_to_event, init_to_events_capacity)))
+		(void) memset(loop->to_events, 0,
+		    sizeof(_getdns_poll_to_event) * init_to_events_capacity);
+	else
+		loop->to_events_capacity = 0;
+
 }
+
diff --git a/src/extension/poll_eventloop.h b/src/extension/poll_eventloop.h
index 8c742e20..8481b743 100644
--- a/src/extension/poll_eventloop.h
+++ b/src/extension/poll_eventloop.h
@@ -49,15 +49,20 @@ typedef struct _getdns_eventloop_info {
 	UT_hash_handle		hh;
 } _getdns_eventloop_info;
 
+typedef struct _getdns_poll_to_event {
+	getdns_eventloop_event *event;
+	uint64_t                timeout_time;
+} _getdns_poll_to_event;
+
 typedef struct _getdns_poll_eventloop {
 	getdns_eventloop        loop;
 	struct mem_funcs        mf;
 	unsigned int		max_fds;
-	unsigned int		timeout_id;
-	struct pollfd          *pfds;
 	unsigned long           pfds_capacity;
+	struct pollfd          *pfds;
 	_getdns_eventloop_info *fd_events;
-	_getdns_eventloop_info *timeout_events;
+	unsigned long           to_events_capacity;
+	_getdns_poll_to_event  *to_events;
 } _getdns_poll_eventloop;
 
 void

From f6d46689b653be0da02b1da5defcb76f9f8d3cc2 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 16 Feb 2017 16:26:41 +0100
Subject: [PATCH 136/249] Fixed time allocation and free for to_events

---
 src/extension/poll_eventloop.c | 115 +++++++++++++++++++++------------
 src/extension/poll_eventloop.h |   5 +-
 2 files changed, 78 insertions(+), 42 deletions(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index a88fb231..12319849 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -44,20 +44,18 @@ enum { init_pfds_capacity = 64
 static void *get_to_event(_getdns_poll_eventloop *loop,
     getdns_eventloop_event *event, uint64_t timeout_time)
 {
-	unsigned long i = 0;
-
-	while (i < loop->to_events_capacity && loop->to_events[i].event) i++;
-
-	if (i == loop->to_events_capacity) {
-		if (i) {
+	if (loop->to_events_free == loop->to_events_capacity) {
+		if (loop->to_events_free) {
 			_getdns_poll_to_event *to_events = GETDNS_XREALLOC(
-			    loop->mf, loop->to_events, _getdns_poll_to_event, i * 2);
+			    loop->mf, loop->to_events, _getdns_poll_to_event,
+			    loop->to_events_free * 2);
 			if (!to_events)
 				return NULL;
-			(void) memset(&loop->to_events[i], 0,
-			    sizeof(_getdns_poll_to_event) * i);
+			(void) memset(&loop->to_events[loop->to_events_free],
+			    0, sizeof(_getdns_poll_to_event)
+			     * loop->to_events_free);
 
-			loop->to_events_capacity = i * 2;
+			loop->to_events_capacity = loop->to_events_free * 2;
 			loop->to_events = to_events;
 		} else {
 			if (!(loop->to_events = GETDNS_XMALLOC(loop->mf,
@@ -71,9 +69,10 @@ static void *get_to_event(_getdns_poll_eventloop *loop,
 			loop->to_events_capacity = init_to_events_capacity;
 		}
 	}
-	loop->to_events[i].event = event;
-	loop->to_events[i].timeout_time = timeout_time;
-	return (void *) (intptr_t) (i + 1);
+	loop->to_events[loop->to_events_free].event = event;
+	loop->to_events[loop->to_events_free].timeout_time = timeout_time;
+	loop->to_events_n_used++;
+	return (void *) (intptr_t) (++loop->to_events_free);
 }
 
 static _getdns_eventloop_info *
@@ -209,7 +208,7 @@ poll_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 	assert(event->ev);
 
 	if (event->timeout_cb && !event->read_cb && !event->write_cb) {
-		unsigned long i = ((unsigned long) (intptr_t) event->ev) - 1;
+		size_t i = ((size_t) (intptr_t) event->ev) - 1;
 
 		/* This may happen with full recursive synchronous requests
 		 * with the unbound pluggable event API, because the default
@@ -224,8 +223,10 @@ poll_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 			DEBUG_SCHED( "ERROR: Event mismatch %p\n", (void *)event->ev);
 			return GETDNS_RETURN_GENERIC_ERROR;
 		}
-
 		poll_loop->to_events[i].event = NULL;
+		if (--poll_loop->to_events_n_used == 0) {
+			poll_loop->to_events_free = 0;
+		}
 		DEBUG_SCHED( "cleared timeout at slot %p\n", event->ev);
 	} else
 		delete_event(mf, &poll_loop->fd_events, event->ev);
@@ -249,6 +250,8 @@ poll_eventloop_cleanup(getdns_eventloop *loop)
 		GETDNS_FREE(*mf, poll_loop->to_events);
 		poll_loop->to_events = NULL;
 		poll_loop->to_events_capacity = 0;
+		poll_loop->to_events_free     = 0;
+		poll_loop->to_events_n_used   = 0;
 	}
 	HASH_CLEAR(hh, poll_loop->fd_events);
 }
@@ -301,7 +304,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	struct mem_funcs *mf = &poll_loop->mf;
 	_getdns_eventloop_info *s, *tmp;
 	uint64_t now, timeout = TIMEOUT_FOREVER;
-	size_t   i = 0;
+	size_t  i = 0, j;
 	int poll_timeout = 0;
 	unsigned int num_pfds = 0;
 	_getdns_eventloop_info* fd_timeout_cbs = NULL;
@@ -311,15 +314,41 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 
 	now = get_now_plus(0);
 
-	for (i = 0; i < poll_loop->to_events_capacity; i++) {
-		if (poll_loop->to_events[i].event &&
-		    poll_loop->to_events[i].timeout_time < now)
-			poll_timeout_cb(-1, poll_loop->to_events[i].event);
+	for (i = 0, j = 0; i < poll_loop->to_events_free; i++, j++) {
+		while (poll_loop->to_events[i].event == NULL) {
+			if (++i == poll_loop->to_events_free) {
+				poll_loop->to_events_free = j;
+				break;
+			}
+		}
+		if (j < i) {
+			if (j >= poll_loop->to_events_free)
+				break;
+			poll_loop->to_events[j] = poll_loop->to_events[i];
+			poll_loop->to_events[i].event = NULL;
+			poll_loop->to_events[j].event->ev =
+			    (void *) (intptr_t) (j + 1);
+		}
+		if (poll_loop->to_events[j].timeout_time < now)
+			poll_timeout_cb(-1, poll_loop->to_events[j].event);
 	}
-	for (i = 0; i < poll_loop->to_events_capacity; i++) {
-		if (poll_loop->to_events[i].event &&
-		    poll_loop->to_events[i].timeout_time < timeout)
-			timeout = poll_loop->to_events[i].timeout_time;
+	for (i = 0, j = 0; i < poll_loop->to_events_free; i++, j++) {
+		while (poll_loop->to_events[i].event == NULL) {
+			if (++i == poll_loop->to_events_free) {
+				poll_loop->to_events_free = j;
+				break;
+			}
+		}
+		if (j < i) {
+			if (j >= poll_loop->to_events_free)
+				break;
+			poll_loop->to_events[j] = poll_loop->to_events[i];
+			poll_loop->to_events[i].event = NULL;
+			poll_loop->to_events[j].event->ev =
+			    (void *) (intptr_t) (j + 1);
+		}
+		if (poll_loop->to_events[j].timeout_time < timeout)
+			timeout = poll_loop->to_events[j].timeout_time;
 	}
 	/* first we count the number of fds that will be active */
 	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {
@@ -404,24 +433,26 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		delete_event(mf, &fd_timeout_cbs, s);
 		poll_timeout_cb(fd, event);
 	}
-	for (i = 0; i < poll_loop->to_events_capacity; i++) {
-		if (poll_loop->to_events[i].event &&
-		    poll_loop->to_events[i].timeout_time < now)
-			poll_timeout_cb(-1, poll_loop->to_events[i].event);
+	for (i = 0, j = 0; i < poll_loop->to_events_free; i++, j++) {
+		while (poll_loop->to_events[i].event == NULL) {
+			if (++i == poll_loop->to_events_free) {
+				poll_loop->to_events_free = j;
+				break;
+			}
+		}
+		if (j < i) {
+			if (j >= poll_loop->to_events_free)
+				break;
+			poll_loop->to_events[j] = poll_loop->to_events[i];
+			poll_loop->to_events[i].event = NULL;
+			poll_loop->to_events[j].event->ev =
+			    (void *) (intptr_t) (j + 1);
+		}
+		if (poll_loop->to_events[j].timeout_time < now)
+			poll_timeout_cb(-1, poll_loop->to_events[j].event);
 	}
 }
 
-static unsigned long to_events_used(_getdns_poll_eventloop *loop)
-{
-	unsigned int i, count = 0;
-
-	for (i = 0; i < loop->to_events_capacity; i++) {
-		if (loop->to_events[i].event)
-			count++;
-	}
-	return count;
-}
-
 static void
 poll_eventloop_run(getdns_eventloop *loop)
 {
@@ -431,7 +462,7 @@ poll_eventloop_run(getdns_eventloop *loop)
 		return;
 
 	/* keep going until all the events are cleared */
-	while (poll_loop->fd_events || to_events_used(poll_loop)) {
+	while (poll_loop->fd_events || poll_loop->to_events_n_used) {
 		poll_eventloop_run_once(loop, 1);
 	}
 }
@@ -469,6 +500,7 @@ _getdns_poll_eventloop_init(struct mem_funcs *mf, _getdns_poll_eventloop *loop)
 		loop->pfds_capacity = 0;
 
 	loop->fd_events = NULL;
+
 	loop->to_events_capacity = init_to_events_capacity;
 	if ((loop->to_events = GETDNS_XMALLOC(
 	    *mf, _getdns_poll_to_event, init_to_events_capacity)))
@@ -476,6 +508,7 @@ _getdns_poll_eventloop_init(struct mem_funcs *mf, _getdns_poll_eventloop *loop)
 		    sizeof(_getdns_poll_to_event) * init_to_events_capacity);
 	else
 		loop->to_events_capacity = 0;
-
+	loop->to_events_free = 0;
+	loop->to_events_n_used = 0;
 }
 
diff --git a/src/extension/poll_eventloop.h b/src/extension/poll_eventloop.h
index 8481b743..51118b24 100644
--- a/src/extension/poll_eventloop.h
+++ b/src/extension/poll_eventloop.h
@@ -61,8 +61,11 @@ typedef struct _getdns_poll_eventloop {
 	unsigned long           pfds_capacity;
 	struct pollfd          *pfds;
 	_getdns_eventloop_info *fd_events;
-	unsigned long           to_events_capacity;
+
+	size_t                  to_events_capacity;
 	_getdns_poll_to_event  *to_events;
+	size_t                  to_events_free;
+	size_t                  to_events_n_used;
 } _getdns_poll_eventloop;
 
 void

From d20bbde25eb2b3e08145eef2ebf1864e704de8e7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 16 Feb 2017 22:41:37 +0100
Subject: [PATCH 137/249] Fixed time allocation and free for fd_events

---
 src/extension/poll_eventloop.c |  364 ++++++-----
 src/extension/poll_eventloop.h |   38 +-
 src/util/uthash.h              | 1074 --------------------------------
 3 files changed, 214 insertions(+), 1262 deletions(-)
 delete mode 100644 src/util/uthash.h

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index 12319849..c55c8ec9 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -38,7 +38,7 @@
 #include "extension/poll_eventloop.h"
 #include "debug.h"
 
-enum { init_pfds_capacity = 64
+enum { init_fd_events_capacity = 64
      , init_to_events_capacity = 64 };
 
 static void *get_to_event(_getdns_poll_eventloop *loop,
@@ -46,24 +46,24 @@ static void *get_to_event(_getdns_poll_eventloop *loop,
 {
 	if (loop->to_events_free == loop->to_events_capacity) {
 		if (loop->to_events_free) {
-			_getdns_poll_to_event *to_events = GETDNS_XREALLOC(
-			    loop->mf, loop->to_events, _getdns_poll_to_event,
+			_getdns_poll_event *to_events = GETDNS_XREALLOC(
+			    loop->mf, loop->to_events, _getdns_poll_event,
 			    loop->to_events_free * 2);
 			if (!to_events)
 				return NULL;
 			(void) memset(&loop->to_events[loop->to_events_free],
-			    0, sizeof(_getdns_poll_to_event)
+			    0, sizeof(_getdns_poll_event)
 			     * loop->to_events_free);
 
 			loop->to_events_capacity = loop->to_events_free * 2;
 			loop->to_events = to_events;
 		} else {
 			if (!(loop->to_events = GETDNS_XMALLOC(loop->mf,
-			    _getdns_poll_to_event, init_to_events_capacity)))
+			    _getdns_poll_event, init_to_events_capacity)))
 				return NULL;
 
 			(void) memset(loop->to_events, 0,
-			    sizeof(_getdns_poll_to_event)
+			    sizeof(_getdns_poll_event)
 			    * init_to_events_capacity);
 
 			loop->to_events_capacity = init_to_events_capacity;
@@ -75,38 +75,61 @@ static void *get_to_event(_getdns_poll_eventloop *loop,
 	return (void *) (intptr_t) (++loop->to_events_free);
 }
 
-static _getdns_eventloop_info *
-find_event(_getdns_eventloop_info** events, int id)
+static void *get_fd_event(_getdns_poll_eventloop *loop, int fd,
+    getdns_eventloop_event *event, uint64_t timeout_time)
 {
-	_getdns_eventloop_info* ev;
+	if (loop->fd_events_free == loop->fd_events_capacity) {
+		if (loop->fd_events_free) {
+			_getdns_poll_event *fd_events = GETDNS_XREALLOC(
+			    loop->mf, loop->fd_events, _getdns_poll_event,
+			    loop->fd_events_free * 2);
+			struct pollfd *pfds = GETDNS_XREALLOC(
+			    loop->mf, loop->pfds, struct pollfd,
+			    loop->fd_events_free * 2);
 
-	HASH_FIND_INT(*events, &id, ev);
+			if (!fd_events || !pfds) {
+				if (fd_events)
+					GETDNS_FREE(loop->mf, fd_events);
+				if (pfds)
+					GETDNS_FREE(loop->mf, pfds);
+				return NULL;
+			}
+			(void) memset(&loop->fd_events[loop->fd_events_free],
+			    0, sizeof(_getdns_poll_event)
+			     * loop->fd_events_free);
+			(void) memset(&loop->pfds[loop->fd_events_free],
+			    0, sizeof(struct pollfd) * loop->fd_events_free);
 
-	return ev;
-}
+			loop->fd_events_capacity = loop->fd_events_free * 2;
+			loop->fd_events = fd_events;
+			loop->pfds = pfds;
+		} else {
+			if (!(loop->fd_events = GETDNS_XMALLOC(loop->mf,
+			    _getdns_poll_event, init_fd_events_capacity)) ||
+			    !(loop->pfds = GETDNS_XMALLOC(loop->mf,
+			    struct pollfd, init_fd_events_capacity))) {
+				GETDNS_NULL_FREE(loop->mf, loop->fd_events);
+				return NULL;
+			}
+			(void) memset(loop->fd_events, 0,
+			    sizeof(_getdns_poll_event)
+			    * init_fd_events_capacity);
+			(void) memset(loop->pfds, 0,
+			    sizeof(struct pollfd) * init_fd_events_capacity);
 
-static _getdns_eventloop_info *
-add_event(struct mem_funcs *mf, _getdns_eventloop_info** events,
-    int id, getdns_eventloop_event *event, uint64_t timeout_time)
-{
-	DEBUG_SCHED("poll_eventloop: add_event with id %d\n", id);
-	_getdns_eventloop_info* myevent = GETDNS_MALLOC(*mf, _getdns_eventloop_info);
-	/* not necessary -- (void) memset(myevent, 0, sizeof(_getdns_eventloop_info)); */
-
-	myevent->id = id;
-	myevent->event = event;
-	myevent->timeout_time = timeout_time;
-	HASH_ADD_INT(*events, id, myevent);
-	return myevent;
-}
-
-static void
-delete_event(struct mem_funcs *mf,
-    _getdns_eventloop_info** events, _getdns_eventloop_info* ev)
-{
-	DEBUG_SCHED("poll_eventloop: delete_event with id %d\n", ev->id);
-	HASH_DEL(*events, ev);
-	GETDNS_FREE(*mf, ev);
+			loop->fd_events_capacity = init_fd_events_capacity;
+		}
+	}
+	loop->pfds[loop->fd_events_free].fd = fd;
+	loop->pfds[loop->fd_events_free].events = 0;
+	if (event->read_cb)
+		loop->pfds[loop->fd_events_free].events |= POLLIN;
+	if (event->write_cb)
+		loop->pfds[loop->fd_events_free].events |= POLLOUT;
+	loop->fd_events[loop->fd_events_free].event = event;
+	loop->fd_events[loop->fd_events_free].timeout_time = timeout_time;
+	loop->fd_events_n_used++;
+	return (void *) (intptr_t) (++loop->fd_events_free);
 }
 
 static uint64_t get_now_plus(uint64_t amount)
@@ -129,7 +152,6 @@ poll_eventloop_schedule(getdns_eventloop *loop,
     int fd, uint64_t timeout, getdns_eventloop_event *event)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
-	struct mem_funcs *mf = &poll_loop->mf;
 
 	DEBUG_SCHED( "%s(loop: %p, fd: %d, timeout: %"PRIu64", event: %p, max_fds: %d)\n"
 	        , __FUNC__, (void *)loop, fd, timeout, (void *)event, poll_loop->max_fds);
@@ -151,27 +173,13 @@ poll_eventloop_schedule(getdns_eventloop *loop,
 		fd = -1;
 	}
 	if (fd >= 0) {
-		_getdns_eventloop_info* fd_event = find_event(&poll_loop->fd_events, fd);
-#if defined(SCHED_DEBUG) && SCHED_DEBUG
-		if (fd_event) {
-			if (fd_event->event == event) {
-				DEBUG_SCHED("WARNING: Event %p not cleared "
-				            "before being rescheduled!\n"
-				           , (void *)fd_event->event);
-			} else {
-				DEBUG_SCHED("ERROR: A different event is "
-				            "already present at fd slot: %p!\n"
-				           , (void *)fd_event->event);
-			}
+		if (!(event->ev = get_fd_event(
+		    poll_loop, fd, event, get_now_plus(timeout)))) {
+			DEBUG_SCHED("ERROR: scheduled read/write slots!\n");
+			return GETDNS_RETURN_GENERIC_ERROR;
 		}
-#endif
-		/* cleanup the old event if it exists */
-		if (fd_event) {
-			delete_event(mf, &poll_loop->fd_events, fd_event);
-		}
-		event->ev = add_event(mf, &poll_loop->fd_events, fd, event, get_now_plus(timeout));
-
-		DEBUG_SCHED( "scheduled read/write at fd %d\n", fd);
+		DEBUG_SCHED( "scheduled read/write at for %d at %p\n"
+		           , fd, (void *)event->ev);
 		return GETDNS_RETURN_GOOD;
 	}
 	if (!event->timeout_cb) {
@@ -186,28 +194,28 @@ poll_eventloop_schedule(getdns_eventloop *loop,
 		DEBUG_SCHED("ERROR: timeout event with write_cb! Clearing.\n");
 		event->write_cb = NULL;
 	}
-	if ((event->ev = get_to_event(poll_loop, event, get_now_plus(timeout)))) {
-		DEBUG_SCHED("scheduled timeout at slot %p\n", event->ev);
-		return GETDNS_RETURN_GOOD;
+	if (!(event->ev = get_to_event(poll_loop, event, get_now_plus(timeout)))) {
+		DEBUG_SCHED("ERROR: Out of timeout slots!\n");
+		return GETDNS_RETURN_GENERIC_ERROR;
 	}
-	DEBUG_SCHED("ERROR: Out of timeout slots!\n");
-	return GETDNS_RETURN_GENERIC_ERROR;
+	DEBUG_SCHED("scheduled timeout at slot %p\n", (void *)event->ev);
+	return GETDNS_RETURN_GOOD;
 }
 
 static getdns_return_t
 poll_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
-	struct mem_funcs *mf = &poll_loop->mf;
 
 	if (!loop || !event)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
 	DEBUG_SCHED( "%s(loop: %p, event: %p)\n", __FUNC__, (void *)loop, (void *)event);
 
-	assert(event->ev);
+	if (!event->ev)
+		return GETDNS_RETURN_GOOD;
 
-	if (event->timeout_cb && !event->read_cb && !event->write_cb) {
+	else if (event->timeout_cb && !event->read_cb && !event->write_cb) {
 		size_t i = ((size_t) (intptr_t) event->ev) - 1;
 
 		/* This may happen with full recursive synchronous requests
@@ -227,10 +235,31 @@ poll_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 		if (--poll_loop->to_events_n_used == 0) {
 			poll_loop->to_events_free = 0;
 		}
-		DEBUG_SCHED( "cleared timeout at slot %p\n", event->ev);
-	} else
-		delete_event(mf, &poll_loop->fd_events, event->ev);
+		DEBUG_SCHED( "cleared timeout at slot %p\n", (void *)event->ev);
+	} else {
+		size_t i = ((size_t) (intptr_t) event->ev) - 1;
 
+		/* This may happen with full recursive synchronous requests
+		 * with the unbound pluggable event API, because the default
+		 * poll_eventloop is temporarily replaced by a poll_eventloop
+		 * used only in synchronous calls. When the synchronous request
+		 * had an answer, the poll_eventloop for the synchronous is
+		 * cleaned, however it could still have outstanding events.
+		 */
+		if (i >= poll_loop->fd_events_capacity ||
+		    poll_loop->fd_events[i].event != event) {
+			event->ev = NULL;
+			DEBUG_SCHED( "ERROR: Event mismatch %p\n", (void *)event->ev);
+			return GETDNS_RETURN_GENERIC_ERROR;
+		}
+		poll_loop->fd_events[i].event = NULL;
+		if (--poll_loop->fd_events_n_used == 0) {
+			poll_loop->fd_events_free = 0;
+		}
+		DEBUG_SCHED( "cleared read/write for %d at slot %p\n"
+		           , poll_loop->pfds[i].fd, (void *)event->ev);
+		poll_loop->pfds[i].fd = -1; /* Not necessary, but to be sure */
+	}
 	event->ev = NULL;
 	return GETDNS_RETURN_GOOD;
 }
@@ -241,10 +270,13 @@ poll_eventloop_cleanup(getdns_eventloop *loop)
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 	struct mem_funcs *mf = &poll_loop->mf;
 
-	if (poll_loop->pfds) {
-		GETDNS_FREE(*mf, poll_loop->pfds);
-		poll_loop->pfds = NULL;
-		poll_loop->pfds_capacity = 0;
+	GETDNS_NULL_FREE(*mf, poll_loop->pfds);
+	if (poll_loop->fd_events) {
+		GETDNS_FREE(*mf, poll_loop->fd_events);
+		poll_loop->fd_events = NULL;
+		poll_loop->fd_events_capacity = 0;
+		poll_loop->fd_events_free     = 0;
+		poll_loop->fd_events_n_used   = 0;
 	}
 	if (poll_loop->to_events) {
 		GETDNS_FREE(*mf, poll_loop->to_events);
@@ -253,7 +285,6 @@ poll_eventloop_cleanup(getdns_eventloop *loop)
 		poll_loop->to_events_free     = 0;
 		poll_loop->to_events_n_used   = 0;
 	}
-	HASH_CLEAR(hh, poll_loop->fd_events);
 }
 
 static void
@@ -277,37 +308,19 @@ poll_write_cb(int fd, getdns_eventloop_event *event)
 }
 
 static void
-poll_timeout_cb(int fd, getdns_eventloop_event *event)
+poll_timeout_cb(getdns_eventloop_event *event)
 {
-#if !defined(SCHED_DEBUG) || !SCHED_DEBUG
-	(void)fd;
-#endif
-	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
+	DEBUG_SCHED( "%s(event: %p)\n", __FUNC__, (void *)event);
 	event->timeout_cb(event->userarg);
 }
 
-static unsigned long up_pow2(unsigned long v)
-{
-	v--;
-	v |= v >>  1;
-	v |= v >>  2;
-	v |= v >>  4;
-	v |= v >>  8;
-	v |= v >> 16;
-	return v + 1;
-}
-
 static void
 poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
-	struct mem_funcs *mf = &poll_loop->mf;
-	_getdns_eventloop_info *s, *tmp;
 	uint64_t now, timeout = TIMEOUT_FOREVER;
 	size_t  i = 0, j;
 	int poll_timeout = 0;
-	unsigned int num_pfds = 0;
-	_getdns_eventloop_info* fd_timeout_cbs = NULL;
 
 	if (!loop)
 		return;
@@ -330,7 +343,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 			    (void *) (intptr_t) (j + 1);
 		}
 		if (poll_loop->to_events[j].timeout_time < now)
-			poll_timeout_cb(-1, poll_loop->to_events[j].event);
+			poll_timeout_cb(poll_loop->to_events[j].event);
 	}
 	for (i = 0, j = 0; i < poll_loop->to_events_free; i++, j++) {
 		while (poll_loop->to_events[i].event == NULL) {
@@ -350,89 +363,98 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		if (poll_loop->to_events[j].timeout_time < timeout)
 			timeout = poll_loop->to_events[j].timeout_time;
 	}
-	/* first we count the number of fds that will be active */
-	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {
-		if (s->event->read_cb ||
-		    s->event->write_cb)
-			num_pfds++;
-		if (s->timeout_time < timeout)
-			timeout = s->timeout_time;
-	}
-
-	if ((timeout == TIMEOUT_FOREVER) && (num_pfds == 0))
+	if ((timeout == TIMEOUT_FOREVER) && (poll_loop->fd_events_free == 0))
 		return;
 
-	if (num_pfds >= poll_loop->pfds_capacity) {
-		poll_loop->pfds_capacity = up_pow2(num_pfds + 1);
-		if (!poll_loop->pfds) {
-			poll_loop->pfds = GETDNS_XMALLOC(poll_loop->mf, struct pollfd, poll_loop->pfds_capacity);
-		} else
-			poll_loop->pfds = GETDNS_XREALLOC(poll_loop->mf, poll_loop->pfds, struct pollfd, poll_loop->pfds_capacity);
-		if (poll_loop->pfds == 0) {
-			poll_loop->pfds_capacity = 0;
-			return;
+	for (i = 0, j = 0; i < poll_loop->fd_events_free; i++, j++) {
+		while (poll_loop->fd_events[i].event == NULL) {
+			if (++i == poll_loop->fd_events_free) {
+				poll_loop->fd_events_free = j;
+				break;
+			}
 		}
+		if (j < i) {
+			if (j >= poll_loop->fd_events_free)
+				break;
+			poll_loop->fd_events[j] = poll_loop->fd_events[i];
+			poll_loop->fd_events[i].event = NULL;
+			poll_loop->fd_events[j].event->ev =
+			    (void *) (intptr_t) (j + 1);
+			poll_loop->pfds[j] = poll_loop->pfds[i];
+			poll_loop->pfds[i].fd = -1;
+		}
+		if (poll_loop->fd_events[j].timeout_time < timeout)
+			timeout = poll_loop->fd_events[j].timeout_time;
 	}
-	i = 0;
-	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {
-		if (!s->event->read_cb && !s->event->write_cb)
-			continue;
-		poll_loop->pfds[i].fd = s->id;
-		poll_loop->pfds[i].events = 0;
-		poll_loop->pfds[i].revents = 0; /* <-- probably not needed */
-		if (s->event->read_cb)
-			poll_loop->pfds[i].events |= POLLIN;
-		if (s->event->write_cb) 
-			poll_loop->pfds[i].events |= POLLOUT;
-		i++;
-	}
-	assert(i == num_pfds);
 
 	if (timeout == TIMEOUT_FOREVER) {
 		poll_timeout = -1;
-	}
-	else if (! blocking || now > timeout) {
+
+	} else if (! blocking || now > timeout) {
 		poll_timeout = 0;
 	} else {
-		poll_timeout = (timeout - now) / 1000; /* turn microseconds into milliseconds */
+		/* turn microseconds into milliseconds */
+		poll_timeout = (timeout - now) / 1000;
 	}
 #ifdef USE_WINSOCK
-	if (WSAPoll(poll_loop->pfds, num_pfds, poll_timeout) < 0) {
+	if (WSAPoll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
 #else	
-	if (poll(poll_loop->pfds, num_pfds, poll_timeout) < 0) {
+	if (poll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
 #endif
 		perror("poll() failed");
 		exit(EXIT_FAILURE);
 	}
 	now = get_now_plus(0);
-	for (i = 0; i < num_pfds; i++) {
-		int fd = poll_loop->pfds[i].fd;
-		_getdns_eventloop_info* fd_event = find_event(&poll_loop->fd_events, fd);
-		if (fd_event && fd_event->event) { 
-			getdns_eventloop_event* event = fd_event->event;
-			if (event->write_cb &&
-			    (poll_loop->pfds[i].revents & POLLOUT))
-				poll_write_cb(fd, event);
 
-			else if (event->read_cb &&
-			    (poll_loop->pfds[i].revents & POLLIN))
-				poll_read_cb(fd, event);
+	for (i = 0, j = 0; i < poll_loop->fd_events_free; i++, j++) {
+		while (poll_loop->fd_events[i].event == NULL) {
+			if (++i == poll_loop->fd_events_free) {
+				poll_loop->fd_events_free = j;
+				break;
+			}
 		}
+		if (j < i) {
+			if (j >= poll_loop->fd_events_free)
+				break;
+			poll_loop->fd_events[j] = poll_loop->fd_events[i];
+			poll_loop->fd_events[i].event = NULL;
+			poll_loop->fd_events[j].event->ev =
+			    (void *) (intptr_t) (j + 1);
+			poll_loop->pfds[j] = poll_loop->pfds[i];
+			poll_loop->pfds[i].fd = -1;
+		}
+		if (poll_loop->fd_events[j].event->write_cb &&
+		    poll_loop->pfds[j].revents & POLLOUT)
+			poll_write_cb( poll_loop->pfds[j].fd
+			             , poll_loop->fd_events[j].event);
+
+		if (poll_loop->fd_events[j].event &&
+		    poll_loop->fd_events[j].event->read_cb &&
+		    poll_loop->pfds[j].revents & POLLIN)
+			poll_read_cb( poll_loop->pfds[j].fd
+			            , poll_loop->fd_events[j].event);
 	}
-	HASH_ITER(hh, poll_loop->fd_events, s, tmp) {
-		if (s->event &&
-		    s->event->timeout_cb &&
-		    now > s->timeout_time)
-			(void) add_event(mf, &fd_timeout_cbs, s->id, s->event, s->timeout_time);
-	}
-	/* this is in case the timeout callback deletes the event
-	   and thus messes with the iteration */
-	HASH_ITER(hh, fd_timeout_cbs, s, tmp) {
-		int fd = s->id;
-		getdns_eventloop_event* event = s->event;
-		delete_event(mf, &fd_timeout_cbs, s);
-		poll_timeout_cb(fd, event);
+	for (i = 0, j = 0; i < poll_loop->fd_events_free; i++, j++) {
+		while (poll_loop->fd_events[i].event == NULL) {
+			if (++i == poll_loop->fd_events_free) {
+				poll_loop->fd_events_free = j;
+				break;
+			}
+		}
+		if (j < i) {
+			if (j >= poll_loop->fd_events_free)
+				break;
+			poll_loop->fd_events[j] = poll_loop->fd_events[i];
+			poll_loop->fd_events[i].event = NULL;
+			poll_loop->fd_events[j].event->ev =
+			    (void *) (intptr_t) (j + 1);
+			poll_loop->pfds[j] = poll_loop->pfds[i];
+			poll_loop->pfds[i].fd = -1;
+		}
+		if (poll_loop->fd_events[j].timeout_time < now)
+			poll_timeout_cb(poll_loop->fd_events[j].event);
 	}
+
 	for (i = 0, j = 0; i < poll_loop->to_events_free; i++, j++) {
 		while (poll_loop->to_events[i].event == NULL) {
 			if (++i == poll_loop->to_events_free) {
@@ -449,7 +471,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 			    (void *) (intptr_t) (j + 1);
 		}
 		if (poll_loop->to_events[j].timeout_time < now)
-			poll_timeout_cb(-1, poll_loop->to_events[j].event);
+			poll_timeout_cb(poll_loop->to_events[j].event);
 	}
 }
 
@@ -462,7 +484,7 @@ poll_eventloop_run(getdns_eventloop *loop)
 		return;
 
 	/* keep going until all the events are cleared */
-	while (poll_loop->fd_events || poll_loop->to_events_n_used) {
+	while (poll_loop->fd_events_n_used || poll_loop->to_events_n_used) {
 		poll_eventloop_run_once(loop, 1);
 	}
 }
@@ -494,21 +516,33 @@ _getdns_poll_eventloop_init(struct mem_funcs *mf, _getdns_poll_eventloop *loop)
 #if HAVE_GETRLIMIT
 	}
 #endif
-	loop->pfds_capacity = init_pfds_capacity;
-	if (!(loop->pfds = GETDNS_XMALLOC(
-	    *mf, struct pollfd, init_pfds_capacity)))
-		loop->pfds_capacity = 0;
-
-	loop->fd_events = NULL;
-
 	loop->to_events_capacity = init_to_events_capacity;
 	if ((loop->to_events = GETDNS_XMALLOC(
-	    *mf, _getdns_poll_to_event, init_to_events_capacity)))
+	    *mf, _getdns_poll_event, init_to_events_capacity)))
 		(void) memset(loop->to_events, 0,
-		    sizeof(_getdns_poll_to_event) * init_to_events_capacity);
+		    sizeof(_getdns_poll_event) * init_to_events_capacity);
 	else
 		loop->to_events_capacity = 0;
 	loop->to_events_free = 0;
 	loop->to_events_n_used = 0;
+
+	loop->fd_events_capacity = init_fd_events_capacity;
+	if ((loop->fd_events = GETDNS_XMALLOC(
+	    *mf, _getdns_poll_event, init_fd_events_capacity)) &&
+	    (loop->pfds = GETDNS_XMALLOC(
+	    *mf, struct pollfd, init_fd_events_capacity))) {
+		(void) memset(loop->fd_events, 0,
+		    sizeof(_getdns_poll_event) * init_fd_events_capacity);
+		(void) memset(loop->pfds, 0,
+		    sizeof(struct pollfd) * init_fd_events_capacity);
+	} else {
+		loop->fd_events_capacity = 0;
+		if (loop->fd_events) {
+			GETDNS_FREE(*mf, loop->fd_events);
+			loop->fd_events = NULL;
+		}
+	}
+	loop->fd_events_free = 0;
+	loop->fd_events_n_used = 0;
 }
 
diff --git a/src/extension/poll_eventloop.h b/src/extension/poll_eventloop.h
index 51118b24..2643c30e 100644
--- a/src/extension/poll_eventloop.h
+++ b/src/extension/poll_eventloop.h
@@ -36,36 +36,28 @@
 #include "getdns/getdns_extra.h"
 #include "types-internal.h"
 
-#define uthash_malloc(sz) ((void *)GETDNS_XMALLOC(*mf, unsigned char, sz))
-#define uthash_free(ptr,sz) GETDNS_FREE(*mf, ptr)
-#include "util/uthash.h"
-
 /* Eventloop based on poll */
 
-typedef struct _getdns_eventloop_info {
-	int			id;
+typedef struct _getdns_poll_event {
 	getdns_eventloop_event *event;
 	uint64_t                timeout_time;
-	UT_hash_handle		hh;
-} _getdns_eventloop_info;
-
-typedef struct _getdns_poll_to_event {
-	getdns_eventloop_event *event;
-	uint64_t                timeout_time;
-} _getdns_poll_to_event;
+} _getdns_poll_event;
 
 typedef struct _getdns_poll_eventloop {
-	getdns_eventloop        loop;
-	struct mem_funcs        mf;
-	unsigned int		max_fds;
-	unsigned long           pfds_capacity;
-	struct pollfd          *pfds;
-	_getdns_eventloop_info *fd_events;
+	getdns_eventloop    loop;
+	struct mem_funcs    mf;
+	unsigned int        max_fds;
 
-	size_t                  to_events_capacity;
-	_getdns_poll_to_event  *to_events;
-	size_t                  to_events_free;
-	size_t                  to_events_n_used;
+	struct pollfd      *pfds;
+	size_t              fd_events_capacity;
+	_getdns_poll_event *fd_events;
+	size_t              fd_events_free;
+	size_t              fd_events_n_used;
+
+	size_t              to_events_capacity;
+	_getdns_poll_event *to_events;
+	size_t              to_events_free;
+	size_t              to_events_n_used;
 } _getdns_poll_eventloop;
 
 void
diff --git a/src/util/uthash.h b/src/util/uthash.h
deleted file mode 100644
index 45d1f9fc..00000000
--- a/src/util/uthash.h
+++ /dev/null
@@ -1,1074 +0,0 @@
-/*
-Copyright (c) 2003-2016, Troy D. Hanson     http://troydhanson.github.com/uthash/
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-    * Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
-IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
-OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-#ifndef UTHASH_H
-#define UTHASH_H
-
-#define UTHASH_VERSION 2.0.1
-
-#include <string.h>   /* memcmp,strlen */
-#include <stddef.h>   /* ptrdiff_t */
-#include <stdlib.h>   /* exit() */
-
-/* These macros use decltype or the earlier __typeof GNU extension.
-   As decltype is only available in newer compilers (VS2010 or gcc 4.3+
-   when compiling c++ source) this code uses whatever method is needed
-   or, for VS2008 where neither is available, uses casting workarounds. */
-#if defined(_MSC_VER)   /* MS compiler */
-#if _MSC_VER >= 1600 && defined(__cplusplus)  /* VS2010 or newer in C++ mode */
-#define DECLTYPE(x) (decltype(x))
-#else                   /* VS2008 or older (or VS2010 in C mode) */
-#define NO_DECLTYPE
-#define DECLTYPE(x)
-#endif
-#elif defined(__BORLANDC__) || defined(__LCC__) || defined(__WATCOMC__)
-#define NO_DECLTYPE
-#define DECLTYPE(x)
-#else                   /* GNU, Sun and other compilers */
-#define DECLTYPE(x) (__typeof(x))
-#endif
-
-#ifdef NO_DECLTYPE
-#define DECLTYPE_ASSIGN(dst,src)                                                 \
-do {                                                                             \
-  char **_da_dst = (char**)(&(dst));                                             \
-  *_da_dst = (char*)(src);                                                       \
-} while (0)
-#else
-#define DECLTYPE_ASSIGN(dst,src)                                                 \
-do {                                                                             \
-  (dst) = DECLTYPE(dst)(src);                                                    \
-} while (0)
-#endif
-
-/* a number of the hash function use uint32_t which isn't defined on Pre VS2010 */
-#if defined(_WIN32)
-#if defined(_MSC_VER) && _MSC_VER >= 1600
-#include <stdint.h>
-#elif defined(__WATCOMC__) || defined(__MINGW32__) || defined(__CYGWIN__)
-#include <stdint.h>
-#else
-typedef unsigned int uint32_t;
-typedef unsigned char uint8_t;
-#endif
-#elif defined(__GNUC__) && !defined(__VXWORKS__)
-#include <stdint.h>
-#else
-typedef unsigned int uint32_t;
-typedef unsigned char uint8_t;
-#endif
-
-#ifndef uthash_fatal
-#define uthash_fatal(msg) exit(-1)        /* fatal error (out of memory,etc) */
-#endif
-#ifndef uthash_malloc
-#define uthash_malloc(sz) malloc(sz)      /* malloc fcn                      */
-#endif
-#ifndef uthash_free
-#define uthash_free(ptr,sz) free(ptr)     /* free fcn                        */
-#endif
-#ifndef uthash_strlen
-#define uthash_strlen(s) strlen(s)
-#endif
-#ifndef uthash_memcmp
-#define uthash_memcmp(a,b,n) memcmp(a,b,n)
-#endif
-
-#ifndef uthash_noexpand_fyi
-#define uthash_noexpand_fyi(tbl)          /* can be defined to log noexpand  */
-#endif
-#ifndef uthash_expand_fyi
-#define uthash_expand_fyi(tbl)            /* can be defined to log expands   */
-#endif
-
-/* initial number of buckets */
-#define HASH_INITIAL_NUM_BUCKETS 32U     /* initial number of buckets        */
-#define HASH_INITIAL_NUM_BUCKETS_LOG2 5U /* lg2 of initial number of buckets */
-#define HASH_BKT_CAPACITY_THRESH 10U     /* expand when bucket count reaches */
-
-/* calculate the element whose hash handle address is hhp */
-#define ELMT_FROM_HH(tbl,hhp) ((void*)(((char*)(hhp)) - ((tbl)->hho)))
-/* calculate the hash handle from element address elp */
-#define HH_FROM_ELMT(tbl,elp) ((UT_hash_handle *)(((char*)(elp)) + ((tbl)->hho)))
-
-#define HASH_VALUE(keyptr,keylen,hashv)                                          \
-do {                                                                             \
-  HASH_FCN(keyptr, keylen, hashv);                                               \
-} while (0)
-
-#define HASH_FIND_BYHASHVALUE(hh,head,keyptr,keylen,hashval,out)                 \
-do {                                                                             \
-  (out) = NULL;                                                                  \
-  if (head) {                                                                    \
-    unsigned _hf_bkt;                                                            \
-    HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _hf_bkt);                  \
-    if (HASH_BLOOM_TEST((head)->hh.tbl, hashval) != 0) {                         \
-      HASH_FIND_IN_BKT((head)->hh.tbl, hh, (head)->hh.tbl->buckets[ _hf_bkt ], keyptr, keylen, hashval, out); \
-    }                                                                            \
-  }                                                                              \
-} while (0)
-
-#define HASH_FIND(hh,head,keyptr,keylen,out)                                     \
-do {                                                                             \
-  unsigned _hf_hashv;                                                            \
-  HASH_VALUE(keyptr, keylen, _hf_hashv);                                         \
-  HASH_FIND_BYHASHVALUE(hh, head, keyptr, keylen, _hf_hashv, out);               \
-} while (0)
-
-#ifdef HASH_BLOOM
-#define HASH_BLOOM_BITLEN (1UL << HASH_BLOOM)
-#define HASH_BLOOM_BYTELEN (HASH_BLOOM_BITLEN/8UL) + (((HASH_BLOOM_BITLEN%8UL)!=0UL) ? 1UL : 0UL)
-#define HASH_BLOOM_MAKE(tbl)                                                     \
-do {                                                                             \
-  (tbl)->bloom_nbits = HASH_BLOOM;                                               \
-  (tbl)->bloom_bv = (uint8_t*)uthash_malloc(HASH_BLOOM_BYTELEN);                 \
-  if (!((tbl)->bloom_bv))  { uthash_fatal( "out of memory"); }                   \
-  memset((tbl)->bloom_bv, 0, HASH_BLOOM_BYTELEN);                                \
-  (tbl)->bloom_sig = HASH_BLOOM_SIGNATURE;                                       \
-} while (0)
-
-#define HASH_BLOOM_FREE(tbl)                                                     \
-do {                                                                             \
-  uthash_free((tbl)->bloom_bv, HASH_BLOOM_BYTELEN);                              \
-} while (0)
-
-#define HASH_BLOOM_BITSET(bv,idx) (bv[(idx)/8U] |= (1U << ((idx)%8U)))
-#define HASH_BLOOM_BITTEST(bv,idx) (bv[(idx)/8U] & (1U << ((idx)%8U)))
-
-#define HASH_BLOOM_ADD(tbl,hashv)                                                \
-  HASH_BLOOM_BITSET((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1U)))
-
-#define HASH_BLOOM_TEST(tbl,hashv)                                               \
-  HASH_BLOOM_BITTEST((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1U)))
-
-#else
-#define HASH_BLOOM_MAKE(tbl)
-#define HASH_BLOOM_FREE(tbl)
-#define HASH_BLOOM_ADD(tbl,hashv)
-#define HASH_BLOOM_TEST(tbl,hashv) (1)
-#define HASH_BLOOM_BYTELEN 0U
-#endif
-
-#define HASH_MAKE_TABLE(hh,head)                                                 \
-do {                                                                             \
-  (head)->hh.tbl = (UT_hash_table*)uthash_malloc(                                \
-                  sizeof(UT_hash_table));                                        \
-  if (!((head)->hh.tbl))  { uthash_fatal( "out of memory"); }                    \
-  memset((head)->hh.tbl, 0, sizeof(UT_hash_table));                              \
-  (head)->hh.tbl->tail = &((head)->hh);                                          \
-  (head)->hh.tbl->num_buckets = HASH_INITIAL_NUM_BUCKETS;                        \
-  (head)->hh.tbl->log2_num_buckets = HASH_INITIAL_NUM_BUCKETS_LOG2;              \
-  (head)->hh.tbl->hho = (char*)(&(head)->hh) - (char*)(head);                    \
-  (head)->hh.tbl->buckets = (UT_hash_bucket*)uthash_malloc(                      \
-          HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket));               \
-  if (! (head)->hh.tbl->buckets) { uthash_fatal( "out of memory"); }             \
-  memset((head)->hh.tbl->buckets, 0,                                             \
-          HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket));               \
-  HASH_BLOOM_MAKE((head)->hh.tbl);                                               \
-  (head)->hh.tbl->signature = HASH_SIGNATURE;                                    \
-} while (0)
-
-#define HASH_REPLACE_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,replaced,cmpfcn) \
-do {                                                                             \
-  (replaced) = NULL;                                                             \
-  HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \
-  if (replaced) {                                                                \
-     HASH_DELETE(hh, head, replaced);                                            \
-  }                                                                              \
-  HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn); \
-} while (0)
-
-#define HASH_REPLACE_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add,replaced) \
-do {                                                                             \
-  (replaced) = NULL;                                                             \
-  HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \
-  if (replaced) {                                                                \
-     HASH_DELETE(hh, head, replaced);                                            \
-  }                                                                              \
-  HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add); \
-} while (0)
-
-#define HASH_REPLACE(hh,head,fieldname,keylen_in,add,replaced)                   \
-do {                                                                             \
-  unsigned _hr_hashv;                                                            \
-  HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv);                         \
-  HASH_REPLACE_BYHASHVALUE(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced); \
-} while (0)
-
-#define HASH_REPLACE_INORDER(hh,head,fieldname,keylen_in,add,replaced,cmpfcn)    \
-do {                                                                             \
-  unsigned _hr_hashv;                                                            \
-  HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv);                         \
-  HASH_REPLACE_BYHASHVALUE_INORDER(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced, cmpfcn); \
-} while (0)
-
-#define HASH_APPEND_LIST(hh, head, add)                                          \
-do {                                                                             \
-  (add)->hh.next = NULL;                                                         \
-  (add)->hh.prev = ELMT_FROM_HH((head)->hh.tbl, (head)->hh.tbl->tail);           \
-  (head)->hh.tbl->tail->next = (add);                                            \
-  (head)->hh.tbl->tail = &((add)->hh);                                           \
-} while (0)
-
-#define HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh,head,keyptr,keylen_in,hashval,add,cmpfcn) \
-do {                                                                             \
-  unsigned _ha_bkt;                                                              \
-  (add)->hh.hashv = (hashval);                                                   \
-  (add)->hh.key = (char*) (keyptr);                                              \
-  (add)->hh.keylen = (unsigned) (keylen_in);                                     \
-  if (!(head)) {                                                                 \
-    (add)->hh.next = NULL;                                                       \
-    (add)->hh.prev = NULL;                                                       \
-    (head) = (add);                                                              \
-    HASH_MAKE_TABLE(hh, head);                                                   \
-  } else {                                                                       \
-    struct UT_hash_handle *_hs_iter = &(head)->hh;                               \
-    (add)->hh.tbl = (head)->hh.tbl;                                              \
-    do {                                                                         \
-      if (cmpfcn(DECLTYPE(head) ELMT_FROM_HH((head)->hh.tbl, _hs_iter), add) > 0) \
-        break;                                                                   \
-    } while ((_hs_iter = _hs_iter->next));                                       \
-    if (_hs_iter) {                                                              \
-      (add)->hh.next = _hs_iter;                                                 \
-      if (((add)->hh.prev = _hs_iter->prev)) {                                   \
-        HH_FROM_ELMT((head)->hh.tbl, _hs_iter->prev)->next = (add);              \
-      } else {                                                                   \
-        (head) = (add);                                                          \
-      }                                                                          \
-      _hs_iter->prev = (add);                                                    \
-    } else {                                                                     \
-      HASH_APPEND_LIST(hh, head, add);                                           \
-    }                                                                            \
-  }                                                                              \
-  (head)->hh.tbl->num_items++;                                                   \
-  HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt);                    \
-  HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], &(add)->hh);                 \
-  HASH_BLOOM_ADD((head)->hh.tbl, hashval);                                       \
-  HASH_EMIT_KEY(hh, head, keyptr, keylen_in);                                    \
-  HASH_FSCK(hh, head);                                                           \
-} while (0)
-
-#define HASH_ADD_KEYPTR_INORDER(hh,head,keyptr,keylen_in,add,cmpfcn)             \
-do {                                                                             \
-  unsigned _hs_hashv;                                                            \
-  HASH_VALUE(keyptr, keylen_in, _hs_hashv);                                      \
-  HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, keyptr, keylen_in, _hs_hashv, add, cmpfcn); \
-} while (0)
-
-#define HASH_ADD_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,cmpfcn) \
-  HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn)
-
-#define HASH_ADD_INORDER(hh,head,fieldname,keylen_in,add,cmpfcn)                 \
-  HASH_ADD_KEYPTR_INORDER(hh, head, &((add)->fieldname), keylen_in, add, cmpfcn)
-
-#define HASH_ADD_KEYPTR_BYHASHVALUE(hh,head,keyptr,keylen_in,hashval,add)        \
-do {                                                                             \
-  unsigned _ha_bkt;                                                              \
-  (add)->hh.hashv = (hashval);                                                   \
-  (add)->hh.key = (char*) (keyptr);                                              \
-  (add)->hh.keylen = (unsigned) (keylen_in);                                     \
-  if (!(head)) {                                                                 \
-    (add)->hh.next = NULL;                                                       \
-    (add)->hh.prev = NULL;                                                       \
-    (head) = (add);                                                              \
-    HASH_MAKE_TABLE(hh, head);                                                   \
-  } else {                                                                       \
-    (add)->hh.tbl = (head)->hh.tbl;                                              \
-    HASH_APPEND_LIST(hh, head, add);                                             \
-  }                                                                              \
-  (head)->hh.tbl->num_items++;                                                   \
-  HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt);                    \
-  HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], &(add)->hh);                 \
-  HASH_BLOOM_ADD((head)->hh.tbl, hashval);                                       \
-  HASH_EMIT_KEY(hh, head, keyptr, keylen_in);                                    \
-  HASH_FSCK(hh, head);                                                           \
-} while (0)
-
-#define HASH_ADD_KEYPTR(hh,head,keyptr,keylen_in,add)                            \
-do {                                                                             \
-  unsigned _ha_hashv;                                                            \
-  HASH_VALUE(keyptr, keylen_in, _ha_hashv);                                      \
-  HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, keyptr, keylen_in, _ha_hashv, add);      \
-} while (0)
-
-#define HASH_ADD_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add)            \
-  HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add)
-
-#define HASH_ADD(hh,head,fieldname,keylen_in,add)                                \
-  HASH_ADD_KEYPTR(hh, head, &((add)->fieldname), keylen_in, add)
-
-#define HASH_TO_BKT(hashv,num_bkts,bkt)                                          \
-do {                                                                             \
-  bkt = ((hashv) & ((num_bkts) - 1U));                                           \
-} while (0)
-
-/* delete "delptr" from the hash table.
- * "the usual" patch-up process for the app-order doubly-linked-list.
- * The use of _hd_hh_del below deserves special explanation.
- * These used to be expressed using (delptr) but that led to a bug
- * if someone used the same symbol for the head and deletee, like
- *  HASH_DELETE(hh,users,users);
- * We want that to work, but by changing the head (users) below
- * we were forfeiting our ability to further refer to the deletee (users)
- * in the patch-up process. Solution: use scratch space to
- * copy the deletee pointer, then the latter references are via that
- * scratch pointer rather than through the repointed (users) symbol.
- */
-#define HASH_DELETE(hh,head,delptr)                                              \
-do {                                                                             \
-    struct UT_hash_handle *_hd_hh_del;                                           \
-    if ( ((delptr)->hh.prev == NULL) && ((delptr)->hh.next == NULL) )  {         \
-        uthash_free((head)->hh.tbl->buckets,                                     \
-                    (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \
-        HASH_BLOOM_FREE((head)->hh.tbl);                                         \
-        uthash_free((head)->hh.tbl, sizeof(UT_hash_table));                      \
-        head = NULL;                                                             \
-    } else {                                                                     \
-        unsigned _hd_bkt;                                                        \
-        _hd_hh_del = &((delptr)->hh);                                            \
-        if ((delptr) == ELMT_FROM_HH((head)->hh.tbl,(head)->hh.tbl->tail)) {     \
-            (head)->hh.tbl->tail =                                               \
-                (UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) +               \
-                (head)->hh.tbl->hho);                                            \
-        }                                                                        \
-        if ((delptr)->hh.prev != NULL) {                                         \
-            ((UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) +                  \
-                    (head)->hh.tbl->hho))->next = (delptr)->hh.next;             \
-        } else {                                                                 \
-            DECLTYPE_ASSIGN(head,(delptr)->hh.next);                             \
-        }                                                                        \
-        if (_hd_hh_del->next != NULL) {                                          \
-            ((UT_hash_handle*)((ptrdiff_t)_hd_hh_del->next +                     \
-                    (head)->hh.tbl->hho))->prev =                                \
-                    _hd_hh_del->prev;                                            \
-        }                                                                        \
-        HASH_TO_BKT( _hd_hh_del->hashv, (head)->hh.tbl->num_buckets, _hd_bkt);   \
-        HASH_DEL_IN_BKT(hh,(head)->hh.tbl->buckets[_hd_bkt], _hd_hh_del);        \
-        (head)->hh.tbl->num_items--;                                             \
-    }                                                                            \
-    HASH_FSCK(hh,head);                                                          \
-} while (0)
-
-
-/* convenience forms of HASH_FIND/HASH_ADD/HASH_DEL */
-#define HASH_FIND_STR(head,findstr,out)                                          \
-    HASH_FIND(hh,head,findstr,(unsigned)uthash_strlen(findstr),out)
-#define HASH_ADD_STR(head,strfield,add)                                          \
-    HASH_ADD(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add)
-#define HASH_REPLACE_STR(head,strfield,add,replaced)                             \
-    HASH_REPLACE(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add,replaced)
-#define HASH_FIND_INT(head,findint,out)                                          \
-    HASH_FIND(hh,head,findint,sizeof(int),out)
-#define HASH_ADD_INT(head,intfield,add)                                          \
-    HASH_ADD(hh,head,intfield,sizeof(int),add)
-#define HASH_REPLACE_INT(head,intfield,add,replaced)                             \
-    HASH_REPLACE(hh,head,intfield,sizeof(int),add,replaced)
-#define HASH_FIND_PTR(head,findptr,out)                                          \
-    HASH_FIND(hh,head,findptr,sizeof(void *),out)
-#define HASH_ADD_PTR(head,ptrfield,add)                                          \
-    HASH_ADD(hh,head,ptrfield,sizeof(void *),add)
-#define HASH_REPLACE_PTR(head,ptrfield,add,replaced)                             \
-    HASH_REPLACE(hh,head,ptrfield,sizeof(void *),add,replaced)
-#define HASH_DEL(head,delptr)                                                    \
-    HASH_DELETE(hh,head,delptr)
-
-/* HASH_FSCK checks hash integrity on every add/delete when HASH_DEBUG is defined.
- * This is for uthash developer only; it compiles away if HASH_DEBUG isn't defined.
- */
-#ifdef HASH_DEBUG
-#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
-#define HASH_FSCK(hh,head)                                                       \
-do {                                                                             \
-    struct UT_hash_handle *_thh;                                                 \
-    if (head) {                                                                  \
-        unsigned _bkt_i;                                                         \
-        unsigned _count;                                                         \
-        char *_prev;                                                             \
-        _count = 0;                                                              \
-        for( _bkt_i = 0; _bkt_i < (head)->hh.tbl->num_buckets; _bkt_i++) {       \
-            unsigned _bkt_count = 0;                                             \
-            _thh = (head)->hh.tbl->buckets[_bkt_i].hh_head;                      \
-            _prev = NULL;                                                        \
-            while (_thh) {                                                       \
-               if (_prev != (char*)(_thh->hh_prev)) {                            \
-                   HASH_OOPS("invalid hh_prev %p, actual %p\n",                  \
-                    _thh->hh_prev, _prev );                                      \
-               }                                                                 \
-               _bkt_count++;                                                     \
-               _prev = (char*)(_thh);                                            \
-               _thh = _thh->hh_next;                                             \
-            }                                                                    \
-            _count += _bkt_count;                                                \
-            if ((head)->hh.tbl->buckets[_bkt_i].count !=  _bkt_count) {          \
-               HASH_OOPS("invalid bucket count %u, actual %u\n",                 \
-                (head)->hh.tbl->buckets[_bkt_i].count, _bkt_count);              \
-            }                                                                    \
-        }                                                                        \
-        if (_count != (head)->hh.tbl->num_items) {                               \
-            HASH_OOPS("invalid hh item count %u, actual %u\n",                   \
-                (head)->hh.tbl->num_items, _count );                             \
-        }                                                                        \
-        /* traverse hh in app order; check next/prev integrity, count */         \
-        _count = 0;                                                              \
-        _prev = NULL;                                                            \
-        _thh =  &(head)->hh;                                                     \
-        while (_thh) {                                                           \
-           _count++;                                                             \
-           if (_prev !=(char*)(_thh->prev)) {                                    \
-              HASH_OOPS("invalid prev %p, actual %p\n",                          \
-                    _thh->prev, _prev );                                         \
-           }                                                                     \
-           _prev = (char*)ELMT_FROM_HH((head)->hh.tbl, _thh);                    \
-           _thh = ( _thh->next ?  (UT_hash_handle*)((char*)(_thh->next) +        \
-                                  (head)->hh.tbl->hho) : NULL );                 \
-        }                                                                        \
-        if (_count != (head)->hh.tbl->num_items) {                               \
-            HASH_OOPS("invalid app item count %u, actual %u\n",                  \
-                (head)->hh.tbl->num_items, _count );                             \
-        }                                                                        \
-    }                                                                            \
-} while (0)
-#else
-#define HASH_FSCK(hh,head)
-#endif
-
-/* When compiled with -DHASH_EMIT_KEYS, length-prefixed keys are emitted to
- * the descriptor to which this macro is defined for tuning the hash function.
- * The app can #include <unistd.h> to get the prototype for write(2). */
-#ifdef HASH_EMIT_KEYS
-#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen)                                   \
-do {                                                                             \
-    unsigned _klen = fieldlen;                                                   \
-    write(HASH_EMIT_KEYS, &_klen, sizeof(_klen));                                \
-    write(HASH_EMIT_KEYS, keyptr, (unsigned long)fieldlen);                      \
-} while (0)
-#else
-#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen)
-#endif
-
-/* default to Jenkin's hash unless overridden e.g. DHASH_FUNCTION=HASH_SAX */
-#ifdef HASH_FUNCTION
-#define HASH_FCN HASH_FUNCTION
-#else
-#define HASH_FCN HASH_JEN
-#endif
-
-/* The Bernstein hash function, used in Perl prior to v5.6. Note (x<<5+x)=x*33. */
-#define HASH_BER(key,keylen,hashv)                                               \
-do {                                                                             \
-  unsigned _hb_keylen=(unsigned)keylen;                                          \
-  const unsigned char *_hb_key=(const unsigned char*)(key);                      \
-  (hashv) = 0;                                                                   \
-  while (_hb_keylen-- != 0U) {                                                   \
-      (hashv) = (((hashv) << 5) + (hashv)) + *_hb_key++;                         \
-  }                                                                              \
-} while (0)
-
-
-/* SAX/FNV/OAT/JEN hash functions are macro variants of those listed at
- * http://eternallyconfuzzled.com/tuts/algorithms/jsw_tut_hashing.aspx */
-#define HASH_SAX(key,keylen,hashv)                                               \
-do {                                                                             \
-  unsigned _sx_i;                                                                \
-  const unsigned char *_hs_key=(const unsigned char*)(key);                      \
-  hashv = 0;                                                                     \
-  for(_sx_i=0; _sx_i < keylen; _sx_i++) {                                        \
-      hashv ^= (hashv << 5) + (hashv >> 2) + _hs_key[_sx_i];                     \
-  }                                                                              \
-} while (0)
-/* FNV-1a variation */
-#define HASH_FNV(key,keylen,hashv)                                               \
-do {                                                                             \
-  unsigned _fn_i;                                                                \
-  const unsigned char *_hf_key=(const unsigned char*)(key);                      \
-  hashv = 2166136261U;                                                           \
-  for(_fn_i=0; _fn_i < keylen; _fn_i++) {                                        \
-      hashv = hashv ^ _hf_key[_fn_i];                                            \
-      hashv = hashv * 16777619U;                                                 \
-  }                                                                              \
-} while (0)
-
-#define HASH_OAT(key,keylen,hashv)                                               \
-do {                                                                             \
-  unsigned _ho_i;                                                                \
-  const unsigned char *_ho_key=(const unsigned char*)(key);                      \
-  hashv = 0;                                                                     \
-  for(_ho_i=0; _ho_i < keylen; _ho_i++) {                                        \
-      hashv += _ho_key[_ho_i];                                                   \
-      hashv += (hashv << 10);                                                    \
-      hashv ^= (hashv >> 6);                                                     \
-  }                                                                              \
-  hashv += (hashv << 3);                                                         \
-  hashv ^= (hashv >> 11);                                                        \
-  hashv += (hashv << 15);                                                        \
-} while (0)
-
-#define HASH_JEN_MIX(a,b,c)                                                      \
-do {                                                                             \
-  a -= b; a -= c; a ^= ( c >> 13 );                                              \
-  b -= c; b -= a; b ^= ( a << 8 );                                               \
-  c -= a; c -= b; c ^= ( b >> 13 );                                              \
-  a -= b; a -= c; a ^= ( c >> 12 );                                              \
-  b -= c; b -= a; b ^= ( a << 16 );                                              \
-  c -= a; c -= b; c ^= ( b >> 5 );                                               \
-  a -= b; a -= c; a ^= ( c >> 3 );                                               \
-  b -= c; b -= a; b ^= ( a << 10 );                                              \
-  c -= a; c -= b; c ^= ( b >> 15 );                                              \
-} while (0)
-
-#define HASH_JEN(key,keylen,hashv)                                               \
-do {                                                                             \
-  unsigned _hj_i,_hj_j,_hj_k;                                                    \
-  unsigned const char *_hj_key=(unsigned const char*)(key);                      \
-  hashv = 0xfeedbeefu;                                                           \
-  _hj_i = _hj_j = 0x9e3779b9u;                                                   \
-  _hj_k = (unsigned)(keylen);                                                    \
-  while (_hj_k >= 12U) {                                                         \
-    _hj_i +=    (_hj_key[0] + ( (unsigned)_hj_key[1] << 8 )                      \
-        + ( (unsigned)_hj_key[2] << 16 )                                         \
-        + ( (unsigned)_hj_key[3] << 24 ) );                                      \
-    _hj_j +=    (_hj_key[4] + ( (unsigned)_hj_key[5] << 8 )                      \
-        + ( (unsigned)_hj_key[6] << 16 )                                         \
-        + ( (unsigned)_hj_key[7] << 24 ) );                                      \
-    hashv += (_hj_key[8] + ( (unsigned)_hj_key[9] << 8 )                         \
-        + ( (unsigned)_hj_key[10] << 16 )                                        \
-        + ( (unsigned)_hj_key[11] << 24 ) );                                     \
-                                                                                 \
-     HASH_JEN_MIX(_hj_i, _hj_j, hashv);                                          \
-                                                                                 \
-     _hj_key += 12;                                                              \
-     _hj_k -= 12U;                                                               \
-  }                                                                              \
-  hashv += (unsigned)(keylen);                                                   \
-  switch ( _hj_k ) {                                                             \
-     case 11: hashv += ( (unsigned)_hj_key[10] << 24 ); /* FALLTHROUGH */        \
-     case 10: hashv += ( (unsigned)_hj_key[9] << 16 );  /* FALLTHROUGH */        \
-     case 9:  hashv += ( (unsigned)_hj_key[8] << 8 );   /* FALLTHROUGH */        \
-     case 8:  _hj_j += ( (unsigned)_hj_key[7] << 24 );  /* FALLTHROUGH */        \
-     case 7:  _hj_j += ( (unsigned)_hj_key[6] << 16 );  /* FALLTHROUGH */        \
-     case 6:  _hj_j += ( (unsigned)_hj_key[5] << 8 );   /* FALLTHROUGH */        \
-     case 5:  _hj_j += _hj_key[4];                      /* FALLTHROUGH */        \
-     case 4:  _hj_i += ( (unsigned)_hj_key[3] << 24 );  /* FALLTHROUGH */        \
-     case 3:  _hj_i += ( (unsigned)_hj_key[2] << 16 );  /* FALLTHROUGH */        \
-     case 2:  _hj_i += ( (unsigned)_hj_key[1] << 8 );   /* FALLTHROUGH */        \
-     case 1:  _hj_i += _hj_key[0];                                               \
-  }                                                                              \
-  HASH_JEN_MIX(_hj_i, _hj_j, hashv);                                             \
-} while (0)
-
-/* The Paul Hsieh hash function */
-#undef get16bits
-#if (defined(__GNUC__) && defined(__i386__)) || defined(__WATCOMC__)             \
-  || defined(_MSC_VER) || defined (__BORLANDC__) || defined (__TURBOC__)
-#define get16bits(d) (*((const uint16_t *) (d)))
-#endif
-
-#if !defined (get16bits)
-#define get16bits(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8)             \
-                       +(uint32_t)(((const uint8_t *)(d))[0]) )
-#endif
-#define HASH_SFH(key,keylen,hashv)                                               \
-do {                                                                             \
-  unsigned const char *_sfh_key=(unsigned const char*)(key);                     \
-  uint32_t _sfh_tmp, _sfh_len = (uint32_t)keylen;                                \
-                                                                                 \
-  unsigned _sfh_rem = _sfh_len & 3U;                                             \
-  _sfh_len >>= 2;                                                                \
-  hashv = 0xcafebabeu;                                                           \
-                                                                                 \
-  /* Main loop */                                                                \
-  for (;_sfh_len > 0U; _sfh_len--) {                                             \
-    hashv    += get16bits (_sfh_key);                                            \
-    _sfh_tmp  = ((uint32_t)(get16bits (_sfh_key+2)) << 11) ^ hashv;              \
-    hashv     = (hashv << 16) ^ _sfh_tmp;                                        \
-    _sfh_key += 2U*sizeof (uint16_t);                                            \
-    hashv    += hashv >> 11;                                                     \
-  }                                                                              \
-                                                                                 \
-  /* Handle end cases */                                                         \
-  switch (_sfh_rem) {                                                            \
-    case 3: hashv += get16bits (_sfh_key);                                       \
-            hashv ^= hashv << 16;                                                \
-            hashv ^= (uint32_t)(_sfh_key[sizeof (uint16_t)]) << 18;              \
-            hashv += hashv >> 11;                                                \
-            break;                                                               \
-    case 2: hashv += get16bits (_sfh_key);                                       \
-            hashv ^= hashv << 11;                                                \
-            hashv += hashv >> 17;                                                \
-            break;                                                               \
-    case 1: hashv += *_sfh_key;                                                  \
-            hashv ^= hashv << 10;                                                \
-            hashv += hashv >> 1;                                                 \
-  }                                                                              \
-                                                                                 \
-    /* Force "avalanching" of final 127 bits */                                  \
-    hashv ^= hashv << 3;                                                         \
-    hashv += hashv >> 5;                                                         \
-    hashv ^= hashv << 4;                                                         \
-    hashv += hashv >> 17;                                                        \
-    hashv ^= hashv << 25;                                                        \
-    hashv += hashv >> 6;                                                         \
-} while (0)
-
-#ifdef HASH_USING_NO_STRICT_ALIASING
-/* The MurmurHash exploits some CPU's (x86,x86_64) tolerance for unaligned reads.
- * For other types of CPU's (e.g. Sparc) an unaligned read causes a bus error.
- * MurmurHash uses the faster approach only on CPU's where we know it's safe.
- *
- * Note the preprocessor built-in defines can be emitted using:
- *
- *   gcc -m64 -dM -E - < /dev/null                  (on gcc)
- *   cc -## a.c (where a.c is a simple test file)   (Sun Studio)
- */
-#if (defined(__i386__) || defined(__x86_64__)  || defined(_M_IX86))
-#define MUR_GETBLOCK(p,i) p[i]
-#else /* non intel */
-#define MUR_PLUS0_ALIGNED(p) (((unsigned long)p & 3UL) == 0UL)
-#define MUR_PLUS1_ALIGNED(p) (((unsigned long)p & 3UL) == 1UL)
-#define MUR_PLUS2_ALIGNED(p) (((unsigned long)p & 3UL) == 2UL)
-#define MUR_PLUS3_ALIGNED(p) (((unsigned long)p & 3UL) == 3UL)
-#define WP(p) ((uint32_t*)((unsigned long)(p) & ~3UL))
-#if (defined(__BIG_ENDIAN__) || defined(SPARC) || defined(__ppc__) || defined(__ppc64__))
-#define MUR_THREE_ONE(p) ((((*WP(p))&0x00ffffff) << 8) | (((*(WP(p)+1))&0xff000000) >> 24))
-#define MUR_TWO_TWO(p)   ((((*WP(p))&0x0000ffff) <<16) | (((*(WP(p)+1))&0xffff0000) >> 16))
-#define MUR_ONE_THREE(p) ((((*WP(p))&0x000000ff) <<24) | (((*(WP(p)+1))&0xffffff00) >>  8))
-#else /* assume little endian non-intel */
-#define MUR_THREE_ONE(p) ((((*WP(p))&0xffffff00) >> 8) | (((*(WP(p)+1))&0x000000ff) << 24))
-#define MUR_TWO_TWO(p)   ((((*WP(p))&0xffff0000) >>16) | (((*(WP(p)+1))&0x0000ffff) << 16))
-#define MUR_ONE_THREE(p) ((((*WP(p))&0xff000000) >>24) | (((*(WP(p)+1))&0x00ffffff) <<  8))
-#endif
-#define MUR_GETBLOCK(p,i) (MUR_PLUS0_ALIGNED(p) ? ((p)[i]) :           \
-                            (MUR_PLUS1_ALIGNED(p) ? MUR_THREE_ONE(p) : \
-                             (MUR_PLUS2_ALIGNED(p) ? MUR_TWO_TWO(p) :  \
-                                                      MUR_ONE_THREE(p))))
-#endif
-#define MUR_ROTL32(x,r) (((x) << (r)) | ((x) >> (32 - (r))))
-#define MUR_FMIX(_h) \
-do {                 \
-  _h ^= _h >> 16;    \
-  _h *= 0x85ebca6bu; \
-  _h ^= _h >> 13;    \
-  _h *= 0xc2b2ae35u; \
-  _h ^= _h >> 16;    \
-} while (0)
-
-#define HASH_MUR(key,keylen,hashv)                                     \
-do {                                                                   \
-  const uint8_t *_mur_data = (const uint8_t*)(key);                    \
-  const int _mur_nblocks = (int)(keylen) / 4;                          \
-  uint32_t _mur_h1 = 0xf88D5353u;                                      \
-  uint32_t _mur_c1 = 0xcc9e2d51u;                                      \
-  uint32_t _mur_c2 = 0x1b873593u;                                      \
-  uint32_t _mur_k1 = 0;                                                \
-  const uint8_t *_mur_tail;                                            \
-  const uint32_t *_mur_blocks = (const uint32_t*)(_mur_data+(_mur_nblocks*4)); \
-  int _mur_i;                                                          \
-  for(_mur_i = -_mur_nblocks; _mur_i!=0; _mur_i++) {                   \
-    _mur_k1 = MUR_GETBLOCK(_mur_blocks,_mur_i);                        \
-    _mur_k1 *= _mur_c1;                                                \
-    _mur_k1 = MUR_ROTL32(_mur_k1,15);                                  \
-    _mur_k1 *= _mur_c2;                                                \
-                                                                       \
-    _mur_h1 ^= _mur_k1;                                                \
-    _mur_h1 = MUR_ROTL32(_mur_h1,13);                                  \
-    _mur_h1 = (_mur_h1*5U) + 0xe6546b64u;                              \
-  }                                                                    \
-  _mur_tail = (const uint8_t*)(_mur_data + (_mur_nblocks*4));          \
-  _mur_k1=0;                                                           \
-  switch((keylen) & 3U) {                                              \
-    case 3: _mur_k1 ^= (uint32_t)_mur_tail[2] << 16; /* FALLTHROUGH */ \
-    case 2: _mur_k1 ^= (uint32_t)_mur_tail[1] << 8;  /* FALLTHROUGH */ \
-    case 1: _mur_k1 ^= (uint32_t)_mur_tail[0];                         \
-    _mur_k1 *= _mur_c1;                                                \
-    _mur_k1 = MUR_ROTL32(_mur_k1,15);                                  \
-    _mur_k1 *= _mur_c2;                                                \
-    _mur_h1 ^= _mur_k1;                                                \
-  }                                                                    \
-  _mur_h1 ^= (uint32_t)(keylen);                                       \
-  MUR_FMIX(_mur_h1);                                                   \
-  hashv = _mur_h1;                                                     \
-} while (0)
-#endif  /* HASH_USING_NO_STRICT_ALIASING */
-
-/* iterate over items in a known bucket to find desired item */
-#define HASH_FIND_IN_BKT(tbl,hh,head,keyptr,keylen_in,hashval,out)               \
-do {                                                                             \
-  if ((head).hh_head != NULL) {                                                  \
-    DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (head).hh_head));                     \
-  } else {                                                                       \
-    (out) = NULL;                                                                \
-  }                                                                              \
-  while ((out) != NULL) {                                                        \
-    if ((out)->hh.hashv == (hashval) && (out)->hh.keylen == (keylen_in)) {       \
-      if (uthash_memcmp((out)->hh.key, keyptr, keylen_in) == 0) {                \
-        break;                                                                   \
-      }                                                                          \
-    }                                                                            \
-    if ((out)->hh.hh_next != NULL) {                                             \
-      DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (out)->hh.hh_next));                \
-    } else {                                                                     \
-      (out) = NULL;                                                              \
-    }                                                                            \
-  }                                                                              \
-} while (0)
-
-/* add an item to a bucket  */
-#define HASH_ADD_TO_BKT(head,addhh)                                              \
-do {                                                                             \
- head.count++;                                                                   \
- (addhh)->hh_next = head.hh_head;                                                \
- (addhh)->hh_prev = NULL;                                                        \
- if (head.hh_head != NULL) { (head).hh_head->hh_prev = (addhh); }                \
- (head).hh_head=addhh;                                                           \
- if ((head.count >= ((head.expand_mult+1U) * HASH_BKT_CAPACITY_THRESH))          \
-     && ((addhh)->tbl->noexpand != 1U)) {                                        \
-       HASH_EXPAND_BUCKETS((addhh)->tbl);                                        \
- }                                                                               \
-} while (0)
-
-/* remove an item from a given bucket */
-#define HASH_DEL_IN_BKT(hh,head,hh_del)                                          \
-    (head).count--;                                                              \
-    if ((head).hh_head == hh_del) {                                              \
-      (head).hh_head = hh_del->hh_next;                                          \
-    }                                                                            \
-    if (hh_del->hh_prev) {                                                       \
-        hh_del->hh_prev->hh_next = hh_del->hh_next;                              \
-    }                                                                            \
-    if (hh_del->hh_next) {                                                       \
-        hh_del->hh_next->hh_prev = hh_del->hh_prev;                              \
-    }
-
-/* Bucket expansion has the effect of doubling the number of buckets
- * and redistributing the items into the new buckets. Ideally the
- * items will distribute more or less evenly into the new buckets
- * (the extent to which this is true is a measure of the quality of
- * the hash function as it applies to the key domain).
- *
- * With the items distributed into more buckets, the chain length
- * (item count) in each bucket is reduced. Thus by expanding buckets
- * the hash keeps a bound on the chain length. This bounded chain
- * length is the essence of how a hash provides constant time lookup.
- *
- * The calculation of tbl->ideal_chain_maxlen below deserves some
- * explanation. First, keep in mind that we're calculating the ideal
- * maximum chain length based on the *new* (doubled) bucket count.
- * In fractions this is just n/b (n=number of items,b=new num buckets).
- * Since the ideal chain length is an integer, we want to calculate
- * ceil(n/b). We don't depend on floating point arithmetic in this
- * hash, so to calculate ceil(n/b) with integers we could write
- *
- *      ceil(n/b) = (n/b) + ((n%b)?1:0)
- *
- * and in fact a previous version of this hash did just that.
- * But now we have improved things a bit by recognizing that b is
- * always a power of two. We keep its base 2 log handy (call it lb),
- * so now we can write this with a bit shift and logical AND:
- *
- *      ceil(n/b) = (n>>lb) + ( (n & (b-1)) ? 1:0)
- *
- */
-#define HASH_EXPAND_BUCKETS(tbl)                                                 \
-do {                                                                             \
-    unsigned _he_bkt;                                                            \
-    unsigned _he_bkt_i;                                                          \
-    struct UT_hash_handle *_he_thh, *_he_hh_nxt;                                 \
-    UT_hash_bucket *_he_new_buckets, *_he_newbkt;                                \
-    _he_new_buckets = (UT_hash_bucket*)uthash_malloc(                            \
-             2UL * tbl->num_buckets * sizeof(struct UT_hash_bucket));            \
-    if (!_he_new_buckets) { uthash_fatal( "out of memory"); }                    \
-    memset(_he_new_buckets, 0,                                                   \
-            2UL * tbl->num_buckets * sizeof(struct UT_hash_bucket));             \
-    tbl->ideal_chain_maxlen =                                                    \
-       (tbl->num_items >> (tbl->log2_num_buckets+1U)) +                          \
-       (((tbl->num_items & ((tbl->num_buckets*2U)-1U)) != 0U) ? 1U : 0U);        \
-    tbl->nonideal_items = 0;                                                     \
-    for(_he_bkt_i = 0; _he_bkt_i < tbl->num_buckets; _he_bkt_i++)                \
-    {                                                                            \
-        _he_thh = tbl->buckets[ _he_bkt_i ].hh_head;                             \
-        while (_he_thh != NULL) {                                                \
-           _he_hh_nxt = _he_thh->hh_next;                                        \
-           HASH_TO_BKT( _he_thh->hashv, tbl->num_buckets*2U, _he_bkt);           \
-           _he_newbkt = &(_he_new_buckets[ _he_bkt ]);                           \
-           if (++(_he_newbkt->count) > tbl->ideal_chain_maxlen) {                \
-             tbl->nonideal_items++;                                              \
-             _he_newbkt->expand_mult = _he_newbkt->count /                       \
-                                        tbl->ideal_chain_maxlen;                 \
-           }                                                                     \
-           _he_thh->hh_prev = NULL;                                              \
-           _he_thh->hh_next = _he_newbkt->hh_head;                               \
-           if (_he_newbkt->hh_head != NULL) { _he_newbkt->hh_head->hh_prev =     \
-                _he_thh; }                                                       \
-           _he_newbkt->hh_head = _he_thh;                                        \
-           _he_thh = _he_hh_nxt;                                                 \
-        }                                                                        \
-    }                                                                            \
-    uthash_free( tbl->buckets, tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \
-    tbl->num_buckets *= 2U;                                                      \
-    tbl->log2_num_buckets++;                                                     \
-    tbl->buckets = _he_new_buckets;                                              \
-    tbl->ineff_expands = (tbl->nonideal_items > (tbl->num_items >> 1)) ?         \
-        (tbl->ineff_expands+1U) : 0U;                                            \
-    if (tbl->ineff_expands > 1U) {                                               \
-        tbl->noexpand=1;                                                         \
-        uthash_noexpand_fyi(tbl);                                                \
-    }                                                                            \
-    uthash_expand_fyi(tbl);                                                      \
-} while (0)
-
-
-/* This is an adaptation of Simon Tatham's O(n log(n)) mergesort */
-/* Note that HASH_SORT assumes the hash handle name to be hh.
- * HASH_SRT was added to allow the hash handle name to be passed in. */
-#define HASH_SORT(head,cmpfcn) HASH_SRT(hh,head,cmpfcn)
-#define HASH_SRT(hh,head,cmpfcn)                                                 \
-do {                                                                             \
-  unsigned _hs_i;                                                                \
-  unsigned _hs_looping,_hs_nmerges,_hs_insize,_hs_psize,_hs_qsize;               \
-  struct UT_hash_handle *_hs_p, *_hs_q, *_hs_e, *_hs_list, *_hs_tail;            \
-  if (head != NULL) {                                                            \
-      _hs_insize = 1;                                                            \
-      _hs_looping = 1;                                                           \
-      _hs_list = &((head)->hh);                                                  \
-      while (_hs_looping != 0U) {                                                \
-          _hs_p = _hs_list;                                                      \
-          _hs_list = NULL;                                                       \
-          _hs_tail = NULL;                                                       \
-          _hs_nmerges = 0;                                                       \
-          while (_hs_p != NULL) {                                                \
-              _hs_nmerges++;                                                     \
-              _hs_q = _hs_p;                                                     \
-              _hs_psize = 0;                                                     \
-              for ( _hs_i = 0; _hs_i  < _hs_insize; _hs_i++ ) {                  \
-                  _hs_psize++;                                                   \
-                  _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ?              \
-                          ((void*)((char*)(_hs_q->next) +                        \
-                          (head)->hh.tbl->hho)) : NULL);                         \
-                  if (! (_hs_q) ) { break; }                                     \
-              }                                                                  \
-              _hs_qsize = _hs_insize;                                            \
-              while ((_hs_psize > 0U) || ((_hs_qsize > 0U) && (_hs_q != NULL))) {\
-                  if (_hs_psize == 0U) {                                         \
-                      _hs_e = _hs_q;                                             \
-                      _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ?          \
-                              ((void*)((char*)(_hs_q->next) +                    \
-                              (head)->hh.tbl->hho)) : NULL);                     \
-                      _hs_qsize--;                                               \
-                  } else if ( (_hs_qsize == 0U) || (_hs_q == NULL) ) {           \
-                      _hs_e = _hs_p;                                             \
-                      if (_hs_p != NULL){                                        \
-                        _hs_p = (UT_hash_handle*)((_hs_p->next != NULL) ?        \
-                                ((void*)((char*)(_hs_p->next) +                  \
-                                (head)->hh.tbl->hho)) : NULL);                   \
-                       }                                                         \
-                      _hs_psize--;                                               \
-                  } else if ((                                                   \
-                      cmpfcn(DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_p)), \
-                             DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_q))) \
-                             ) <= 0) {                                           \
-                      _hs_e = _hs_p;                                             \
-                      if (_hs_p != NULL){                                        \
-                        _hs_p = (UT_hash_handle*)((_hs_p->next != NULL) ?        \
-                               ((void*)((char*)(_hs_p->next) +                   \
-                               (head)->hh.tbl->hho)) : NULL);                    \
-                       }                                                         \
-                      _hs_psize--;                                               \
-                  } else {                                                       \
-                      _hs_e = _hs_q;                                             \
-                      _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ?          \
-                              ((void*)((char*)(_hs_q->next) +                    \
-                              (head)->hh.tbl->hho)) : NULL);                     \
-                      _hs_qsize--;                                               \
-                  }                                                              \
-                  if ( _hs_tail != NULL ) {                                      \
-                      _hs_tail->next = ((_hs_e != NULL) ?                        \
-                            ELMT_FROM_HH((head)->hh.tbl,_hs_e) : NULL);          \
-                  } else {                                                       \
-                      _hs_list = _hs_e;                                          \
-                  }                                                              \
-                  if (_hs_e != NULL) {                                           \
-                  _hs_e->prev = ((_hs_tail != NULL) ?                            \
-                     ELMT_FROM_HH((head)->hh.tbl,_hs_tail) : NULL);              \
-                  }                                                              \
-                  _hs_tail = _hs_e;                                              \
-              }                                                                  \
-              _hs_p = _hs_q;                                                     \
-          }                                                                      \
-          if (_hs_tail != NULL){                                                 \
-            _hs_tail->next = NULL;                                               \
-          }                                                                      \
-          if ( _hs_nmerges <= 1U ) {                                             \
-              _hs_looping=0;                                                     \
-              (head)->hh.tbl->tail = _hs_tail;                                   \
-              DECLTYPE_ASSIGN(head,ELMT_FROM_HH((head)->hh.tbl, _hs_list));      \
-          }                                                                      \
-          _hs_insize *= 2U;                                                      \
-      }                                                                          \
-      HASH_FSCK(hh,head);                                                        \
- }                                                                               \
-} while (0)
-
-/* This function selects items from one hash into another hash.
- * The end result is that the selected items have dual presence
- * in both hashes. There is no copy of the items made; rather
- * they are added into the new hash through a secondary hash
- * hash handle that must be present in the structure. */
-#define HASH_SELECT(hh_dst, dst, hh_src, src, cond)                              \
-do {                                                                             \
-  unsigned _src_bkt, _dst_bkt;                                                   \
-  void *_last_elt=NULL, *_elt;                                                   \
-  UT_hash_handle *_src_hh, *_dst_hh, *_last_elt_hh=NULL;                         \
-  ptrdiff_t _dst_hho = ((char*)(&(dst)->hh_dst) - (char*)(dst));                 \
-  if (src != NULL) {                                                             \
-    for(_src_bkt=0; _src_bkt < (src)->hh_src.tbl->num_buckets; _src_bkt++) {     \
-      for(_src_hh = (src)->hh_src.tbl->buckets[_src_bkt].hh_head;                \
-          _src_hh != NULL;                                                       \
-          _src_hh = _src_hh->hh_next) {                                          \
-          _elt = ELMT_FROM_HH((src)->hh_src.tbl, _src_hh);                       \
-          if (cond(_elt)) {                                                      \
-            _dst_hh = (UT_hash_handle*)(((char*)_elt) + _dst_hho);               \
-            _dst_hh->key = _src_hh->key;                                         \
-            _dst_hh->keylen = _src_hh->keylen;                                   \
-            _dst_hh->hashv = _src_hh->hashv;                                     \
-            _dst_hh->prev = _last_elt;                                           \
-            _dst_hh->next = NULL;                                                \
-            if (_last_elt_hh != NULL) { _last_elt_hh->next = _elt; }             \
-            if (dst == NULL) {                                                   \
-              DECLTYPE_ASSIGN(dst,_elt);                                         \
-              HASH_MAKE_TABLE(hh_dst,dst);                                       \
-            } else {                                                             \
-              _dst_hh->tbl = (dst)->hh_dst.tbl;                                  \
-            }                                                                    \
-            HASH_TO_BKT(_dst_hh->hashv, _dst_hh->tbl->num_buckets, _dst_bkt);    \
-            HASH_ADD_TO_BKT(_dst_hh->tbl->buckets[_dst_bkt],_dst_hh);            \
-            (dst)->hh_dst.tbl->num_items++;                                      \
-            _last_elt = _elt;                                                    \
-            _last_elt_hh = _dst_hh;                                              \
-          }                                                                      \
-      }                                                                          \
-    }                                                                            \
-  }                                                                              \
-  HASH_FSCK(hh_dst,dst);                                                         \
-} while (0)
-
-#define HASH_CLEAR(hh,head)                                                      \
-do {                                                                             \
-  if (head != NULL) {                                                            \
-    uthash_free((head)->hh.tbl->buckets,                                         \
-                (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket));      \
-    HASH_BLOOM_FREE((head)->hh.tbl);                                             \
-    uthash_free((head)->hh.tbl, sizeof(UT_hash_table));                          \
-    (head)=NULL;                                                                 \
-  }                                                                              \
-} while (0)
-
-#define HASH_OVERHEAD(hh,head)                                                   \
- ((head != NULL) ? (                                                             \
- (size_t)(((head)->hh.tbl->num_items   * sizeof(UT_hash_handle))   +             \
-          ((head)->hh.tbl->num_buckets * sizeof(UT_hash_bucket))   +             \
-           sizeof(UT_hash_table)                                   +             \
-           (HASH_BLOOM_BYTELEN))) : 0U)
-
-#ifdef NO_DECLTYPE
-#define HASH_ITER(hh,head,el,tmp)                                                \
-for(((el)=(head)), ((*(char**)(&(tmp)))=(char*)((head!=NULL)?(head)->hh.next:NULL)); \
-  (el) != NULL; ((el)=(tmp)), ((*(char**)(&(tmp)))=(char*)((tmp!=NULL)?(tmp)->hh.next:NULL)))
-#else
-#define HASH_ITER(hh,head,el,tmp)                                                \
-for(((el)=(head)), ((tmp)=DECLTYPE(el)((head!=NULL)?(head)->hh.next:NULL));      \
-  (el) != NULL; ((el)=(tmp)), ((tmp)=DECLTYPE(el)((tmp!=NULL)?(tmp)->hh.next:NULL)))
-#endif
-
-/* obtain a count of items in the hash */
-#define HASH_COUNT(head) HASH_CNT(hh,head)
-#define HASH_CNT(hh,head) ((head != NULL)?((head)->hh.tbl->num_items):0U)
-
-typedef struct UT_hash_bucket {
-   struct UT_hash_handle *hh_head;
-   unsigned count;
-
-   /* expand_mult is normally set to 0. In this situation, the max chain length
-    * threshold is enforced at its default value, HASH_BKT_CAPACITY_THRESH. (If
-    * the bucket's chain exceeds this length, bucket expansion is triggered).
-    * However, setting expand_mult to a non-zero value delays bucket expansion
-    * (that would be triggered by additions to this particular bucket)
-    * until its chain length reaches a *multiple* of HASH_BKT_CAPACITY_THRESH.
-    * (The multiplier is simply expand_mult+1). The whole idea of this
-    * multiplier is to reduce bucket expansions, since they are expensive, in
-    * situations where we know that a particular bucket tends to be overused.
-    * It is better to let its chain length grow to a longer yet-still-bounded
-    * value, than to do an O(n) bucket expansion too often.
-    */
-   unsigned expand_mult;
-
-} UT_hash_bucket;
-
-/* random signature used only to find hash tables in external analysis */
-#define HASH_SIGNATURE 0xa0111fe1u
-#define HASH_BLOOM_SIGNATURE 0xb12220f2u
-
-typedef struct UT_hash_table {
-   UT_hash_bucket *buckets;
-   unsigned num_buckets, log2_num_buckets;
-   unsigned num_items;
-   struct UT_hash_handle *tail; /* tail hh in app order, for fast append    */
-   ptrdiff_t hho; /* hash handle offset (byte pos of hash handle in element */
-
-   /* in an ideal situation (all buckets used equally), no bucket would have
-    * more than ceil(#items/#buckets) items. that's the ideal chain length. */
-   unsigned ideal_chain_maxlen;
-
-   /* nonideal_items is the number of items in the hash whose chain position
-    * exceeds the ideal chain maxlen. these items pay the penalty for an uneven
-    * hash distribution; reaching them in a chain traversal takes >ideal steps */
-   unsigned nonideal_items;
-
-   /* ineffective expands occur when a bucket doubling was performed, but
-    * afterward, more than half the items in the hash had nonideal chain
-    * positions. If this happens on two consecutive expansions we inhibit any
-    * further expansion, as it's not helping; this happens when the hash
-    * function isn't a good fit for the key domain. When expansion is inhibited
-    * the hash will still work, albeit no longer in constant time. */
-   unsigned ineff_expands, noexpand;
-
-   uint32_t signature; /* used only to find hash tables in external analysis */
-#ifdef HASH_BLOOM
-   uint32_t bloom_sig; /* used only to test bloom exists in external analysis */
-   uint8_t *bloom_bv;
-   uint8_t bloom_nbits;
-#endif
-
-} UT_hash_table;
-
-typedef struct UT_hash_handle {
-   struct UT_hash_table *tbl;
-   void *prev;                       /* prev element in app order      */
-   void *next;                       /* next element in app order      */
-   struct UT_hash_handle *hh_prev;   /* previous hh in bucket order    */
-   struct UT_hash_handle *hh_next;   /* next hh in bucket order        */
-   void *key;                        /* ptr to enclosing struct's key  */
-   unsigned keylen;                  /* enclosing struct's key len     */
-   unsigned hashv;                   /* result of hash-fcn(key)        */
-} UT_hash_handle;
-
-#endif /* UTHASH_H */

From a6859a08d3fdfd9d653333107e381bdcaab6e8a3 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 16 Feb 2017 22:48:16 +0100
Subject: [PATCH 138/249] Remove getrlimit from poll_eventloop

No use to check for this limit, because the filedescriptor is already open.
---
 configure.ac                   |   1 -
 spec/example/Makefile.in       |  24 +--
 src/Makefile.in                | 357 ++++++++++++---------------------
 src/extension/poll_eventloop.c |  25 +--
 src/extension/poll_eventloop.h |   1 -
 src/test/Makefile.in           |  71 ++-----
 src/tools/Makefile.in          |   7 +-
 7 files changed, 166 insertions(+), 320 deletions(-)

diff --git a/configure.ac b/configure.ac
index 4b50c13c..555b7792 100644
--- a/configure.ac
+++ b/configure.ac
@@ -217,7 +217,6 @@ esac
 
 DEFAULT_EVENTLOOP=select_eventloop
 AC_CHECK_HEADERS([sys/poll.h poll.h sys/resource.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_FUNCS([getrlimit])
 AC_ARG_ENABLE(poll-eventloop, AC_HELP_STRING([--disable-poll-eventloop], [Disable default eventloop based on poll (default=enabled if available)]))
 case "$enable_poll_eventloop" in
 	no)
diff --git a/spec/example/Makefile.in b/spec/example/Makefile.in
index 8ff7f2d1..7bf5e016 100644
--- a/spec/example/Makefile.in
+++ b/spec/example/Makefile.in
@@ -149,24 +149,16 @@ depend:
 
 # Dependencies for the examples
 example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
-example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/config.h ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
+example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h ../../src/config.h \
+ ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
 example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
+ ../../src/config.h ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
 example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
  ../../src/getdns/getdns.h
-example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h ../../src/config.h \
+ ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
diff --git a/src/Makefile.in b/src/Makefile.in
index 33a6c946..6c5375e3 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -215,236 +215,143 @@ depend:
 FORCE:
 
 # Dependencies for gldns, utils, the extensions and compat functions
-const-info.lo const-info.o: $(srcdir)/const-info.c \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/const-info.h
-context.lo context.o: $(srcdir)/context.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
- $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h \
- $(srcdir)/pubkey-pinning.h
-convert.lo convert.o: $(srcdir)/convert.c \
- config.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h \
+const-info.lo const-info.o: $(srcdir)/const-info.c getdns/getdns.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/const-info.h
+context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
+convert.lo convert.o: $(srcdir)/convert.c config.h getdns/getdns.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h \
  $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
  $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
-dict.lo dict.o: $(srcdir)/dict.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
- $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h
-dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
- config.h \
- $(srcdir)/debug.h \
- getdns/getdns.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
- $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h \
- $(srcdir)/list.h $(srcdir)/util/val_secalgo.h
-general.lo general.o: $(srcdir)/general.c \
- config.h \
- $(srcdir)/general.h \
- getdns/getdns.h \
- $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
- $(srcdir)/dict.h $(srcdir)/mdns.h
-list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h \
- config.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
-mdns.lo mdns.o: $(srcdir)/mdns.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/context.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
- $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/mdns.h
-pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
- config.h \
- $(srcdir)/debug.h \
- getdns/getdns.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
+dict.lo dict.o: $(srcdir)/dict.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h \
+ $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h
+dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h $(srcdir)/debug.h getdns/getdns.h $(srcdir)/context.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h \
+ $(srcdir)/util/val_secalgo.h
+general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/general.h getdns/getdns.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
  $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h $(srcdir)/mdns.h
+list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h config.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
+mdns.lo mdns.o: $(srcdir)/mdns.c config.h $(srcdir)/debug.h $(srcdir)/context.h getdns/getdns.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/general.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/mdns.h
+pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c config.h $(srcdir)/debug.h getdns/getdns.h \
+ $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h
-request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
- $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h $(srcdir)/convert.h
-rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
- config.h \
- getdns/getdns.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
- $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
-rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- config.h \
- getdns/getdns.h \
+request-internal.lo request-internal.o: $(srcdir)/request-internal.c config.h $(srcdir)/types-internal.h \
+ getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h \
+ $(srcdir)/convert.h
+rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h config.h getdns/getdns.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/util-internal.h $(srcdir)/context.h getdns/getdns_extra.h getdns/getdns.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
+rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h config.h getdns/getdns.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
-server.lo server.o: $(srcdir)/server.c \
- config.h \
- getdns/getdns_extra.h \
- getdns/getdns.h \
- $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
- $(srcdir)/debug.h $(srcdir)/server.h
-stub.lo stub.o: $(srcdir)/stub.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/stub.h \
- getdns/getdns.h \
- $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h \
- $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
-sync.lo sync.o: $(srcdir)/sync.c \
- getdns/getdns.h \
- config.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
- $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
- $(srcdir)/gldns/wire2str.h
-ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
- config.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/debug.h
-util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
- config.h \
- getdns/getdns.h \
- $(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/util/uthash.h $(srcdir)/ub_loop.h \
- $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
-gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
- config.h \
+server.lo server.o: $(srcdir)/server.c config.h getdns/getdns_extra.h getdns/getdns.h \
+ $(srcdir)/context.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h
+stub.lo stub.o: $(srcdir)/stub.c config.h $(srcdir)/debug.h $(srcdir)/stub.h getdns/getdns.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
+sync.lo sync.o: $(srcdir)/sync.c getdns/getdns.h config.h $(srcdir)/context.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
+ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h config.h getdns/getdns.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/debug.h
+util-internal.lo util-internal.o: $(srcdir)/util-internal.c config.h getdns/getdns.h $(srcdir)/dict.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h getdns/getdns_extra.h getdns/getdns.h \
+ $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
+version.lo version.o: version.c
+gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c config.h $(srcdir)/gldns/gbuffer.h
+keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c config.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
+parse.lo parse.o: $(srcdir)/gldns/parse.c config.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h \
  $(srcdir)/gldns/gbuffer.h
-keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
- config.h \
- $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
-parse.lo parse.o: $(srcdir)/gldns/parse.c \
- config.h \
- $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
-parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
- config.h \
- $(srcdir)/gldns/parseutil.h
-rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
- config.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
-str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
- config.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
-wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
- config.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
-arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
- config.h
-arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
- config.h \
- $(srcdir)/compat/chacha_private.h
-arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c \
- config.h
-explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c \
- config.h
-getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c \
- config.h
-getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c \
- config.h
-getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c \
- config.h
+parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c config.h $(srcdir)/gldns/parseutil.h
+rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
+str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c config.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
+wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c config.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/keyraw.h
+arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h
+arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
+arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c config.h
+explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
+getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
+getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h
+getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
 getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
-gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c \
- config.h
-inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c \
- config.h
-inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c \
- config.h
-sha512.lo sha512.o: $(srcdir)/compat/sha512.c \
- config.h
-strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
- config.h
-rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
- config.h \
- $(srcdir)/util/log.h $(srcdir)/debug.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/rbtree.h
-val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
- config.h \
- $(srcdir)/util/val_secalgo.h $(srcdir)/util/log.h $(srcdir)/debug.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/keyraw.h \
- $(srcdir)/gldns/gbuffer.h
+gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c config.h
+inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
+inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
+sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
+strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
+rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/debug.h config.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/rbtree.h
+val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/log.h \
+ $(srcdir)/debug.h config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/gbuffer.h
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
-libev.lo libev.o: $(srcdir)/extension/libev.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
-libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
-libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
-poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
- config.h \
- $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/uthash.h $(srcdir)/debug.h
-select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
- config.h \
- $(srcdir)/extension/select_eventloop.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h
+libev.lo libev.o: $(srcdir)/extension/libev.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/getdns/getdns_ext_libev.h getdns/getdns_extra.h
+libevent.lo libevent.o: $(srcdir)/extension/libevent.c config.h $(srcdir)/types-internal.h \
+ getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/getdns/getdns_ext_libevent.h getdns/getdns_extra.h
+libuv.lo libuv.o: $(srcdir)/extension/libuv.c config.h $(srcdir)/debug.h config.h $(srcdir)/types-internal.h \
+ getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/getdns/getdns_ext_libuv.h getdns/getdns_extra.h
+poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/debug.h config.h
+select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c config.h \
+ $(srcdir)/extension/select_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/debug.h config.h $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h
diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index c55c8ec9..d4cc8727 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -153,20 +153,12 @@ poll_eventloop_schedule(getdns_eventloop *loop,
 {
 	_getdns_poll_eventloop *poll_loop  = (_getdns_poll_eventloop *)loop;
 
-	DEBUG_SCHED( "%s(loop: %p, fd: %d, timeout: %"PRIu64", event: %p, max_fds: %d)\n"
-	        , __FUNC__, (void *)loop, fd, timeout, (void *)event, poll_loop->max_fds);
+	DEBUG_SCHED( "%s(loop: %p, fd: %d, timeout: %"PRIu64", event: %p)\n"
+	        , __FUNC__, (void *)loop, fd, timeout, (void *)event);
 
 	if (!loop || !event)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-
-#ifdef HAVE_GETRLIMIT
-	if (fd >= (int)poll_loop->max_fds) {
-		DEBUG_SCHED( "ERROR: fd %d >= max_fds: %d!\n"
-		           , fd, poll_loop->max_fds);
-		return GETDNS_RETURN_GENERIC_ERROR;
-	}
-#endif
 	if (fd >= 0 && !(event->read_cb || event->write_cb)) {
 		DEBUG_SCHED("WARNING: fd event without "
 		            "read or write cb!\n");
@@ -492,9 +484,6 @@ poll_eventloop_run(getdns_eventloop *loop)
 void
 _getdns_poll_eventloop_init(struct mem_funcs *mf, _getdns_poll_eventloop *loop)
 {
-#ifdef HAVE_GETRLIMIT
-	struct rlimit rl;
-#endif
 	static getdns_eventloop_vmt poll_eventloop_vmt = {
 		poll_eventloop_cleanup,
 		poll_eventloop_schedule,
@@ -506,16 +495,6 @@ _getdns_poll_eventloop_init(struct mem_funcs *mf, _getdns_poll_eventloop *loop)
 	loop->loop.vmt = &poll_eventloop_vmt;
 	loop->mf = *mf;
 
-#ifdef HAVE_GETRLIMIT
-	if (getrlimit(RLIMIT_NOFILE, &rl) == 0) {
-		loop->max_fds = rl.rlim_cur;
-	} else {
-		DEBUG_SCHED("ERROR: could not obtain RLIMIT_NOFILE from getrlimit()\n");
-#endif
-		loop->max_fds = 0;
-#if HAVE_GETRLIMIT
-	}
-#endif
 	loop->to_events_capacity = init_to_events_capacity;
 	if ((loop->to_events = GETDNS_XMALLOC(
 	    *mf, _getdns_poll_event, init_to_events_capacity)))
diff --git a/src/extension/poll_eventloop.h b/src/extension/poll_eventloop.h
index 2643c30e..e4e4bb7e 100644
--- a/src/extension/poll_eventloop.h
+++ b/src/extension/poll_eventloop.h
@@ -46,7 +46,6 @@ typedef struct _getdns_poll_event {
 typedef struct _getdns_poll_eventloop {
 	getdns_eventloop    loop;
 	struct mem_funcs    mf;
-	unsigned int        max_fds;
 
 	struct pollfd      *pfds;
 	size_t              fd_events_capacity;
diff --git a/src/test/Makefile.in b/src/test/Makefile.in
index 758435c1..c481fdab 100644
--- a/src/test/Makefile.in
+++ b/src/test/Makefile.in
@@ -216,13 +216,10 @@ depend:
 .PHONY: clean test
 
 # Dependencies for the unit tests
-check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
- ../getdns/getdns.h \
- $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_address.h $(srcdir)/check_getdns_address_sync.h \
- $(srcdir)/check_getdns_cancel_callback.h $(srcdir)/check_getdns_context_create.h \
- $(srcdir)/check_getdns_context_destroy.h \
+check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_address.h \
+ $(srcdir)/check_getdns_address_sync.h $(srcdir)/check_getdns_cancel_callback.h \
+ $(srcdir)/check_getdns_context_create.h $(srcdir)/check_getdns_context_destroy.h \
  $(srcdir)/check_getdns_context_set_context_update_callback.h \
  $(srcdir)/check_getdns_context_set_dns_transport.h \
  $(srcdir)/check_getdns_context_set_timeout.h \
@@ -242,58 +239,34 @@ check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
  $(srcdir)/check_getdns_list_get_list.h $(srcdir)/check_getdns_pretty_print_dict.h \
  $(srcdir)/check_getdns_service.h $(srcdir)/check_getdns_service_sync.h \
  $(srcdir)/check_getdns_transport.h
-check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c \
- ../getdns/getdns.h \
- ../config.h \
- $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h \
+check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c ../getdns/getdns.h \
+ ../config.h $(srcdir)/check_getdns_common.h ../getdns/getdns_extra.h \
  $(srcdir)/check_getdns_eventloop.h
 check_getdns_context_set_timeout.lo check_getdns_context_set_timeout.o: $(srcdir)/check_getdns_context_set_timeout.c \
  $(srcdir)/check_getdns_context_set_timeout.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
+ ../getdns/getdns.h ../getdns/getdns_extra.h
 check_getdns_libev.lo check_getdns_libev.o: $(srcdir)/check_getdns_libev.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
- $(srcdir)/../getdns/getdns_ext_libev.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_common.h
+ ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libev.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
 check_getdns_libevent.lo check_getdns_libevent.o: $(srcdir)/check_getdns_libevent.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
- $(srcdir)/../getdns/getdns_ext_libevent.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
+ ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libevent.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
 check_getdns_libuv.lo check_getdns_libuv.o: $(srcdir)/check_getdns_libuv.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
- $(srcdir)/../getdns/getdns_ext_libuv.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_common.h
+ ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libuv.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
 check_getdns_selectloop.lo check_getdns_selectloop.o: $(srcdir)/check_getdns_selectloop.c \
- $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
+ $(srcdir)/check_getdns_eventloop.h ../config.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 check_getdns_transport.lo check_getdns_transport.o: $(srcdir)/check_getdns_transport.c \
- $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h \
+ $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h
-scratchpad.template.lo scratchpad.template.o: scratchpad.template.c \
- ../getdns/getdns.h \
+scratchpad.template.lo scratchpad.template.o: scratchpad.template.c ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 testmessages.lo testmessages.o: $(srcdir)/testmessages.c $(srcdir)/testmessages.h
-tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h
-tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h
-tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h
-tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c \
- ../config.h \
- $(srcdir)/testmessages.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
-tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h \
+tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h ../getdns/getdns.h
+tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h ../getdns/getdns.h
+tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h ../getdns/getdns.h
+tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c ../config.h $(srcdir)/testmessages.h \
+ ../getdns/getdns.h ../getdns/getdns_extra.h
+tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h
diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index d066e824..d98cf437 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -113,8 +113,5 @@ depend:
 .PHONY: clean test
 
 # Dependencies for getdns_query
-getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c \
- ../config.h \
- $(srcdir)/../debug.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
+getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c ../config.h $(srcdir)/../debug.h ../config.h \
+ ../getdns/getdns.h ../getdns/getdns_extra.h

From 91dd991348168a18a377c4ad2325c01e989238e3 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 16 Feb 2017 22:55:15 +0100
Subject: [PATCH 139/249] Cancel requests without callback

---
 src/context.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/context.c b/src/context.c
index 66dcf6f9..b5eaf231 100644
--- a/src/context.c
+++ b/src/context.c
@@ -2918,7 +2918,7 @@ _getdns_context_cancel_request(getdns_context *context,
 	/* do the cancel */
 	cancel_dns_req(dnsreq);
 
-	if (fire_callback) {
+	if (fire_callback && dnsreq->user_callback) {
 		context->processing = 1;
 		dnsreq->user_callback(context, GETDNS_CALLBACK_CANCEL,
 		    NULL, dnsreq->user_pointer, transaction_id);

From df45a2f1c7bd47ef9e91153e6367b20967764c68 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 16 Feb 2017 23:03:31 +0100
Subject: [PATCH 140/249] Dependencies

---
 spec/example/Makefile.in |  24 ++-
 src/Makefile.in          | 341 ++++++++++++++++++++++++---------------
 src/test/Makefile.in     |  71 +++++---
 src/tools/Makefile.in    |   7 +-
 4 files changed, 285 insertions(+), 158 deletions(-)

diff --git a/spec/example/Makefile.in b/spec/example/Makefile.in
index 7bf5e016..8ff7f2d1 100644
--- a/spec/example/Makefile.in
+++ b/spec/example/Makefile.in
@@ -149,16 +149,24 @@ depend:
 
 # Dependencies for the examples
 example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
-example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h ../../src/config.h \
- ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/getdns/getdns_extra.h
+example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
 example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/getdns/getdns_extra.h
 example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
  ../../src/getdns/getdns.h
-example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h ../../src/config.h \
- ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
diff --git a/src/Makefile.in b/src/Makefile.in
index 6c5375e3..6f06858a 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -215,143 +215,232 @@ depend:
 FORCE:
 
 # Dependencies for gldns, utils, the extensions and compat functions
-const-info.lo const-info.o: $(srcdir)/const-info.c getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/const-info.h
-context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+const-info.lo const-info.o: $(srcdir)/const-info.c \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/const-info.h
+context.lo context.o: $(srcdir)/context.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
  $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
  $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
-convert.lo convert.o: $(srcdir)/convert.c config.h getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
- $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
-dict.lo dict.o: $(srcdir)/dict.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h
-dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h $(srcdir)/debug.h getdns/getdns.h $(srcdir)/context.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+convert.lo convert.o: $(srcdir)/convert.c \
+ config.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h \
+ $(srcdir)/convert.h
+dict.lo dict.o: $(srcdir)/dict.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h \
+ $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h
+dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
+ config.h \
+ $(srcdir)/debug.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
  $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
  $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
  $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h \
  $(srcdir)/util/val_secalgo.h
-general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/general.h getdns/getdns.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h $(srcdir)/mdns.h
-list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h config.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
-mdns.lo mdns.o: $(srcdir)/mdns.c config.h $(srcdir)/debug.h $(srcdir)/context.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/general.h \
+general.lo general.o: $(srcdir)/general.c \
+ config.h \
+ $(srcdir)/general.h \
+ getdns/getdns.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h \
+ $(srcdir)/mdns.h
+list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h \
+ config.h \
+ $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
+mdns.lo mdns.o: $(srcdir)/mdns.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/context.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/general.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/mdns.h
-pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c config.h $(srcdir)/debug.h getdns/getdns.h \
- $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h
-request-internal.lo request-internal.o: $(srcdir)/request-internal.c config.h $(srcdir)/types-internal.h \
- getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h \
- $(srcdir)/convert.h
-rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h config.h getdns/getdns.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/util-internal.h $(srcdir)/context.h getdns/getdns_extra.h getdns/getdns.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
-rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h config.h getdns/getdns.h \
+pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
+ config.h \
+ $(srcdir)/debug.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
+request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h $(srcdir)/convert.h
+rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
+rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ config.h \
+ getdns/getdns.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
-server.lo server.o: $(srcdir)/server.c config.h getdns/getdns_extra.h getdns/getdns.h \
- $(srcdir)/context.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h
-stub.lo stub.o: $(srcdir)/stub.c config.h $(srcdir)/debug.h $(srcdir)/stub.h getdns/getdns.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
- $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
-sync.lo sync.o: $(srcdir)/sync.c getdns/getdns.h config.h $(srcdir)/context.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+server.lo server.o: $(srcdir)/server.c \
+ config.h \
+ getdns/getdns_extra.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h
+stub.lo stub.o: $(srcdir)/stub.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/stub.h \
+ getdns/getdns.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/general.h \
+ $(srcdir)/pubkey-pinning.h
+sync.lo sync.o: $(srcdir)/sync.c \
+ getdns/getdns.h \
+ config.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
  $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
-ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h config.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/debug.h
-util-internal.lo util-internal.o: $(srcdir)/util-internal.c config.h getdns/getdns.h $(srcdir)/dict.h \
- $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h getdns/getdns_extra.h getdns/getdns.h \
- $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
-version.lo version.o: version.c
-gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c config.h $(srcdir)/gldns/gbuffer.h
-keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c config.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
-parse.lo parse.o: $(srcdir)/gldns/parse.c config.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h \
+ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
+ config.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/debug.h
+util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
+gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
+ config.h \
  $(srcdir)/gldns/gbuffer.h
-parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c config.h $(srcdir)/gldns/parseutil.h
-rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
-str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c config.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
-wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c config.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/keyraw.h
-arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h
-arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
-arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c config.h
-explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
-getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
-getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h
-getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
+keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
+ config.h \
+ $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
+parse.lo parse.o: $(srcdir)/gldns/parse.c \
+ config.h \
+ $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
+parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
+ config.h \
+ $(srcdir)/gldns/parseutil.h
+rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
+ config.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
+str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
+ config.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
+wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
+ config.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
+arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
+ config.h
+arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
+ config.h \
+ $(srcdir)/compat/chacha_private.h
+arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c \
+ config.h
+explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c \
+ config.h
+getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c \
+ config.h
+getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c \
+ config.h
+getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c \
+ config.h
 getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
-gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c config.h
-inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
-inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
-sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
-strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
-rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/debug.h config.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/rbtree.h
-val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/log.h \
- $(srcdir)/debug.h config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/gbuffer.h
+gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c \
+ config.h
+inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c \
+ config.h
+inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c \
+ config.h
+sha512.lo sha512.o: $(srcdir)/compat/sha512.c \
+ config.h
+strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
+ config.h
+rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
+ config.h \
+ $(srcdir)/util/log.h $(srcdir)/debug.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/rbtree.h
+val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
+ config.h \
+ $(srcdir)/util/val_secalgo.h $(srcdir)/util/log.h $(srcdir)/debug.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/keyraw.h \
+ $(srcdir)/gldns/gbuffer.h
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
-libev.lo libev.o: $(srcdir)/extension/libev.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/getdns/getdns_ext_libev.h getdns/getdns_extra.h
-libevent.lo libevent.o: $(srcdir)/extension/libevent.c config.h $(srcdir)/types-internal.h \
- getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/getdns/getdns_ext_libevent.h getdns/getdns_extra.h
-libuv.lo libuv.o: $(srcdir)/extension/libuv.c config.h $(srcdir)/debug.h config.h $(srcdir)/types-internal.h \
- getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/getdns/getdns_ext_libuv.h getdns/getdns_extra.h
-poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/util/rbtree.h \
- $(srcdir)/debug.h config.h
-select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c config.h \
- $(srcdir)/extension/select_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/debug.h config.h $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h
+libev.lo libev.o: $(srcdir)/extension/libev.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
+libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
+libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
+poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
+ config.h \
+ $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/debug.h
+select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
+ config.h \
+ $(srcdir)/extension/select_eventloop.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h
diff --git a/src/test/Makefile.in b/src/test/Makefile.in
index c481fdab..758435c1 100644
--- a/src/test/Makefile.in
+++ b/src/test/Makefile.in
@@ -216,10 +216,13 @@ depend:
 .PHONY: clean test
 
 # Dependencies for the unit tests
-check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_address.h \
- $(srcdir)/check_getdns_address_sync.h $(srcdir)/check_getdns_cancel_callback.h \
- $(srcdir)/check_getdns_context_create.h $(srcdir)/check_getdns_context_destroy.h \
+check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
+ ../getdns/getdns.h \
+ $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_address.h $(srcdir)/check_getdns_address_sync.h \
+ $(srcdir)/check_getdns_cancel_callback.h $(srcdir)/check_getdns_context_create.h \
+ $(srcdir)/check_getdns_context_destroy.h \
  $(srcdir)/check_getdns_context_set_context_update_callback.h \
  $(srcdir)/check_getdns_context_set_dns_transport.h \
  $(srcdir)/check_getdns_context_set_timeout.h \
@@ -239,34 +242,58 @@ check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(sr
  $(srcdir)/check_getdns_list_get_list.h $(srcdir)/check_getdns_pretty_print_dict.h \
  $(srcdir)/check_getdns_service.h $(srcdir)/check_getdns_service_sync.h \
  $(srcdir)/check_getdns_transport.h
-check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c ../getdns/getdns.h \
- ../config.h $(srcdir)/check_getdns_common.h ../getdns/getdns_extra.h \
+check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c \
+ ../getdns/getdns.h \
+ ../config.h \
+ $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h \
  $(srcdir)/check_getdns_eventloop.h
 check_getdns_context_set_timeout.lo check_getdns_context_set_timeout.o: $(srcdir)/check_getdns_context_set_timeout.c \
  $(srcdir)/check_getdns_context_set_timeout.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h
 check_getdns_libev.lo check_getdns_libev.o: $(srcdir)/check_getdns_libev.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libev.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libev.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_common.h
 check_getdns_libevent.lo check_getdns_libevent.o: $(srcdir)/check_getdns_libevent.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libevent.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libevent.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
 check_getdns_libuv.lo check_getdns_libuv.o: $(srcdir)/check_getdns_libuv.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libuv.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libuv.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_common.h
 check_getdns_selectloop.lo check_getdns_selectloop.o: $(srcdir)/check_getdns_selectloop.c \
- $(srcdir)/check_getdns_eventloop.h ../config.h ../getdns/getdns.h \
+ $(srcdir)/check_getdns_eventloop.h \
+ ../config.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 check_getdns_transport.lo check_getdns_transport.o: $(srcdir)/check_getdns_transport.c \
- $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h ../getdns/getdns.h \
+ $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
-scratchpad.template.lo scratchpad.template.o: scratchpad.template.c ../getdns/getdns.h \
+scratchpad.template.lo scratchpad.template.o: scratchpad.template.c \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 testmessages.lo testmessages.o: $(srcdir)/testmessages.c $(srcdir)/testmessages.h
-tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c ../config.h $(srcdir)/testmessages.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
-tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h ../getdns/getdns.h \
+tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c \
+ ../config.h \
+ $(srcdir)/testmessages.h \
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h
+tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index d98cf437..d066e824 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -113,5 +113,8 @@ depend:
 .PHONY: clean test
 
 # Dependencies for getdns_query
-getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c ../config.h $(srcdir)/../debug.h ../config.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
+getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c \
+ ../config.h \
+ $(srcdir)/../debug.h \
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h

From 990800d9f952911e35fbf9fda089deef626884fe Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 17 Feb 2017 13:16:06 +0100
Subject: [PATCH 141/249] Bugfix poll_eventloop initialization error

---
 src/extension/poll_eventloop.c | 33 +++++++++++++++++++++++----------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index d4cc8727..9c151c57 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -51,7 +51,7 @@ static void *get_to_event(_getdns_poll_eventloop *loop,
 			    loop->to_events_free * 2);
 			if (!to_events)
 				return NULL;
-			(void) memset(&loop->to_events[loop->to_events_free],
+			(void) memset(&to_events[loop->to_events_free],
 			    0, sizeof(_getdns_poll_event)
 			     * loop->to_events_free);
 
@@ -78,6 +78,8 @@ static void *get_to_event(_getdns_poll_eventloop *loop,
 static void *get_fd_event(_getdns_poll_eventloop *loop, int fd,
     getdns_eventloop_event *event, uint64_t timeout_time)
 {
+	size_t i;
+
 	if (loop->fd_events_free == loop->fd_events_capacity) {
 		if (loop->fd_events_free) {
 			_getdns_poll_event *fd_events = GETDNS_XREALLOC(
@@ -94,12 +96,16 @@ static void *get_fd_event(_getdns_poll_eventloop *loop, int fd,
 					GETDNS_FREE(loop->mf, pfds);
 				return NULL;
 			}
-			(void) memset(&loop->fd_events[loop->fd_events_free],
+			(void) memset(&fd_events[loop->fd_events_free],
 			    0, sizeof(_getdns_poll_event)
 			     * loop->fd_events_free);
-			(void) memset(&loop->pfds[loop->fd_events_free],
-			    0, sizeof(struct pollfd) * loop->fd_events_free);
-
+			for ( i = loop->fd_events_free
+			    ; i < loop->fd_events_free * 2
+			    ; i++) {
+				pfds[i].fd = -1;
+				pfds[i].events  = 0;
+				pfds[i].revents = 0;
+			}
 			loop->fd_events_capacity = loop->fd_events_free * 2;
 			loop->fd_events = fd_events;
 			loop->pfds = pfds;
@@ -114,9 +120,11 @@ static void *get_fd_event(_getdns_poll_eventloop *loop, int fd,
 			(void) memset(loop->fd_events, 0,
 			    sizeof(_getdns_poll_event)
 			    * init_fd_events_capacity);
-			(void) memset(loop->pfds, 0,
-			    sizeof(struct pollfd) * init_fd_events_capacity);
-
+			for (i = 0; i < init_fd_events_capacity; i++) {
+				loop->pfds[i].fd = -1;
+				loop->pfds[i].events  = 0;
+				loop->pfds[i].revents = 0;
+			}
 			loop->fd_events_capacity = init_fd_events_capacity;
 		}
 	}
@@ -510,10 +518,15 @@ _getdns_poll_eventloop_init(struct mem_funcs *mf, _getdns_poll_eventloop *loop)
 	    *mf, _getdns_poll_event, init_fd_events_capacity)) &&
 	    (loop->pfds = GETDNS_XMALLOC(
 	    *mf, struct pollfd, init_fd_events_capacity))) {
+		size_t i;
+
 		(void) memset(loop->fd_events, 0,
 		    sizeof(_getdns_poll_event) * init_fd_events_capacity);
-		(void) memset(loop->pfds, 0,
-		    sizeof(struct pollfd) * init_fd_events_capacity);
+		for (i = 0; i < init_fd_events_capacity; i++) {
+			loop->pfds[i].fd = -1;
+			loop->pfds[i].events  = 0;
+			loop->pfds[i].revents = 0;
+		}
 	} else {
 		loop->fd_events_capacity = 0;
 		if (loop->fd_events) {

From 6ed3d77523c11055dd86e7cc75b11b26d1d90411 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 17 Feb 2017 23:35:50 +0100
Subject: [PATCH 142/249] Cancel child validation chain dns_reqs on ...

parent dns_req cancelation.
---
 src/context.c          |  3 +++
 src/dnssec.c           | 33 +++++++++++++++++++++++++++++++++
 src/dnssec.h           |  1 +
 src/request-internal.c |  1 +
 src/types-internal.h   |  4 ++++
 5 files changed, 42 insertions(+)

diff --git a/src/context.c b/src/context.c
index b5eaf231..830c4c53 100644
--- a/src/context.c
+++ b/src/context.c
@@ -2915,6 +2915,9 @@ _getdns_context_cancel_request(getdns_context *context,
 	    &context->outbound_requests, &transaction_id)))
 		return GETDNS_RETURN_UNKNOWN_TRANSACTION;
 
+	if (dnsreq->chain)
+		_getdns_cancel_validation_chain(dnsreq);
+
 	/* do the cancel */
 	cancel_dns_req(dnsreq);
 
diff --git a/src/dnssec.c b/src/dnssec.c
index 0269fe3d..905f778d 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -3115,6 +3115,38 @@ static void check_chain_complete(chain_head *chain)
 	_getdns_call_user_callback(dnsreq, response_dict);
 }
 
+void _getdns_cancel_validation_chain(getdns_dns_req *dnsreq)
+{
+	chain_head *head, *next;
+	chain_node *node;
+	size_t      node_count;
+
+	for ( head = dnsreq->chain; head ; head = next ) {
+		next = head->next;
+
+		for ( node_count = head->node_count, node = head->parent
+		    ; node_count
+		    ; node_count--, node = node->parent ) {
+
+			if (node->dnskey_req)
+				_getdns_context_cancel_request(
+				    node->dnskey_req->owner->context,
+				    node->dnskey_req->owner->trans_id, 0);
+
+			if (node->ds_req)
+				_getdns_context_cancel_request(
+				    node->ds_req->owner->context,
+				    node->ds_req->owner->trans_id, 0);
+			
+			if (node->soa_req) 
+				_getdns_context_cancel_request(
+				    node->soa_req->owner->context,
+				    node->soa_req->owner->trans_id, 0);
+		}
+		GETDNS_FREE(head->my_mf, head);
+	}
+	dnsreq->chain = NULL;
+}
 
 void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
 {
@@ -3152,6 +3184,7 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
 		for (chain_p = chain; chain_p; chain_p = chain_p->next) {
 			if (chain_p->lock) chain_p->lock--;
 		}
+		dnsreq->chain = chain;
 		check_chain_complete(chain);
 	} else {
 		dnsreq->validating = 0;
diff --git a/src/dnssec.h b/src/dnssec.h
index 4237f933..b7becfe9 100644
--- a/src/dnssec.h
+++ b/src/dnssec.h
@@ -46,6 +46,7 @@
 
 /* Do some additional requests to fetch the complete validation chain */
 void _getdns_get_validation_chain(getdns_dns_req *dns_req);
+void _getdns_cancel_validation_chain(getdns_dns_req *dns_req);
 
 uint16_t _getdns_parse_ta_file(time_t *ta_mtime, gldns_buffer *gbuf);
 
diff --git a/src/request-internal.c b/src/request-internal.c
index 8193acb7..3f180d56 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -934,6 +934,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 	result->finished_next = NULL;
 	result->freed = NULL;
 	result->validating = 0;
+	result->chain = NULL;
 
 	network_req_init(result->netreqs[0], result,
 	    request_type, dnssec_extension_set, with_opt,
diff --git a/src/types-internal.h b/src/types-internal.h
index 2ac85581..137892f1 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -267,6 +267,7 @@ typedef struct getdns_network_req
 static inline int _getdns_netreq_finished(getdns_network_req *req)
 { return !req || (req->state & NET_REQ_FINISHED); }
 
+struct chain_head;
 /**
  * dns request - manages a number of network requests and
  * the initial data passed to getdns_general
@@ -322,6 +323,9 @@ typedef struct getdns_dns_req {
 	unsigned validating				: 1;
 	int *freed;
 
+	/* Validation chain to be canceled when this request is canceled */
+	struct chain_head *chain;
+
 	uint16_t tls_query_padding_blocksize;
 
 	/* internally scheduled request */

From 7e9956b19e1844f75de3b14850e34ba9baa58ce5 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 17 Feb 2017 23:39:35 +0100
Subject: [PATCH 143/249] Call cancel callbacks only when callback exists

---
 src/context.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/context.c b/src/context.c
index 830c4c53..39f2dbb0 100644
--- a/src/context.c
+++ b/src/context.c
@@ -3275,9 +3275,11 @@ _getdns_context_request_timed_out(getdns_dns_req *req)
 
 	/* cancel the req - also clears it from outbound and cleans up*/
 	_getdns_context_cancel_request(context, trans_id, 0);
-	context->processing = 1;
-	cb(context, GETDNS_CALLBACK_TIMEOUT, response, user_arg, trans_id);
-	context->processing = 0;
+	if (cb) {
+		context->processing = 1;
+		cb(context, GETDNS_CALLBACK_TIMEOUT, response, user_arg, trans_id);
+		context->processing = 0;
+	}
 	getdns_context_request_count_changed(context);
 	return GETDNS_RETURN_GOOD;
 }

From a4536780949296f908d36c96c1e6022fceb06fd7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 18 Feb 2017 10:07:04 +0100
Subject: [PATCH 144/249] Debug the call to poll

---
 src/extension/poll_eventloop.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index 9c151c57..b59ad64d 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -396,6 +396,11 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		/* turn microseconds into milliseconds */
 		poll_timeout = (timeout - now) / 1000;
 	}
+	DEBUG_SCHED( "poll(fd_free: %d, fd_used: %d, to_free: %d, to_used: %d, timeout: %d)\n"
+	           , (int)poll_loop->fd_events_free, (int)poll_loop->fd_events_n_used
+	           , (int)poll_loop->to_events_free, (int)poll_loop->to_events_n_used
+		   , poll_timeout
+		   );
 #ifdef USE_WINSOCK
 	if (WSAPoll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
 #else	

From 74b1f77357beabca1ceb4dd12cc6e2f56c39f529 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 18 Feb 2017 13:16:25 +0100
Subject: [PATCH 145/249] Cancel get validation chain getdns_dns_reqs

And miscellaneous little other scheduling fixes and optimizations
---
 src/context.c          | 238 ++++++++++++++++++++---------------------
 src/context.h          |  37 +++++--
 src/dnssec.c           |  39 +++----
 src/general.c          |  20 ++--
 src/request-internal.c |   6 +-
 src/stub.c             |   2 +-
 src/types-internal.h   |   3 -
 7 files changed, 168 insertions(+), 177 deletions(-)

diff --git a/src/context.c b/src/context.c
index 39f2dbb0..39334b82 100644
--- a/src/context.c
+++ b/src/context.c
@@ -135,8 +135,7 @@ static getdns_return_t create_default_namespaces(struct getdns_context *context)
 static getdns_return_t create_default_dns_transports(struct getdns_context *context);
 static int transaction_id_cmp(const void *, const void *);
 static void dispatch_updated(struct getdns_context *, uint16_t);
-static void cancel_dns_req(getdns_dns_req *);
-static void cancel_outstanding_requests(struct getdns_context*, int);
+static void cancel_outstanding_requests(getdns_context*);
 
 /* unbound helpers */
 #ifdef HAVE_LIBUNBOUND
@@ -682,8 +681,7 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
 		while (upstream->finished_dnsreqs) {
 			dnsreq = upstream->finished_dnsreqs;
 			upstream->finished_dnsreqs = dnsreq->finished_next;
-			(void) _getdns_context_cancel_request(dnsreq->context,
-			    dnsreq->trans_id, 1);
+			_getdns_context_cancel_request(dnsreq);
 		}
 		if (upstream->tls_obj != NULL) {
 		    if (upstream->tls_session != NULL)
@@ -1521,7 +1519,7 @@ getdns_context_destroy(struct getdns_context *context)
 
 	context->destroying = 1;
 	/* cancel all outstanding requests */
-	cancel_outstanding_requests(context, 1);
+	cancel_outstanding_requests(context);
 
 	/* Destroy listening addresses */
 	(void) getdns_context_set_listen_addresses(context, NULL, NULL, NULL);
@@ -1705,7 +1703,7 @@ static getdns_return_t
 rebuild_ub_ctx(struct getdns_context* context) {
 	if (context->unbound_ctx != NULL) {
 		/* cancel all requests and delete */
-		cancel_outstanding_requests(context, 1);
+		cancel_outstanding_requests(context);
 		ub_ctx_delete(context->unbound_ctx);
 		context->unbound_ctx = NULL;
 	}
@@ -2882,28 +2880,68 @@ getdns_context_set_memory_functions(struct getdns_context *context,
         context, MF_PLAIN, mf.ext.malloc, mf.ext.realloc, mf.ext.free);
 } /* getdns_context_set_memory_functions*/
 
-/* cancel the request */
-static void
-cancel_dns_req(getdns_dns_req *req)
+void
+_getdns_context_track_outbound_request(getdns_dns_req *dnsreq)
+{
+	/* Called only by getdns_general_ns() after successful allocation */
+	assert(dnsreq);
+
+	dnsreq->node.key = &(dnsreq->trans_id);
+	if (_getdns_rbtree_insert(
+	    &dnsreq->context->outbound_requests, &dnsreq->node))
+		getdns_context_request_count_changed(dnsreq->context);
+}
+
+void
+_getdns_context_clear_outbound_request(getdns_dns_req *dnsreq)
+{
+    	if (!dnsreq) return;
+
+	if (dnsreq->loop && dnsreq->loop->vmt && dnsreq->timeout.timeout_cb) {
+		dnsreq->loop->vmt->clear(dnsreq->loop, &dnsreq->timeout);
+		dnsreq->timeout.timeout_cb = NULL;
+	}
+	/* delete the node from the tree */
+	if (_getdns_rbtree_delete(
+	    &dnsreq->context->outbound_requests, &dnsreq->trans_id))
+		getdns_context_request_count_changed(dnsreq->context);
+
+	if (dnsreq->chain)
+		_getdns_cancel_validation_chain(dnsreq);
+}
+
+void
+_getdns_context_cancel_request(getdns_dns_req *dnsreq)
 {
 	getdns_network_req *netreq, **netreq_p;
 
-	for (netreq_p = req->netreqs; (netreq = *netreq_p); netreq_p++)
+	DEBUG_SCHED("%s(%p)\n", __FUNC__, (void *)dnsreq);
+	if (!dnsreq) return;
+
+	_getdns_context_clear_outbound_request(dnsreq);
+
+	/* cancel network requests */
+	for (netreq_p = dnsreq->netreqs; (netreq = *netreq_p); netreq_p++)
 #ifdef HAVE_LIBUNBOUND
 		if (netreq->unbound_id != -1) {
-			ub_cancel(req->context->unbound_ctx,
+			ub_cancel(dnsreq->context->unbound_ctx,
 			    netreq->unbound_id);
 			netreq->unbound_id = -1;
 		} else
 #endif
 			_getdns_cancel_stub_request(netreq);
 
-	req->canceled = 1;
+	/* clean up */
+	_getdns_dns_req_free(dnsreq);
 }
 
+/*
+ * getdns_cancel_callback
+ *
+ */
 getdns_return_t
-_getdns_context_cancel_request(getdns_context *context,
-    getdns_transaction_t transaction_id, int fire_callback)
+getdns_cancel_callback(getdns_context *context,
+    getdns_transaction_t transaction_id)
 {
 	getdns_dns_req *dnsreq;
 
@@ -2915,40 +2953,69 @@ _getdns_context_cancel_request(getdns_context *context,
 	    &context->outbound_requests, &transaction_id)))
 		return GETDNS_RETURN_UNKNOWN_TRANSACTION;
 
-	if (dnsreq->chain)
-		_getdns_cancel_validation_chain(dnsreq);
-
-	/* do the cancel */
-	cancel_dns_req(dnsreq);
-
-	if (fire_callback && dnsreq->user_callback) {
-		context->processing = 1;
-		dnsreq->user_callback(context, GETDNS_CALLBACK_CANCEL,
-		    NULL, dnsreq->user_pointer, transaction_id);
-		context->processing = 0;
-	}
-
-	/* clean up */
-	_getdns_dns_req_free(dnsreq);
-	return GETDNS_RETURN_GOOD;
-}
-
-/*
- * getdns_cancel_callback
- *
- */
-getdns_return_t
-getdns_cancel_callback(getdns_context *context,
-    getdns_transaction_t transaction_id)
-{
-	if (!context)
-		return GETDNS_RETURN_INVALID_PARAMETER;
-
-	getdns_return_t r = _getdns_context_cancel_request(context, transaction_id, 1);
 	getdns_context_request_count_changed(context);
-	return r;
+
+	if (dnsreq->user_callback) {
+		dnsreq->context->processing = 1;
+		dnsreq->user_callback(dnsreq->context, GETDNS_CALLBACK_CANCEL,
+		    NULL, dnsreq->user_pointer, dnsreq->trans_id);
+		dnsreq->context->processing = 0;
+	}
+	_getdns_context_cancel_request(dnsreq);
+	return GETDNS_RETURN_GOOD;
 } /* getdns_cancel_callback */
 
+void
+_getdns_context_request_timed_out(getdns_dns_req *dnsreq)
+{
+	DEBUG_SCHED("%s(%p)\n", __FUNC__, (void *)dnsreq);
+
+	if (dnsreq->user_callback) {
+		dnsreq->context->processing = 1;
+		dnsreq->user_callback(dnsreq->context, GETDNS_CALLBACK_TIMEOUT,
+		    _getdns_create_getdns_response(dnsreq),
+		     dnsreq->user_pointer, dnsreq->trans_id);
+		dnsreq->context->processing = 0;
+	}
+	_getdns_context_cancel_request(dnsreq);
+}
+
+static void
+accumulate_outstanding_transactions(_getdns_rbnode_t *node, void* arg)
+{
+	*(*(getdns_dns_req ***)arg)++ = (getdns_dns_req *)node;
+}
+
+static void
+cancel_outstanding_requests(getdns_context* context)
+{
+	getdns_dns_req **dnsreqs, **dnsreq_a, **dnsreq_i;
+
+	if (context->outbound_requests.count == 0)
+		return;
+
+	dnsreq_i = dnsreq_a = dnsreqs = GETDNS_XMALLOC(context->my_mf,
+	    getdns_dns_req *, context->outbound_requests.count);
+
+	_getdns_traverse_postorder(&context->outbound_requests,
+	    accumulate_outstanding_transactions, &dnsreq_a);
+
+	while (dnsreq_i < dnsreq_a) {
+		getdns_dns_req *dnsreq = *dnsreq_i;
+
+		if (dnsreq->user_callback) {
+			dnsreq->context->processing = 1;
+			dnsreq->user_callback(dnsreq->context,
+			    GETDNS_CALLBACK_CANCEL, NULL,
+			    dnsreq->user_pointer, dnsreq->trans_id);
+			dnsreq->context->processing = 0;
+		}
+		_getdns_context_cancel_request(dnsreq);
+
+		dnsreq_i += 1;
+	}
+	GETDNS_FREE(context->my_mf, dnsreqs);
+}
 
 #ifndef STUB_NATIVE_DNSSEC
 
@@ -3234,56 +3301,6 @@ _getdns_context_prepare_for_resolution(struct getdns_context *context,
 	return r;
 } /* _getdns_context_prepare_for_resolution */
 
-getdns_return_t
-_getdns_context_track_outbound_request(getdns_dns_req *dnsreq)
-{
-    	if (!dnsreq)
-		return GETDNS_RETURN_INVALID_PARAMETER;
-
-	dnsreq->node.key = &(dnsreq->trans_id);
-	if (!_getdns_rbtree_insert(
-	    &dnsreq->context->outbound_requests, &dnsreq->node))
-		return GETDNS_RETURN_GENERIC_ERROR;
-
-	getdns_context_request_count_changed(dnsreq->context);
-	return GETDNS_RETURN_GOOD;
-}
-
-getdns_return_t
-_getdns_context_clear_outbound_request(getdns_dns_req *dnsreq)
-{
-    	if (!dnsreq)
-		return GETDNS_RETURN_INVALID_PARAMETER;
-
-	if (!_getdns_rbtree_delete(
-	    &dnsreq->context->outbound_requests, &dnsreq->trans_id))
-		return GETDNS_RETURN_GENERIC_ERROR;
-
-	getdns_context_request_count_changed(dnsreq->context);
-	return GETDNS_RETURN_GOOD;
-}
-
-getdns_return_t
-_getdns_context_request_timed_out(getdns_dns_req *req)
-{
-	/* Don't use req after callback */
-	getdns_context* context = req->context;
-	getdns_transaction_t trans_id = req->trans_id;
-	getdns_callback_t cb = req->user_callback;
-	void *user_arg = req->user_pointer;
-	getdns_dict *response = _getdns_create_getdns_response(req);
-
-	/* cancel the req - also clears it from outbound and cleans up*/
-	_getdns_context_cancel_request(context, trans_id, 0);
-	if (cb) {
-		context->processing = 1;
-		cb(context, GETDNS_CALLBACK_TIMEOUT, response, user_arg, trans_id);
-		context->processing = 0;
-	}
-	getdns_context_request_count_changed(context);
-	return GETDNS_RETURN_GOOD;
-}
-
 char *
 _getdns_strdup(const struct mem_funcs *mfs, const char *s)
 {
@@ -3365,33 +3382,6 @@ getdns_context_run(getdns_context *context)
 	context->extension->vmt->run(context->extension);
 }
 
-typedef struct timeout_accumulator {
-    getdns_transaction_t* ids;
-    int idx;
-} timeout_accumulator;
-
-static void
-accumulate_outstanding_transactions(_getdns_rbnode_t* node, void* arg) {
-    timeout_accumulator* acc = (timeout_accumulator*) arg;
-    acc->ids[acc->idx] = *((getdns_transaction_t*) node->key);
-    acc->idx++;
-}
-
-static void
-cancel_outstanding_requests(struct getdns_context* context, int fire_callback) {
-    if (context->outbound_requests.count > 0) {
-        timeout_accumulator acc;
-        int i;
-        acc.idx = 0;
-        acc.ids = GETDNS_XMALLOC(context->my_mf, getdns_transaction_t, context->outbound_requests.count);
-        _getdns_traverse_postorder(&context->outbound_requests, accumulate_outstanding_transactions, &acc);
-        for (i = 0; i < acc.idx; ++i) {
-            _getdns_context_cancel_request(context, acc.ids[i], fire_callback);
-        }
-        GETDNS_FREE(context->my_mf, acc.ids);
-    }
-}
-
 getdns_return_t
 getdns_context_detach_eventloop(struct getdns_context* context)
 {
@@ -3405,7 +3395,7 @@ getdns_context_detach_eventloop(struct getdns_context* context)
 	 *   and they may destroy the context )
 	 */
 	/* cancel all outstanding requests */
-	cancel_outstanding_requests(context, 1);
+	cancel_outstanding_requests(context);
 	context->extension->vmt->cleanup(context->extension);
 	context->extension = &context->default_eventloop.loop;
 	_getdns_default_eventloop_init(&context->mf, &context->default_eventloop);
@@ -3423,7 +3413,7 @@ getdns_context_set_eventloop(getdns_context* context, getdns_eventloop* loop)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
 	if (context->extension) {
-		cancel_outstanding_requests(context, 1);
+		cancel_outstanding_requests(context);
 		context->extension->vmt->cleanup(context->extension);
 	}
 	context->extension = loop;
diff --git a/src/context.h b/src/context.h
index b89a5876..e6ed49fb 100644
--- a/src/context.h
+++ b/src/context.h
@@ -349,19 +349,34 @@ struct getdns_context {
 getdns_return_t _getdns_context_prepare_for_resolution(struct getdns_context *context,
  int usenamespaces);
 
-/* track an outbound request */
-getdns_return_t _getdns_context_track_outbound_request(struct getdns_dns_req
-    *req);
-/* clear the outbound request from being tracked - does not cancel it */
-getdns_return_t _getdns_context_clear_outbound_request(struct getdns_dns_req
-    *req);
+/* Register a getdns_dns_req with context.
+ * - Without pluggable unbound event API,
+ *   ub_fd() is scheduled when this was the first request.
+ */
+void _getdns_context_track_outbound_request(getdns_dns_req *dnsreq);
 
-getdns_return_t _getdns_context_request_timed_out(struct getdns_dns_req
-    *req);
+/* Deregister getdns_dns_req from the context.
+ * - Without pluggable unbound event API,
+ *   ub_fd() is scheduled when this was the first request.
+ * - Potential timeout events will be cleared.
+ * - All associated getdns_dns_reqs (to get the validation chain)
+ *   will be canceled.
+ */
+void _getdns_context_clear_outbound_request(getdns_dns_req *dnsreq);
 
-/* cancel callback internal - flag to indicate if req should be freed and callback fired */
-getdns_return_t _getdns_context_cancel_request(struct getdns_context *context,
-    getdns_transaction_t transaction_id, int fire_callback);
+/* Cancels and frees a getdns_dns_req (without calling user callbacks)
+ * - Deregisters getdns_dns_req with _getdns_context_clear_outbound_request()
+ * - Cancels associated getdns_network_reqs
+ *   (by calling ub_cancel() or _getdns_cancel_stub_request())
+ * - Frees the getdns_dns_req
+ */
+void _getdns_context_cancel_request(getdns_dns_req *dnsreq);
+
+
+/* Calls user callback (with GETDNS_CALLBACK_TIMEOUT + response dict), then
+ * cancels and frees the getdns_dns_req with _getdns_context_cancel_request()
+ */
+void _getdns_context_request_timed_out(getdns_dns_req *dnsreq);
 
 char *_getdns_strdup(const struct mem_funcs *mfs, const char *str);
 
diff --git a/src/dnssec.c b/src/dnssec.c
index 905f778d..0396f045 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1044,7 +1044,6 @@ static void val_chain_node_cb(getdns_dns_req *dnsreq)
 	_getdns_rrsig_iter  *rrsig, rrsig_spc;
 	size_t n_signers;
 
-	_getdns_context_clear_outbound_request(dnsreq);
 	switch (netreq->request_type) {
 	case GETDNS_RRTYPE_DS    : node->ds.pkt     = netreq->response;
 	                           node->ds.pkt_len = netreq->response_len;
@@ -1094,7 +1093,6 @@ static void val_chain_node_soa_cb(getdns_dns_req *dnsreq)
 	_getdns_rrset_iter i_spc, *i;
 	_getdns_rrset *rrset;
 
-	_getdns_context_clear_outbound_request(dnsreq);
 	/* A SOA query is always scheduled with a node as the user argument.
 	 */
 	assert(node != NULL);
@@ -1121,8 +1119,10 @@ static void val_chain_node_soa_cb(getdns_dns_req *dnsreq)
 		} else {
 			/* SOA for a different name */
 			node = (chain_node *)dnsreq->user_pointer;
-			node->lock++;
-			val_chain_sched_soa_node(node->parent);
+			if (node->parent) {
+				node->lock++;
+				val_chain_sched_soa_node(node->parent);
+			}
 		}
 
 	} else if (node->parent) {
@@ -3049,7 +3049,10 @@ static void check_chain_complete(chain_head *chain)
 	val_chain_list = dnsreq->dnssec_return_validation_chain
 		? getdns_list_create_with_context(context) : NULL;
 
-	/* Walk chain to add values to val_chain_list and to cleanup */
+	/* Walk chain to add values to val_chain_list.  We do not cleanup yet.
+	 * The chain will eventually be freed when the dns request is descheduled
+	 * with getdns_context_clear_outbound_request().
+	 */
 	for ( head = chain; head ; head = next ) {
 		next = head->next;
 		if (dnsreq->dnssec_return_full_validation_chain &&
@@ -3076,7 +3079,6 @@ static void check_chain_complete(chain_head *chain)
 					    context, val_chain_list,
 					    node->dnskey_req,
 					    node->dnskey_signer);
-				_getdns_dns_req_free(node->dnskey_req->owner);
 			}
 			if (node->ds_req) {
 				if (val_chain_list)
@@ -3094,13 +3096,8 @@ static void check_chain_complete(chain_head *chain)
 					    context, val_chain_list,
 					    &node->ds);
 				}
-				_getdns_dns_req_free(node->ds_req->owner);
-			}
-			if (node->soa_req) {
-				_getdns_dns_req_free(node->soa_req->owner);
 			}
 		}
-		GETDNS_FREE(head->my_mf, head);
 	}
 
 	response_dict = _getdns_create_getdns_response(dnsreq);
@@ -3117,11 +3114,12 @@ static void check_chain_complete(chain_head *chain)
 
 void _getdns_cancel_validation_chain(getdns_dns_req *dnsreq)
 {
-	chain_head *head, *next;
+	chain_head *head = dnsreq->chain, *next;
 	chain_node *node;
 	size_t      node_count;
 
-	for ( head = dnsreq->chain; head ; head = next ) {
+	dnsreq->chain = NULL;
+	while (head) {
 		next = head->next;
 
 		for ( node_count = head->node_count, node = head->parent
@@ -3130,22 +3128,19 @@ void _getdns_cancel_validation_chain(getdns_dns_req *dnsreq)
 
 			if (node->dnskey_req)
 				_getdns_context_cancel_request(
-				    node->dnskey_req->owner->context,
-				    node->dnskey_req->owner->trans_id, 0);
+				    node->dnskey_req->owner);
 
 			if (node->ds_req)
 				_getdns_context_cancel_request(
-				    node->ds_req->owner->context,
-				    node->ds_req->owner->trans_id, 0);
-			
-			if (node->soa_req) 
+				    node->ds_req->owner);
+
+			if (node->soa_req)
 				_getdns_context_cancel_request(
-				    node->soa_req->owner->context,
-				    node->soa_req->owner->trans_id, 0);
+				    node->soa_req->owner);
 		}
 		GETDNS_FREE(head->my_mf, head);
+		head = next;
 	}
-	dnsreq->chain = NULL;
 }
 
 void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
diff --git a/src/general.c b/src/general.c
index 97a97dcf..b31e2405 100644
--- a/src/general.c
+++ b/src/general.c
@@ -54,14 +54,6 @@
 #include "dict.h"
 #include "mdns.h"
 
-/* cancel, cleanup and send timeout to callback */
-static void
-ub_resolve_timeout(void *arg)
-{
-	getdns_dns_req *dns_req = (getdns_dns_req *) arg;
-	(void) _getdns_context_request_timed_out(dns_req);
-}
-
 void _getdns_call_user_callback(getdns_dns_req *dns_req,
     struct getdns_dict *response)
 {
@@ -72,13 +64,14 @@ void _getdns_call_user_callback(getdns_dns_req *dns_req,
 
 	/* clean up */
 	_getdns_context_clear_outbound_request(dns_req);
-	_getdns_dns_req_free(dns_req);
 
 	context->processing = 1;
 	cb(context,
 	    (response ? GETDNS_CALLBACK_COMPLETE : GETDNS_CALLBACK_ERROR),
 	    response, user_arg, trans_id);
 	context->processing = 0;
+
+	_getdns_dns_req_free(dns_req);
 }
 
 static int
@@ -186,9 +179,10 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 			return;
 		}
 	}
-	if (dns_req->internal_cb)
+	if (dns_req->internal_cb) {
+		_getdns_context_clear_outbound_request(dns_req);
 		dns_req->internal_cb(dns_req);
-	else if (! results_found)
+	} else if (! results_found)
 		_getdns_call_user_callback(dns_req, NULL);
 	else if (dns_req->dnssec_return_validation_chain
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
@@ -290,7 +284,9 @@ _getdns_submit_netreq(getdns_network_req *netreq)
 			dns_req->timeout.userarg    = dns_req;
 			dns_req->timeout.read_cb    = NULL;
 			dns_req->timeout.write_cb   = NULL;
-			dns_req->timeout.timeout_cb = ub_resolve_timeout;
+			dns_req->timeout.timeout_cb =
+			    (getdns_eventloop_callback)
+			    _getdns_context_request_timed_out;
 			dns_req->timeout.ev         = NULL;
 			if ((r = dns_req->loop->vmt->schedule(dns_req->loop, -1,
 			    dns_req->context->timeout, &dns_req->timeout)))
diff --git a/src/request-internal.c b/src/request-internal.c
index 3f180d56..eae467e9 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -644,7 +644,7 @@ _getdns_dns_req_free(getdns_dns_req * req)
 		network_req_cleanup(*net_req);
 
 	/* clear timeout event */
-	if (req->timeout.timeout_cb) {
+	if (req->loop && req->loop->vmt && req->timeout.timeout_cb) {
 		req->loop->vmt->clear(req->loop, &req->timeout);
 		req->timeout.timeout_cb = NULL;
 	}
@@ -896,9 +896,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 	}
 	result->context = context;
 	result->loop = loop;
-	result->canceled = 0;
-	result->trans_id = (((uint64_t)arc4random()) << 32) |
-	                    ((uint64_t)arc4random());
+	result->trans_id = (uint64_t) (intptr_t) result;
 	result->dnssec_return_status           = dnssec_return_status;
 	result->dnssec_return_only_secure      = dnssec_return_only_secure;
 	result->dnssec_return_all_statuses     = dnssec_return_all_statuses;
diff --git a/src/stub.c b/src/stub.c
index 9421f5d8..a377228f 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -602,7 +602,7 @@ stub_timeout_cb(void *userarg)
 	if (netreq->owner->user_callback) {
 		netreq->debug_end_time = _getdns_get_time_as_uintt64();
 		/* Note this calls cancel_request which calls stub_cleanup again....!*/
-		(void) _getdns_context_request_timed_out(netreq->owner);
+		_getdns_context_request_timed_out(netreq->owner);
 	} else
 		_getdns_check_dns_req_complete(netreq->owner);
 }
diff --git a/src/types-internal.h b/src/types-internal.h
index 137892f1..78f1935a 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -290,9 +290,6 @@ typedef struct getdns_dns_req {
 	size_t  suffix_len;
 	unsigned suffix_appended			: 1;
 
-	/* canceled flag */
-	unsigned canceled				: 1;
-
 	/* request extensions */
 	unsigned dnssec_return_status			: 1;
 	unsigned dnssec_return_only_secure		: 1;

From 09a727eadb44e56b8860ac097ab744c4973396be Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 18 Feb 2017 13:18:14 +0100
Subject: [PATCH 146/249] git ignore tpkg tests cruft

---
 .gitignore | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 7bbbdebd..d9315494 100644
--- a/.gitignore
+++ b/.gitignore
@@ -55,6 +55,13 @@ m4/ltsugar.m4
 m4/ltversion.m4
 m4/lt~obsolete.m4
 src/config.h.in
-build/
 getdns.pc
 getdns_ext_event.pc
+/src/test/tpkg/result.*
+/src/test/tpkg/.done-*
+/src/test/tpkg/.tpkg.var.master
+/src/test/tpkg/scan-build-reports/
+/src/test/tpkg/install/
+/src/test/tpkg/build/
+/src/test/tpkg/build-stub-only/
+/src/test/tpkg/build-event-loops/

From ba7dfbeec0615f4ab46175cf3d6f2af5c8186a0a Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 18 Feb 2017 15:56:06 +0100
Subject: [PATCH 147/249] Misplaced event clear in stub.c

---
 src/stub.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index a377228f..37c025a8 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1299,8 +1299,6 @@ stub_udp_read_cb(void *userarg)
 	DEBUG_STUB("%s %-35s: MSG: %p \n", STUB_DEBUG_READ, 
 	             __FUNC__, (void*)netreq);
 
-	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
-
 	read = recvfrom(netreq->fd, (void *)netreq->response,
 	    netreq->max_udp_payload_size + 1, /* If read == max_udp_payload_size
 	                                       * then all is good.  If read ==
@@ -1322,6 +1320,8 @@ stub_udp_read_cb(void *userarg)
 	    upstream, netreq->response, read))
 		return; /* Client cookie didn't match? */
 
+	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
+
 #ifdef USE_WINSOCK
 	closesocket(netreq->fd);
 #else

From 8fccd668136ce6d0f4dcb2567bc54f91a6bedf28 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sun, 19 Feb 2017 09:39:10 +0100
Subject: [PATCH 148/249] cancel_outstanding_requests by transaction_id

to prevent double frees as side effect of getdns_dns_req being canceled by user callbacks.
---
 src/context.c | 32 ++++++++++++++------------------
 1 file changed, 14 insertions(+), 18 deletions(-)

diff --git a/src/context.c b/src/context.c
index 39334b82..5421fd81 100644
--- a/src/context.c
+++ b/src/context.c
@@ -2983,38 +2983,34 @@ _getdns_context_request_timed_out(getdns_dns_req *dnsreq)
 static void
 accumulate_outstanding_transactions(_getdns_rbnode_t *node, void* arg)
 {
-	*(*(getdns_dns_req ***)arg)++ = (getdns_dns_req *)node;
+	*(*(getdns_transaction_t**)arg)++ = ((getdns_dns_req*)node)->trans_id;
 }
 
 static void
 cancel_outstanding_requests(getdns_context* context)
 {
-	getdns_dns_req **dnsreqs, **dnsreq_a, **dnsreq_i;
+	getdns_transaction_t *trans_ids, *tids_a, *tids_i;
 
 	if (context->outbound_requests.count == 0)
 		return;
 
-	dnsreq_i = dnsreq_a = dnsreqs = GETDNS_XMALLOC(context->my_mf,
-	    getdns_dns_req *, context->outbound_requests.count);
+	tids_i = tids_a = trans_ids = GETDNS_XMALLOC(context->my_mf,
+	    getdns_transaction_t, context->outbound_requests.count);
 
 	_getdns_traverse_postorder(&context->outbound_requests,
-	    accumulate_outstanding_transactions, &dnsreq_a);
+	    accumulate_outstanding_transactions, &tids_a);
 
-	while (dnsreq_i < dnsreq_a) {
-		getdns_dns_req *dnsreq = *dnsreq_i;
+	while (tids_i < tids_a) {
 
-		if (dnsreq->user_callback) {
-			dnsreq->context->processing = 1;
-			dnsreq->user_callback(dnsreq->context,
-			    GETDNS_CALLBACK_CANCEL, NULL,
-			    dnsreq->user_pointer, dnsreq->trans_id);
-			dnsreq->context->processing = 0;
-		}
-		_getdns_context_cancel_request(dnsreq);
-
-		dnsreq_i += 1;
+		/* We have to cancel by transaction_id because we do not know
+		 * what happens when the user_callback is called.  It might
+		 * delete getdns_dns_req's that were scheduled to be canceled.
+		 * The extra lookup with transaction_id makes sure we do not
+		 * access freed memory.
+		 */
+		(void) getdns_cancel_callback(context, *tids_i++);
 	}
-	GETDNS_FREE(context->my_mf, dnsreqs);
+	GETDNS_FREE(context->my_mf, trans_ids);
 }
 
 #ifndef STUB_NATIVE_DNSSEC

From b3a06f1944fbdc6b2f76b8afe45be3eae6a16f55 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sun, 19 Feb 2017 09:47:41 +0100
Subject: [PATCH 149/249] A bit more consistency in user_callback usage

---
 src/general.c | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/src/general.c b/src/general.c
index b31e2405..69dc7462 100644
--- a/src/general.c
+++ b/src/general.c
@@ -54,24 +54,19 @@
 #include "dict.h"
 #include "mdns.h"
 
-void _getdns_call_user_callback(getdns_dns_req *dns_req,
-    struct getdns_dict *response)
+void _getdns_call_user_callback(getdns_dns_req *dnsreq, getdns_dict *response)
 {
-	struct getdns_context *context = dns_req->context;
-	getdns_transaction_t trans_id = dns_req->trans_id;
-	getdns_callback_t cb = dns_req->user_callback;
-	void *user_arg = dns_req->user_pointer;
+	_getdns_context_clear_outbound_request(dnsreq);
 
-	/* clean up */
-	_getdns_context_clear_outbound_request(dns_req);
-
-	context->processing = 1;
-	cb(context,
-	    (response ? GETDNS_CALLBACK_COMPLETE : GETDNS_CALLBACK_ERROR),
-	    response, user_arg, trans_id);
-	context->processing = 0;
-
-	_getdns_dns_req_free(dns_req);
+	if (dnsreq->user_callback) {
+		dnsreq->context->processing = 1;
+		dnsreq->user_callback(dnsreq->context,
+		    (response ? GETDNS_CALLBACK_COMPLETE
+		              : GETDNS_CALLBACK_ERROR),
+		    response, dnsreq->user_pointer, dnsreq->trans_id);
+		dnsreq->context->processing = 0;
+	}
+	_getdns_dns_req_free(dnsreq);
 }
 
 static int

From 4b6962cd9aa16c3675def2d04a2bd7d25f91248f Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sun, 19 Feb 2017 09:55:10 +0100
Subject: [PATCH 150/249] Use __FUNC__ instead of function for protability

It is #defined to __FUNCTION__ or to __func__ depending on what configure detected.
---
 src/mdns.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/mdns.c b/src/mdns.c
index 36950f36..253bf972 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -83,7 +83,7 @@ static void
 mdns_cleanup(getdns_network_req *netreq)
 {
 	DEBUG_MDNS("%s %-35s: MSG: %p\n",
-		MDNS_DEBUG_CLEANUP, __FUNCTION__, netreq);
+		MDNS_DEBUG_CLEANUP, __FUNC__, netreq);
 	getdns_dns_req *dnsreq = netreq->owner;
 
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
@@ -109,7 +109,7 @@ mdns_timeout_cb(void *userarg)
 {
 	getdns_network_req *netreq = (getdns_network_req *)userarg;
 	DEBUG_MDNS("%s %-35s: MSG:  %p\n",
-		MDNS_DEBUG_CLEANUP, __FUNCTION__, netreq);
+		MDNS_DEBUG_CLEANUP, __FUNC__, netreq);
 
 	/* TODO: do we need a retry logic here? */
 
@@ -143,7 +143,7 @@ mdns_udp_read_cb(void *userarg)
 	getdns_dns_req *dnsreq = netreq->owner;
 	ssize_t       read;
 	DEBUG_MDNS("%s %-35s: MSG: %p \n", MDNS_DEBUG_READ,
-		__FUNCTION__, netreq);
+		__FUNC__, netreq);
 
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 
@@ -197,7 +197,7 @@ mdns_udp_write_cb(void *userarg)
 	int r;
 
 	DEBUG_MDNS("%s %-35s: MSG: %p \n", MDNS_DEBUG_WRITE,
-		__FUNCTION__, netreq);
+		__FUNC__, netreq);
 
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 
@@ -245,7 +245,7 @@ mdns_udp_write_cb(void *userarg)
 getdns_return_t
 _getdns_submit_mdns_request(getdns_network_req *netreq)
 {
-	DEBUG_MDNS("%s %-35s: MSG: %p TYPE: %d\n", MDNS_DEBUG_ENTRY, __FUNCTION__,
+	DEBUG_MDNS("%s %-35s: MSG: %p TYPE: %d\n", MDNS_DEBUG_ENTRY, __FUNC__,
 		netreq, netreq->request_type);
 	int fd = -1;
 	getdns_dns_req *dnsreq = netreq->owner;

From 09df4e2d5dfea4715f3376da77a7e5dd7b206cf8 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Wed, 22 Feb 2017 13:00:27 +0000
Subject: [PATCH 151/249] Fix spacing error in stubby help output

---
 src/tools/getdns_query.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 61825f1b..bb452929 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -215,7 +215,7 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t\tThe file must be in json dict format.\n");
 	if (i_am_stubby) {
 		fprintf(out, "\t\tBy default, configuration is first read from");
-		fprintf(out, "\t\t\"/etc/stubby.conf\" and then from \"$HOME/.stubby.conf\"");
+		fprintf(out, "\n\t\t\"/etc/stubby.conf\" and then from \"$HOME/.stubby.conf\"\n");
 	}
 	fprintf(out, "\t-D\tSet edns0 do bit\n");
 	fprintf(out, "\t-d\tclear edns0 do bit\n");

From 356408955db7ea8caaac56c017e627ebb882e785 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Wed, 22 Feb 2017 13:08:32 +0000
Subject: [PATCH 152/249] Update the SPKI pin in the stubby.conf file for the
 Sinodun/Surfnet servers.

---
 src/tools/stubby.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf
index 5deb03db..e562e49d 100644
--- a/src/tools/stubby.conf
+++ b/src/tools/stubby.conf
@@ -5,14 +5,14 @@
     , tls_auth_name: "dnsovertls.sinodun.com"
     , tls_pubkey_pinset:
       [ { digest: "sha256"
-        , value: 0xA132D34D34C181765337C70B83E3697B9524DDDB05A7118B43C0284033D5A0CC
+        , value: 0xEB694ABBD1EC0D56F288F7A70299DCE2C7E64984C73957C580BDE9C81F9C04BE
       } ] 
     },
     { address_data: 145.100.185.16
     , tls_auth_name: "dnsovertls1.sinodun.com"
     , tls_pubkey_pinset:
       [ { digest: "sha256"
-        , value: 0x659B41EB08DCC70EE9D624E6219C76EE31954DA1548B0C8519EAE5228CB24150
+        , value: 0x704D9E7002DE13907EBAB2610EB26554599FDFC7092C0BEA7A438DBE3BE9A940
       } ] 
     },
     { address_data: 185.49.141.38

From 1b7aef5a882b39f04ca12e325d66a7d03d580519 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Thu, 23 Feb 2017 14:49:17 +0000
Subject: [PATCH 153/249] Add a new GETDNS_RETURN code for the case where no
 upstream is considered valid and hence a query cannot even be scheduled. Only
 applies when using purely stateful transports. This can happen when using
 Stubby if there are problems with connections to upstreams.

---
 src/const-info.c             | 2 ++
 src/getdns/getdns_extra.h.in | 2 ++
 src/stub.c                   | 5 ++---
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/const-info.c b/src/const-info.c
index a71f928a..0022a768 100644
--- a/src/const-info.c
+++ b/src/const-info.c
@@ -24,6 +24,7 @@ static struct const_info consts_info[] = {
 	{  310, "GETDNS_RETURN_MEMORY_ERROR", GETDNS_RETURN_MEMORY_ERROR_TEXT },
 	{  311, "GETDNS_RETURN_INVALID_PARAMETER", GETDNS_RETURN_INVALID_PARAMETER_TEXT },
 	{  312, "GETDNS_RETURN_NOT_IMPLEMENTED", GETDNS_RETURN_NOT_IMPLEMENTED_TEXT },
+	{  398, "GETDNS_RETURN_NO_UPSTREAM_AVAILABLE", GETDNS_RETURN_NO_UPSTREAM_AVAILABLE_TEXT },
 	{  399, "GETDNS_RETURN_NEED_MORE_SPACE", GETDNS_RETURN_NEED_MORE_SPACE_TEXT },
 	{  400, "GETDNS_DNSSEC_SECURE", GETDNS_DNSSEC_SECURE_TEXT },
 	{  401, "GETDNS_DNSSEC_BOGUS", GETDNS_DNSSEC_BOGUS_TEXT },
@@ -218,6 +219,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RETURN_GOOD", 0 },
 	{ "GETDNS_RETURN_INVALID_PARAMETER", 311 },
 	{ "GETDNS_RETURN_MEMORY_ERROR", 310 },
+	{ "GETDNS_RETURN_NO_UPSTREAM_AVAILABLE", 398},
 	{ "GETDNS_RETURN_NEED_MORE_SPACE", 399 },
 	{ "GETDNS_RETURN_NOT_IMPLEMENTED", 312 },
 	{ "GETDNS_RETURN_NO_SUCH_DICT_NAME", 305 },
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 5abf39e7..a76564eb 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -56,6 +56,8 @@ extern "C" {
  * \defgroup Ureturnvaluesandtext Additional return values and texts
  *  @{
  */
+#define GETDNS_RETURN_NO_UPSTREAM_AVAILABLE ((getdns_return_t) 398 )
+#define GETDNS_RETURN_NO_UPSTREAM_AVAILABLE_TEXT "None of the configured upstreams could be used to send queries on the specified transports"
 #define GETDNS_RETURN_NEED_MORE_SPACE ((getdns_return_t) 399 )
 #define GETDNS_RETURN_NEED_MORE_SPACE_TEXT "The buffer was too small"
 /** @}
diff --git a/src/stub.c b/src/stub.c
index 37c025a8..369c0d38 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -520,7 +520,7 @@ stub_cleanup(getdns_network_req *netreq)
 static void
 upstream_failed(getdns_upstream *upstream, int during_setup)
 {
-	DEBUG_STUB("%s %-35s: FD:  %d During setup = %d\n",
+	DEBUG_STUB("%s %-35s: FD:  %d Failure during connection setup = %d\n",
 	           STUB_DEBUG_CLEANUP, __FUNC__, upstream->fd, during_setup);
 	/* Fallback code should take care of queue queries and then close conn
 	   when idle.*/
@@ -2023,8 +2023,7 @@ _getdns_submit_stub_request(getdns_network_req *netreq)
 	 * All other set up is done async*/
 	fd = upstream_find_for_netreq(netreq);
 	if (fd == -1)
-		/* Handle better, will give unhelpful error is some cases */
-		return GETDNS_RETURN_GENERIC_ERROR;
+		return GETDNS_RETURN_NO_UPSTREAM_AVAILABLE;
 
 	getdns_transport_list_t transport =
 	                             netreq->transports[netreq->transport_current];

From ff4ecd5b39997fb1e2650243aa0c66aa5765e9dc Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Thu, 23 Feb 2017 15:38:45 +0000
Subject: [PATCH 154/249] Couple of extra output messages so Stubby users in
 strict mode know why the authentication failed

---
 src/stub.c | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index 369c0d38..c40d518e 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -872,9 +872,16 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	/* First deal with the hostname authentication done by OpenSSL. */
 #ifdef X509_V_ERR_HOSTNAME_MISMATCH
 	/*Report if error is hostname mismatch*/
-	if (err == X509_V_ERR_HOSTNAME_MISMATCH && upstream->tls_fallback_ok)
-		DEBUG_STUB("%s %-35s: FD:  %d WARNING: Proceeding even though hostname validation failed!\n",
-		           STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
+	if (err == X509_V_ERR_HOSTNAME_MISMATCH) {
+		if (upstream->tls_fallback_ok)
+			DEBUG_STUB("%s %-35s: FD:  %d WARNING: Proceeding even though hostname validation failed!\n",
+		                STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+		else
+			DEBUG_DAEMON("%s %s : Conn failed   : Transport=TLS - *Failure* - Hostname mismatch\n",
+		                  STUB_DEBUG_DAEMON, upstream->addr_str);
+#endif
+	}
 #else
 	/* if we weren't built against OpenSSL with hostname matching we
 	 * could not have matched the hostname, so this would be an automatic
@@ -897,9 +904,15 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 		if (upstream->tls_fallback_ok)
 			DEBUG_STUB("%s %-35s: FD:  %d, WARNING: Proceeding even though pinset validation failed!\n",
 			            STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+		else
+			DEBUG_DAEMON("%s %s : Conn failed   : Transport=TLS - *Failure* - Pinset validation failure\n",
+		                  STUB_DEBUG_DAEMON, upstream->addr_str);
+#endif
 	} else {
 		/* If we _only_ had a pinset and it is good then force succesful
-		   authentication when the cert self-signed */
+		   authentication when the cert self-signed
+		   TODO: We need to check for other error cases here, not blindly accept the cert!! */
 		if ((upstream->tls_pubkey_pinset && upstream->tls_auth_name[0] == '\0') &&
 		     (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
 		      err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)) {
@@ -915,6 +928,7 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	else if (upstream->tls_auth_state == GETDNS_AUTH_NONE &&
 	         (upstream->tls_pubkey_pinset || upstream->tls_auth_name[0]))
 		upstream->tls_auth_state = GETDNS_AUTH_OK;
+
 	/* If fallback is allowed, proceed regardless of what the auth error is
 	   (might not be hostname or pinset related) */
 	return (upstream->tls_fallback_ok) ? 1 : preverify_ok;

From ebdf657fd784bc6a7e6f53f0bb8937653eef659c Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Thu, 23 Feb 2017 16:48:16 +0000
Subject: [PATCH 155/249] Change pins for IPv6 addresses for Sinodun privacy
 servers! Improve logging of auth failure

---
 src/stub.c            | 15 +++++++--------
 src/tools/stubby.conf |  4 ++--
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index c40d518e..148c1a2b 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -868,20 +868,19 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	            STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd, err,
 	            X509_verify_cert_error_string(err));
 #endif
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+	if (!preverify_ok && !upstream->tls_fallback_ok)
+			DEBUG_DAEMON("%s %s : Conn failed   : Transport=TLS - *Failure* -  (%d) \"%s\"\n",
+		                  STUB_DEBUG_DAEMON, upstream->addr_str, err,
+			              X509_verify_cert_error_string(err));
+#endif
 
 	/* First deal with the hostname authentication done by OpenSSL. */
 #ifdef X509_V_ERR_HOSTNAME_MISMATCH
 	/*Report if error is hostname mismatch*/
-	if (err == X509_V_ERR_HOSTNAME_MISMATCH) {
-		if (upstream->tls_fallback_ok)
+	if (err == X509_V_ERR_HOSTNAME_MISMATCH && upstream->tls_fallback_ok)
 			DEBUG_STUB("%s %-35s: FD:  %d WARNING: Proceeding even though hostname validation failed!\n",
 		                STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
-#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-		else
-			DEBUG_DAEMON("%s %s : Conn failed   : Transport=TLS - *Failure* - Hostname mismatch\n",
-		                  STUB_DEBUG_DAEMON, upstream->addr_str);
-#endif
-	}
 #else
 	/* if we weren't built against OpenSSL with hostname matching we
 	 * could not have matched the hostname, so this would be an automatic
diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf
index e562e49d..054a9256 100644
--- a/src/tools/stubby.conf
+++ b/src/tools/stubby.conf
@@ -26,14 +26,14 @@
     , tls_auth_name: "dnsovertls.sinodun.com"
     , tls_pubkey_pinset:
       [ { digest: "sha256"
-        , value: 0xA132D34D34C181765337C70B83E3697B9524DDDB05A7118B43C0284033D5A0CC
+        , value: 0xEB694ABBD1EC0D56F288F7A70299DCE2C7E64984C73957C580BDE9C81F9C04BE
       } ] 
     },
     { address_data: 2001:610:1:40ba:145:100:185:16
     , tls_auth_name: "dnsovertls1.sinodun.com"
     , tls_pubkey_pinset:
       [ { digest: "sha256"
-        , value: 0x659B41EB08DCC70EE9D624E6219C76EE31954DA1548B0C8519EAE5228CB24150
+        , value: 0x704D9E7002DE13907EBAB2610EB26554599FDFC7092C0BEA7A438DBE3BE9A940
       } ] 
     },
     { address_data: 2a04:b900:0:100::38

From f71dd2bf7121070720950897959aaa1ad183dd66 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Thu, 23 Feb 2017 16:50:29 +0000
Subject: [PATCH 156/249] Re-order so checks pass!

---
 src/const-info.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/const-info.c b/src/const-info.c
index 0022a768..473f7a45 100644
--- a/src/const-info.c
+++ b/src/const-info.c
@@ -219,12 +219,12 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RETURN_GOOD", 0 },
 	{ "GETDNS_RETURN_INVALID_PARAMETER", 311 },
 	{ "GETDNS_RETURN_MEMORY_ERROR", 310 },
-	{ "GETDNS_RETURN_NO_UPSTREAM_AVAILABLE", 398},
 	{ "GETDNS_RETURN_NEED_MORE_SPACE", 399 },
 	{ "GETDNS_RETURN_NOT_IMPLEMENTED", 312 },
 	{ "GETDNS_RETURN_NO_SUCH_DICT_NAME", 305 },
 	{ "GETDNS_RETURN_NO_SUCH_EXTENSION", 307 },
 	{ "GETDNS_RETURN_NO_SUCH_LIST_ITEM", 304 },
+	{ "GETDNS_RETURN_NO_UPSTREAM_AVAILABLE", 398},
 	{ "GETDNS_RETURN_UNKNOWN_TRANSACTION", 303 },
 	{ "GETDNS_RETURN_WRONG_TYPE_REQUESTED", 306 },
 	{ "GETDNS_RRCLASS_ANY", 255 },

From 7c8605c3b133d6739045b5e0cae834c76c21c183 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Thu, 23 Feb 2017 17:03:00 +0000
Subject: [PATCH 157/249] And fix the whitespace...

---
 src/const-info.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/const-info.c b/src/const-info.c
index 473f7a45..4556634a 100644
--- a/src/const-info.c
+++ b/src/const-info.c
@@ -224,7 +224,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RETURN_NO_SUCH_DICT_NAME", 305 },
 	{ "GETDNS_RETURN_NO_SUCH_EXTENSION", 307 },
 	{ "GETDNS_RETURN_NO_SUCH_LIST_ITEM", 304 },
-	{ "GETDNS_RETURN_NO_UPSTREAM_AVAILABLE", 398},
+	{ "GETDNS_RETURN_NO_UPSTREAM_AVAILABLE", 398 },
 	{ "GETDNS_RETURN_UNKNOWN_TRANSACTION", 303 },
 	{ "GETDNS_RETURN_WRONG_TYPE_REQUESTED", 306 },
 	{ "GETDNS_RRCLASS_ANY", 255 },

From 03307a7b717698bed69855afa83c82bbff6bfa6c Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Thu, 23 Feb 2017 17:55:31 -0800
Subject: [PATCH 158/249] Code almost complete for the MDNS multicast + cache.
 Of course, we still need a lot of testing.

---
 src/mdns.c | 700 ++++++++++++++++++++++++++++++++++++++++++++++++-----
 src/mdns.h |  11 +-
 2 files changed, 644 insertions(+), 67 deletions(-)

diff --git a/src/mdns.c b/src/mdns.c
index eec9c740..7923585c 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -24,6 +24,7 @@
 #include "context.h"
 #include "general.h"
 #include "gldns/pkthdr.h"
+#include "gldns/rrdef.h"
 #include "util-internal.h"
 #include "mdns.h"
 
@@ -165,6 +166,34 @@ struct lruhash_entry* entry, void* data, void* cb_arg)
 	return found;
 }
 
+/*
+ * Another missing LRU hash function: demote, move an entry to the bottom
+ * of the LRU pile.
+ */
+
+static void
+lru_demote(struct lruhash* table, struct lruhash_entry* entry)
+{
+	log_assert(table && entry);
+	if (entry == table->lru_end)
+		return; /* nothing to do */
+				/* remove from current lru position */
+	lru_remove(table, entry);
+	/* add at end */
+	entry->lru_next = NULL;
+	entry->lru_prev = table->lru_end;
+
+	if (table->lru_end == NULL)
+	{
+		table->lru_start = entry;
+	}
+	else
+	{
+		table->lru_end->lru_next = entry;
+	}
+	table->lru_end = entry;
+}
+
 /*
  * For the data part, we want to allocate in rounded increments, so as to reduce the
  * number of calls to XMALLOC
@@ -206,12 +235,298 @@ mdns_util_skip_name(uint8_t *p)
 	return x;
 }
 
+static size_t 
+mdns_util_copy_name(uint8_t * message, size_t message_length, size_t current_index,
+	uint8_t *name, int name_len_max, int name_index, int * name_len)
+{
+	uint8_t l;
+	size_t recursive_index;
+
+	*name_len = 0;
+	while (current_index < message_length && name_index < name_len_max) {
+		l = message[current_index++];
+		if (l == 0)
+		{
+			name[name_index++] = 0;
+			*name_len = name_index;
+			break;
+		}
+		else if (l >= 0xC0)
+		{
+			if (current_index < message_length)
+			{
+				recursive_index = ((l & 63) << 8) | message[current_index++];
+
+				(void) mdns_util_copy_name(message, message_length, 
+					recursive_index, name, name_len_max, name_index, name_len);
+
+				if (*name_len == 0)
+				{
+					current_index = message_length;
+				}
+			}
+			break;
+		}
+		else if (current_index + l < message_length &&
+			name_index + l + 1 < name_len_max)
+		{
+			name[name_index++] = l;
+
+			memcpy(name + name_index, message + current_index, l);
+			name_index += l;
+			current_index += l;
+		}
+		else
+		{
+			current_index = message_length;
+			break;
+		}
+	}
+
+	return current_index;
+}
+
 static int
 mdns_util_skip_query(uint8_t *p)
 {
 	return mdns_util_skip_name(p) + 4;
 }
 
+/*
+ * Single copy procedure for many record types
+ * copy N octets, then the canonical value of the name.
+ */
+static int
+mdns_util_canonical_flags_and_name(uint8_t *message, int message_length,
+	int record_length,
+	int current_index,
+	int nb_octets_to_copy,
+	uint8_t *buffer, int buffer_max,
+	uint8_t **actual_record, int *actual_length)
+{
+	int ret = 0;
+	int buffer_index = 0;
+	int name_len = 0;
+
+	if (buffer_max <= nb_octets_to_copy || record_length <= nb_octets_to_copy)
+	{
+		/* incorrect buffer */
+		ret = GETDNS_RETURN_GENERIC_ERROR;
+	}
+	else
+	{
+		for (int i = 0; i < nb_octets_to_copy; i++)
+		{
+			buffer[buffer_index++] = message[current_index++];
+		}
+
+		current_index = mdns_util_copy_name(message, message_length, current_index, buffer, buffer_max, buffer_index, &name_len);
+		if (current_index == record_length)
+		{
+			buffer_index += name_len;
+			*actual_record = buffer;
+			*actual_length = buffer_index;
+		}
+		else
+		{
+			/* something went wrong. */
+			ret = GETDNS_RETURN_BAD_DOMAIN_NAME;
+		}
+	}
+
+	return ret;
+}
+/*
+ * Set record value to canonical form
+ */
+static int
+mdns_util_canonical_record(uint8_t *message, int message_length,
+	int record_type, int record_class, int record_length,
+	int record_index,  
+	uint8_t *buffer, int buffer_max,
+	uint8_t **actual_record, int *actual_length)
+{
+	int ret = 0;
+	int current_index = record_index;
+	int buffer_index = 0;
+	int name_len = 0;
+	/* Check whether the record needs canonization */
+	*actual_record = message + record_index;
+	*actual_length = record_length;
+
+	if (record_class != GLDNS_RR_CLASS_IN)
+	{
+		/*
+		 * No attempt at canonization outside the IN class.
+		 */
+		return 0;
+	}
+	
+	switch (record_type)
+	{
+		
+	case GLDNS_RR_TYPE_NS:
+	case GLDNS_RR_TYPE_CNAME:
+	case GLDNS_RR_TYPE_PTR:
+	case GLDNS_RR_TYPE_MD:
+	case GLDNS_RR_TYPE_MB:
+	case GLDNS_RR_TYPE_MF:
+	case GLDNS_RR_TYPE_MG:
+	case GLDNS_RR_TYPE_MR:
+	case GLDNS_RR_TYPE_NSAP_PTR:
+		/* 
+		 * copy the name in canonical form 
+		 */
+		ret = mdns_util_canonical_flags_and_name(message, message_length,
+			record_length, current_index, 0,
+			buffer, buffer_max, actual_record, actual_length);
+		break;
+
+	case GLDNS_RR_TYPE_A:
+	case GLDNS_RR_TYPE_AAAA:
+	case GLDNS_RR_TYPE_TXT:
+	case GLDNS_RR_TYPE_HINFO:
+	case GLDNS_RR_TYPE_MINFO:
+	case GLDNS_RR_TYPE_NULL:
+	case GLDNS_RR_TYPE_WKS:
+	case GLDNS_RR_TYPE_X25:
+	case GLDNS_RR_TYPE_ISDN:
+	case GLDNS_RR_TYPE_NSAP:
+	case GLDNS_RR_TYPE_SIG:
+	case GLDNS_RR_TYPE_KEY:
+	case GLDNS_RR_TYPE_GPOS:
+	case GLDNS_RR_TYPE_LOC:
+	case GLDNS_RR_TYPE_EID:
+	case GLDNS_RR_TYPE_NIMLOC:
+		/* leave the content as is, no domain name in content */
+		break;
+
+	case GLDNS_RR_TYPE_SRV:
+		/*
+		 * Copy 6 octets for weight(2), priority(2) and port(2),
+		 * then copy the name.
+		 */
+		ret = mdns_util_canonical_flags_and_name(message, message_length,
+			record_length, current_index, 6,
+			buffer, buffer_max, actual_record, actual_length);
+		break;
+
+	case GLDNS_RR_TYPE_MX:
+	case GLDNS_RR_TYPE_RT:
+	case GLDNS_RR_TYPE_AFSDB:
+		/* 
+		 * copy two bytes preference or subtype, then 
+		 * copy the name in canonical form 
+		 */
+		ret = mdns_util_canonical_flags_and_name(message, message_length,
+			record_length, current_index, 2,
+			buffer, buffer_max, actual_record, actual_length);
+		break;
+
+	case GLDNS_RR_TYPE_NAPTR:
+	case GLDNS_RR_TYPE_SOA:
+	case GLDNS_RR_TYPE_RP:
+	case GLDNS_RR_TYPE_NXT:
+	case GLDNS_RR_TYPE_PX:
+	case GLDNS_RR_TYPE_ATMA:
+		/*
+		 * Group of record types that are complex, and also
+		 * unexpected in MDNS/DNS-SD operation. Copying the 
+		 * record directly will work as long as the sender
+		 * does not attempt name compression.
+		 * TODO: log some kind of error.
+		 */
+		break;
+#if 0
+
+			/**  RFC2915 */
+			GLDNS_RR_TYPE_NAPTR = 35,
+			/**  RFC2230 */
+			GLDNS_RR_TYPE_KX = 36,
+			/**  RFC2538 */
+			GLDNS_RR_TYPE_CERT = 37,
+			/**  RFC2874 */
+			GLDNS_RR_TYPE_A6 = 38,
+			/**  RFC2672 */
+			GLDNS_RR_TYPE_DNAME = 39,
+			/**  dnsind-kitchen-sink-02.txt */
+			GLDNS_RR_TYPE_SINK = 40,
+			/**  Pseudo OPT record... */
+			GLDNS_RR_TYPE_OPT = 41,
+			/**  RFC3123 */
+			GLDNS_RR_TYPE_APL = 42,
+			/**  RFC4034, RFC3658 */
+			GLDNS_RR_TYPE_DS = 43,
+			/**  SSH Key Fingerprint */
+			GLDNS_RR_TYPE_SSHFP = 44, /* RFC 4255 */
+									  /**  IPsec Key */
+			GLDNS_RR_TYPE_IPSECKEY = 45, /* RFC 4025 */
+										 /**  DNSSEC */
+			GLDNS_RR_TYPE_RRSIG = 46, /* RFC 4034 */
+			GLDNS_RR_TYPE_NSEC = 47, /* RFC 4034 */
+			GLDNS_RR_TYPE_DNSKEY = 48, /* RFC 4034 */
+
+			GLDNS_RR_TYPE_DHCID = 49, /* RFC 4701 */
+									  /* NSEC3 */
+			GLDNS_RR_TYPE_NSEC3 = 50, /* RFC 5155 */
+			GLDNS_RR_TYPE_NSEC3PARAM = 51, /* RFC 5155 */
+			GLDNS_RR_TYPE_NSEC3PARAMS = 51,
+			GLDNS_RR_TYPE_TLSA = 52, /* RFC 6698 */
+			GLDNS_RR_TYPE_SMIMEA = 53, /* draft-ietf-dane-smime, TLSA-like but may
+									   be extended */
+
+			GLDNS_RR_TYPE_HIP = 55, /* RFC 5205 */
+
+									/** draft-reid-dnsext-zs */
+			GLDNS_RR_TYPE_NINFO = 56,
+			/** draft-reid-dnsext-rkey */
+			GLDNS_RR_TYPE_RKEY = 57,
+			/** draft-ietf-dnsop-trust-history */
+			GLDNS_RR_TYPE_TALINK = 58,
+			GLDNS_RR_TYPE_CDS = 59, /** RFC 7344 */
+			GLDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */
+			GLDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
+			GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
+
+			GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
+
+			GLDNS_RR_TYPE_UINFO = 100,
+			GLDNS_RR_TYPE_UID = 101,
+			GLDNS_RR_TYPE_GID = 102,
+			GLDNS_RR_TYPE_UNSPEC = 103,
+
+			GLDNS_RR_TYPE_NID = 104, /* RFC 6742 */
+			GLDNS_RR_TYPE_L32 = 105, /* RFC 6742 */
+			GLDNS_RR_TYPE_L64 = 106, /* RFC 6742 */
+			GLDNS_RR_TYPE_LP = 107, /* RFC 6742 */
+
+									/** draft-jabley-dnsext-eui48-eui64-rrtypes */
+			GLDNS_RR_TYPE_EUI48 = 108,
+			GLDNS_RR_TYPE_EUI64 = 109,
+
+			GLDNS_RR_TYPE_TKEY = 249, /* RFC 2930 */
+			GLDNS_RR_TYPE_TSIG = 250,
+			GLDNS_RR_TYPE_IXFR = 251,
+			GLDNS_RR_TYPE_AXFR = 252,
+			/**  A request for mailbox-related records (MB, MG or MR) */
+			GLDNS_RR_TYPE_MAILB = 253,
+			/**  A request for mail agent RRs (Obsolete - see MX) */
+			GLDNS_RR_TYPE_MAILA = 254,
+			/**  any type (wildcard) */
+			GLDNS_RR_TYPE_ANY = 255,
+			GLDNS_RR_TYPE_URI = 256, /* RFC 7553 */
+			GLDNS_RR_TYPE_CAA = 257, /* RFC 6844 */
+#endif
+	default:
+		/* 
+		 * Unknown record type. Not expected in MDNS/DNS-SD. Just keep the current value. 
+		 * TODO: log some kind of error.
+		 */
+		break;
+	}
+
+	return ret;
+}
 /*
  * Comparison and other functions required for cache management
  */
@@ -256,7 +571,8 @@ static int mdns_cache_key_comp(void* vkey1, void* vkey2)
 /** old keys are deleted.
 * markdel() is used first.
 * This function is called: func(key, userarg)
-* the userarg is set to the context in which the LRU hash table was created
+* the userarg is set to the context in which the LRU hash table was created.
+* TODO: is there a need to free the lock in the embedded hash entry structure?
 */
 static void msdn_cache_delkey(void* vkey, void* vcontext)
 {
@@ -270,7 +586,6 @@ static void msdn_cache_delkey(void* vkey, void* vcontext)
  */
 static void msdn_cache_deldata(void* vdata, void* vcontext)
 {
-	/* need to terminate the pending queries? */
 	getdns_mdns_cached_record_header* header = ((getdns_mdns_cached_record_header*)vdata);
 
 	while (header->netreq_first)
@@ -302,6 +617,8 @@ static void msdn_cache_create_key_in_buffer(
 	int record_type, int record_class)
 {
 	getdns_mdns_cached_key_header * header = (getdns_mdns_cached_key_header*)key;
+
+	memset(key, 0, sizeof(getdns_mdns_cached_key_header));
 	header->record_type = record_type;
 	header->record_class = record_class;
 	header->name_len = name_len;
@@ -447,7 +764,7 @@ mdns_update_cache_ttl_and_prune(struct getdns_context *context,
 	int not_matched_yet = (record_data == NULL) ? 0 : 1;
 	int current_record_match;
 	int last_copied_index;
-	int current_hole_index;
+	int current_hole_index = 0;
 
 	/*
 	 * Skip the query
@@ -562,13 +879,17 @@ mdns_update_cache_ttl_and_prune(struct getdns_context *context,
 		*new_record = old_record;
 	}
 
-	/*
-	 * TODO: if there are no record left standing, return a signal that the cache should be pruned.
-	 */
-
 	return ret;
 }
 
+static int
+mdns_cache_nb_records_in_entry(uint8_t * cached_data)
+{
+	int message_index = sizeof(getdns_mdns_cached_record_header);
+	int nb_answers = (cached_data[message_index + 4] << 8) | cached_data[message_index + 5];
+
+	return nb_answers;
+}
 
 /*
 * Add entry function for the MDNS record cache.
@@ -606,9 +927,8 @@ mdns_propose_entry_to_cache(
 		key = mdns_cache_create_key(name, name_len, record_type, record_class, context);
 		data = mdns_cache_create_data(name, name_len, record_type, record_class,
 				record_data_len, current_time, context);
-		new_entry = GETDNS_XMALLOC(context->mf, struct lruhash_entry, 1);
 
-		if (key == NULL || data == NULL || new_entry == NULL)
+		if (key == NULL || data == NULL)
 		{
 			if (key != NULL)
 			{
@@ -621,16 +941,11 @@ mdns_propose_entry_to_cache(
 				GETDNS_FREE(context->mf, data);
 				data = NULL;
 			}
-
-			if (new_entry != NULL)
-			{
-				GETDNS_FREE(context->mf, new_entry);
-				new_entry = NULL;
-			}
-
 		}
 		else
 		{
+			new_entry = &((getdns_mdns_cached_key_header*)key)->entry;
+
 			memset(new_entry, 0, sizeof(struct lruhash_entry));
 			lock_rw_init(new_entry->lock);
 			new_entry->hash = hash;
@@ -641,8 +956,13 @@ mdns_propose_entry_to_cache(
 
 			if (entry != new_entry)
 			{
-				lock_rw_destroy(new_entry->lock);
-				GETDNS_FREE(context->mf, new_entry);
+				/* There was already an entry for this name, which is really weird. 
+				 * But it can in theory happen in a race condition.
+				 */
+				GETDNS_FREE(context->mf, key);
+				key = NULL;
+				GETDNS_FREE(context->mf, data);
+				data = NULL;
 			}
 		}
 	}
@@ -663,41 +983,87 @@ mdns_propose_entry_to_cache(
 			header->netreq_first = netreq;
 		}
 
+		/* if the entry is empty, move it to the bottom of the LRU */
+		if (mdns_cache_nb_records_in_entry((uint8_t*)(entry->data)) == 0)
+		{
+			lru_demote(context->mdns_cache, entry);
+		}
+
 		/* then, unlock the entry */
 		lock_rw_unlock(entry->lock);
-
-		/* TODO: if the entry was marked for deletion, move it to the bottom of the LRU */
 	} 
 
 	return ret;
 }
 
 /*
- * Compare function for the mdns_continuous_query_by_name_rrtype,
- * used in the red-black tree of all ongoing queries.
+ * Processing of requests after cache update.
+ * This is coded as synchronous processing, under lock. This is probably wrong.
+ * It would be better to just collate the responses for now, and 
+ * process the queries out of the loop.
  */
-static int mdns_cmp_continuous_queries_by_name_rrtype(const void * nqnr1, const void * nqnr2)
+static int
+mdns_cache_complete_queries(
+	struct getdns_context *context,
+	uint8_t * name, int name_len,
+	int record_type, int record_class)
 {
 	int ret = 0;
-	getdns_mdns_continuous_query * qnr1 = (getdns_mdns_continuous_query *)nqnr1;
-	getdns_mdns_continuous_query * qnr2 = (getdns_mdns_continuous_query *)nqnr2;
+	size_t required_memory = 0;
+	uint8_t temp_key[256 + sizeof(getdns_mdns_cached_key_header)];
+	hashvalue_type hash;
+	struct lruhash_entry *entry;
+	uint8_t *packet;
+	int packet_length;
+	getdns_mdns_cached_record_header * header;
+	getdns_network_req * netreq;
 
-	if (qnr1->request_class != qnr2->request_class) 
+	msdn_cache_create_key_in_buffer(temp_key, name, name_len, record_type, record_class);
+
+
+	/* TODO: make hash init value a random number in the context, for defense against DOS */
+	hash = hashlittle(temp_key, name_len + sizeof(getdns_mdns_cached_key_header), 0xCAC8E);
+
+	entry = lruhash_lookup(context->mdns_cache, hash, temp_key, 1);
+
+	if (entry != NULL && entry->data != NULL)
 	{
-		ret = (qnr1->request_class < qnr2->request_class) ? -1 : 1;
-	} 
-	else if (qnr1->request_type != qnr2->request_type)
-	{
-		ret = (qnr1->request_type < qnr2->request_type) ? -1 : 1;
-	}
-	else if (qnr1->name_len != qnr2->name_len)
-	{
-		ret = (qnr1->name_len < qnr2->name_len) ? -1 : 1;
-	}
-	else
-	{
-		ret = memcmp((void*)qnr1->name, (void*)qnr2->name, qnr1->name_len);
+		header = (getdns_mdns_cached_record_header *)entry->data;
+
+		packet = ((uint8_t *)entry->data) + sizeof(getdns_mdns_cached_record_header);
+		packet_length = header->content_len; /* TODO: check that */
+
+		while ((netreq = header->netreq_first) != NULL)
+		{
+			header->netreq_first = netreq->mdns_netreq_next;
+			netreq->mdns_netreq_next = NULL;
+			/* TODO: copy the returned value in the response field  */
+			if (packet_length > netreq->wire_data_sz)
+			{
+				/* TODO: allocation. */
+			}
+
+			if (netreq->response != NULL)
+			{
+				memcpy(netreq->response, packet, packet_length);
+				/* TODO: process the query */
+				netreq->response_len = packet_length;
+				netreq->debug_end_time = _getdns_get_time_as_uintt64();
+				netreq->state = NET_REQ_FINISHED;
+				_getdns_check_dns_req_complete(netreq->owner);
+			}
+			else
+			{
+				/* Fail the query? */
+				netreq->response_len = 0;
+				netreq->debug_end_time = _getdns_get_time_as_uintt64();
+				netreq->state = NET_REQ_ERRORED;
+				_getdns_check_dns_req_complete(netreq->owner);
+			}
+		}
+		lock_rw_unlock(entry->lock);
 	}
+
 	return ret;
 }
 
@@ -708,10 +1074,13 @@ static void
 mdns_udp_multicast_read_cb(void *userarg)
 {
 	mdns_network_connection * cnx = (mdns_network_connection *)userarg;
+	uint64_t current_time;
 	ssize_t       read;
 	DEBUG_MDNS("%s %-35s: CTX: %p, NET=%d \n", MDNS_DEBUG_MREAD,
 		__FUNCTION__, cnx->context, cnx->addr_mcast.ss_family);
 
+	current_time = _getdns_get_time_as_uintt64();
+
 	GETDNS_CLEAR_EVENT(
 		cnx->context->extension, &cnx->event);
 
@@ -725,13 +1094,128 @@ mdns_udp_multicast_read_cb(void *userarg)
 	if (read >= GLDNS_HEADER_SIZE)
 	{
 		/* parse the response, find the relevant queries, submit the records to the cache */
+		int opcodeAndflags = cnx->response[2];
+		int nb_queries = (cnx->response[4] << 8) | cnx->response[5];
+		int nb_responses = (cnx->response[6] << 8) | cnx->response[7];
 
-		/*
-		netreq->response_len = read;
-		netreq->debug_end_time = _getdns_get_time_as_uintt64();
-		netreq->state = NET_REQ_FINISHED;
-		_getdns_check_dns_req_complete(dnsreq);
-		*/
+		if (opcodeAndflags != 0x84)
+		{
+			/* this is not an MDNS answer packet. */
+		}
+		else
+		{
+			size_t current_index = 12;
+			uint8_t name[256];
+			int name_len;
+			int record_type;
+			int record_class;
+			int record_ttl;
+			int record_data_len;
+			int nb_records = 0;
+			int nb_queries_skipped = 0;
+			int start_of_records;
+			int signalled_records = 0;
+
+			/*
+			 * In normal mDNS operation, there should not be any query here. 
+			 * But just in case, we can skip the queries...
+			 */
+			while (current_index < read && nb_queries_skipped < nb_queries)
+			{
+				current_index += mdns_util_skip_query(&cnx->response[current_index]);
+				nb_queries_skipped++;
+			}
+			start_of_records = current_index;
+			/*
+			 * Parse the answers and propose them to the cache
+			 */
+
+			while (current_index < read && nb_records < nb_responses)
+			{
+				/* Copy and skip the name */
+				current_index = mdns_util_copy_name(cnx->response, read, current_index,
+					name, sizeof(name), 0, &name_len);
+				if (current_index + 12 >= read)
+				{
+					/* bogus packet.. Should log. */
+					current_index = read;
+				}
+				else
+				{
+					/* Parse the record header */
+					record_type = (cnx->response[current_index++] << 8);
+					record_type |= (cnx->response[current_index++]);
+					record_class = (cnx->response[current_index++] << 8);
+					record_class |= (cnx->response[current_index++]);
+					record_ttl = (cnx->response[current_index++] << 24);
+					record_ttl |= (cnx->response[current_index++] << 16);
+					record_ttl |= (cnx->response[current_index++] << 8);
+					record_ttl |= (cnx->response[current_index++]);
+					record_data_len = (cnx->response[current_index++] << 8);
+					record_data_len |= (cnx->response[current_index++]);
+
+					if (current_index + record_data_len < read)
+					{
+						/* 
+						 * Set the record to canonical form. This is required, since 
+						 * MDNS software commonly uses name compression for PTR or SRV records.
+						 */
+						int actual_length;
+						uint8_t *actual_record;
+						uint8_t buffer[1024];
+
+						/* TODO: do something in case of canonization failures */
+						(void) mdns_util_canonical_record(cnx->response, read,
+							record_type, record_class, record_data_len, current_index,
+							buffer, sizeof(buffer), &actual_record, &actual_length);
+
+
+						/* Submit to the cache. As a side effect, may signal that a continuous request is done. */
+						(void) mdns_propose_entry_to_cache(cnx->context, name, name_len,
+							record_type, record_class, record_ttl,
+							actual_record, actual_length, NULL,
+							current_time);
+
+						current_index += record_data_len;
+						nb_records++;
+					}
+					else
+					{
+						/* bogus packet.. Should log. */
+						current_index = read;
+					}
+				}
+			}
+
+			/* Go over the queries that were mentioned in the update, and prepare returns. */
+			current_index = start_of_records;
+			while (current_index < read && signalled_records < nb_responses)
+			{
+				/* copy the name */
+				current_index = mdns_util_copy_name(cnx->response, read, current_index,
+					name, sizeof(name), 0, &name_len);
+				if (current_index + 12 >= read)
+				{
+					/* bogus packet.. Should log. */
+					current_index = read;
+				}
+				else
+				{
+					/* Parse the record header */
+					record_type = (cnx->response[current_index++] << 8);
+					record_type |= (cnx->response[current_index++]);
+					record_class = (cnx->response[current_index++] << 8);
+					record_class |= (cnx->response[current_index++]);
+					current_index += 4;
+					record_data_len = (cnx->response[current_index++] << 8);
+					record_data_len |= (cnx->response[current_index++]);
+					current_index += record_data_len;
+
+					/* process the pending requests */
+					(void)mdns_cache_complete_queries(cnx->context, name, name_len, record_type, record_class);
+				}
+			}
+		}
 	}
 	else
 	{
@@ -999,11 +1483,68 @@ static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *ne
 	getdns_dns_req *dnsreq = netreq->owner;
 	struct getdns_context *context = dnsreq->context;
 
-	ret = mdns_propose_entry_to_cache(context, dnsreq->name, dnsreq->name_len,
-		netreq->request_type, dnsreq->request_class, 1, NULL, 0,
-		netreq, _getdns_get_time_as_uintt64());
+	size_t required_memory = 0;
+	uint8_t temp_key[256 + sizeof(getdns_mdns_cached_key_header)];
+	hashvalue_type hash;
+	struct lruhash_entry *entry;
+	size_t pkt_len = netreq->response - netreq->query;
 
-	/* to do: queue message request to socket */
+	msdn_cache_create_key_in_buffer(temp_key, dnsreq->name, dnsreq->name_len,
+		netreq->request_type, dnsreq->request_class);
+
+	/* TODO: make hash init value a random number in the context, for defense against DOS */
+	hash = hashlittle(temp_key, dnsreq->name_len + sizeof(getdns_mdns_cached_key_header), 0xCAC8E);
+
+	entry = lruhash_lookup(context->mdns_cache, hash, temp_key, 1);
+
+	if (entry == NULL)
+	{
+		/*
+		 * First, create an entry for the query
+		 */
+
+		ret = mdns_propose_entry_to_cache(context, dnsreq->name, dnsreq->name_len,
+			netreq->request_type, dnsreq->request_class, 1, NULL, 0,
+			netreq, _getdns_get_time_as_uintt64());
+	}
+	else
+	{
+		/*
+		 * Check whether the cache entry is recent.
+		 * If yes, just return it, but first update the entry tracking in the cache entry.
+		 */
+
+		 /*
+		  * and unlock the entry!
+		  */
+	}
+
+	if (ret == 0)
+	{
+		/* If the entry was created less than 1 sec ago, send a query */
+
+		if (context->mdns_connection_nb <= 0)
+		{
+			/* oops, no network! */
+			ret = GETDNS_RETURN_GENERIC_ERROR;
+		}
+		else
+		{
+			/* TODO? Set TTL=255 for compliance with RFC 6762 */
+			int fd_index = context->mdns_connection_nb - 1;
+
+			if ((ssize_t)pkt_len != sendto(
+				context->mdns_connection[fd_index].fd
+				, (const void *)netreq->query, pkt_len, 0
+				, (SOCKADDR*)&context->mdns_connection[fd_index].addr_mcast
+				, context->mdns_connection[fd_index].addr_mcast_len))
+			{
+				ret = GETDNS_RETURN_GENERIC_ERROR;
+			}
+
+			/* TODO: update the send query time */
+		}
+	}
 
 	return ret;
 }
@@ -1103,9 +1644,9 @@ mdns_timeout_cb(void *userarg)
 
 
 
-/**************************/
-/* UDP callback functions */
-/**************************/
+/*****************************************/
+/* UDP callback functions for basic MDNS */
+/*****************************************/
 
 static void
 mdns_udp_read_cb(void *userarg)
@@ -1220,21 +1761,50 @@ _getdns_submit_mdns_request(getdns_network_req *netreq)
 		netreq, netreq->request_type);
 	int fd = -1;
 	getdns_dns_req *dnsreq = netreq->owner;
+	struct getdns_context * context = dnsreq->context;
+	getdns_return_t ret = 0;
 
-	/* Open the UDP socket required for the request */
-	if ((fd = socket(
-		AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1)
-		return -1;
-	/* TODO: do we need getdns_sock_nonblock(fd); */
+	/*
+	 * TO DO: depending on context type, perform basic processing versus full MDNS
+	 */
 
-	/* Schedule the MDNS request */
-	netreq->fd = fd;
-	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
-	GETDNS_SCHEDULE_EVENT(
-		dnsreq->loop, netreq->fd, dnsreq->context->timeout,
-		getdns_eventloop_event_init(&netreq->event, netreq,
-			NULL, mdns_udp_write_cb, mdns_timeout_cb));
-	return GETDNS_RETURN_GOOD;
+	if (context->mdns_extended_support == 2)
+	{
+		/* Not initialize yet. Do it know before processing the query */
+		ret = mdns_delayed_network_init(context);
+
+		if (ret != 0)
+		{
+			return ret;
+		}
+	}
+
+	if (context->mdns_extended_support == 1)
+	{
+		/* extended DNS support */
+		ret = mdns_initialize_continuous_request(netreq);
+	}
+	else
+	{
+		/* basic MDNS request */
+
+		/* Open the UDP socket required for the request */
+		if ((fd = socket(
+			AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1)
+			return -1;
+		/* TODO: do we need getdns_sock_nonblock(fd); */
+
+		/* Schedule the MDNS request */
+		netreq->fd = fd;
+		GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
+		GETDNS_SCHEDULE_EVENT(
+			dnsreq->loop, netreq->fd, dnsreq->context->timeout,
+			getdns_eventloop_event_init(&netreq->event, netreq,
+				NULL, mdns_udp_write_cb, mdns_timeout_cb));
+		ret = GETDNS_RETURN_GOOD;
+	}
+
+	return ret;
 }
 
 /*
diff --git a/src/mdns.h b/src/mdns.h
index 9642bde1..91f3c2a3 100644
--- a/src/mdns.h
+++ b/src/mdns.h
@@ -24,6 +24,7 @@
 #ifdef HAVE_MDNS_SUPPORT
 #include "getdns/getdns.h"
 #include "types-internal.h"
+#include "util/storage/lruhash.h"
 
 getdns_return_t
 _getdns_submit_mdns_request(getdns_network_req *netreq);
@@ -51,20 +52,26 @@ typedef struct getdns_mdns_known_record
 
 /* 
  * Each entry in the hash table is keyed by type, class and name.
+ * The key structure also contains the LRU hash entry structure.
  * The data part contains:
  * - 64 bit time stamp
  * - 32 bit word describing the record size
  * - 32 bit word describing teh allocated memory size
  * - valid DNS response, including 1 query and N answers, 0 AUTH, 0 AD.
- * For economy, all answers are encoded using header compression, pointing
- * to the name in the query, i.e. offset 12 from beginning of message
+ * For economy, the names of all answers are encoded using header compression, pointing
+ * to the name in the query, i.e. offset 12 from beginning of message.
+ * For stability, the names included in the data part of records are not compressed.
  */
 
 typedef struct getdns_mdns_cached_key_header
 {
+	/* embedded entry, for LRU hash */
+	struct lruhash_entry entry;
+	/* identification */
 	uint16_t record_type;
 	uint16_t record_class;
 	int name_len;
+	/* the octets following this structure contain the name */
 } getdns_mdns_cached_key_header;
 
 typedef struct getdns_mdns_cached_record_header

From bbd2fb8cf05a39eb42a688ed8b3f7ac0ffa400a3 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 27 Feb 2017 14:30:44 -0800
Subject: [PATCH 159/249] Although safe, a bit scary

---
 src/stub.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/stub.c b/src/stub.c
index 148c1a2b..e905f600 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -877,10 +877,12 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 
 	/* First deal with the hostname authentication done by OpenSSL. */
 #ifdef X509_V_ERR_HOSTNAME_MISMATCH
+# if defined(STUB_DEBUG) && STUB_DEBUG
 	/*Report if error is hostname mismatch*/
 	if (err == X509_V_ERR_HOSTNAME_MISMATCH && upstream->tls_fallback_ok)
 			DEBUG_STUB("%s %-35s: FD:  %d WARNING: Proceeding even though hostname validation failed!\n",
 		                STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
+# endif
 #else
 	/* if we weren't built against OpenSSL with hostname matching we
 	 * could not have matched the hostname, so this would be an automatic

From 6a9e2f4a56894a8b6d66c4cc5668a08d6981ff58 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 27 Feb 2017 16:22:52 -0800
Subject: [PATCH 160/249] Base64 primitive in json input

---
 src/convert.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 65 insertions(+), 3 deletions(-)

diff --git a/src/convert.c b/src/convert.c
index 11919107..6e05bdfe 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -1204,6 +1204,66 @@ static int _jsmn_get_ipdict(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 	return *value != NULL;
 }
 
+static int _jsmn_get_base64_data(struct mem_funcs *mf, const char *js, jsmntok_t *t,
+    getdns_bindata **value)
+{
+	int e, i;
+	int size = t->end - t->start;
+	char value_str_buf[1025];
+	char *value_str;
+	size_t target_buf_size;
+
+	assert(size >= 4);
+
+	if (size % 4 != 0)
+		return 0;
+
+	e = t->end;
+	if (js[e - 1] == '=') e -= 1;
+	if (js[e - 1] == '=') e -= 1;
+
+	for (i = t->start; i < e; i++)
+		if (!((js[i] >= '0' && js[i] <= '9')
+		    ||(js[i] >= 'a' && js[i] <= 'z')
+		    ||(js[i] >= 'A' && js[i] <= 'Z')
+		    || js[i] == '+' || js[i] == '/'))
+			return 0;
+
+	target_buf_size = gldns_b64_pton_calculate_size(size);
+	if (!(*value = GETDNS_MALLOC(*mf, getdns_bindata)))
+		return 0;
+
+	else if (!((*value)->data = GETDNS_XMALLOC(
+	    *mf, uint8_t, target_buf_size))) {
+		GETDNS_FREE(*mf, *value);
+		return 0;
+	}
+	if (size <= 0 || size >= (int)sizeof(value_str) || js[t->end - 1] != '.')
+		return 0;
+
+	if ((size_t)size >= sizeof(value_str_buf))
+		value_str = GETDNS_XMALLOC(*mf, char, size + 1);
+	else	value_str = value_str_buf;
+	
+	if (value_str) {
+		(void) memcpy(value_str, js + t->start, size);
+		value_str[size] = '\0';
+
+		e = gldns_b64_pton(value_str, (*value)->data, target_buf_size);
+
+		if (value_str != value_str_buf)
+			GETDNS_FREE(*mf, value_str);
+
+		if (e > 0) {
+			(*value)->size = e;
+			return 1;
+		}
+	}
+	GETDNS_FREE(*mf, (*value)->data);
+	GETDNS_FREE(*mf,  *value);
+	return 0;
+}
+
 static int _jsmn_get_data(struct mem_funcs *mf, const char *js, jsmntok_t *t,
     getdns_bindata **value)
 {
@@ -1211,15 +1271,17 @@ static int _jsmn_get_data(struct mem_funcs *mf, const char *js, jsmntok_t *t,
 	size_t j;
 	uint8_t h, l;
 
-	if ((t->end - t->start) < 4 || (t->end - t->start) % 2 == 1 ||
-	    js[t->start] != '0' || js[t->start + 1] != 'x')
+	if ((t->end - t->start) < 4 || (t->end - t->start) % 2 == 1)
 		return 0;
 
+	if (js[t->start] != '0' || js[t->start + 1] != 'x')
+		return _jsmn_get_base64_data(mf, js, t, value);
+
 	for (i = t->start + 2; i < t->end; i++)
 		if (!((js[i] >= '0' && js[i] <= '9')
 		    ||(js[i] >= 'a' && js[i] <= 'f')
 		    ||(js[i] >= 'A' && js[i] <= 'F')))
-			return 0;
+			return _jsmn_get_base64_data(mf, js, t, value);
 
 	if (!(*value = GETDNS_MALLOC(*mf, getdns_bindata)))
 		return 0;

From 09baade01693063fdc21dd600b959be9bb36cc7e Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 28 Feb 2017 07:28:18 -0800
Subject: [PATCH 161/249] Print pinsets Bas64 too

+ bugfix in reading base64
+ base64 pinsets in stubby.conf
---
 src/convert.c         |  3 ---
 src/dict.c            | 38 ++++++++++++++++++++++++++++++++++++++
 src/tools/stubby.conf | 16 ++++++++--------
 3 files changed, 46 insertions(+), 11 deletions(-)

diff --git a/src/convert.c b/src/convert.c
index 6e05bdfe..6417c6d1 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -1238,9 +1238,6 @@ static int _jsmn_get_base64_data(struct mem_funcs *mf, const char *js, jsmntok_t
 		GETDNS_FREE(*mf, *value);
 		return 0;
 	}
-	if (size <= 0 || size >= (int)sizeof(value_str) || js[t->end - 1] != '.')
-		return 0;
-
 	if ((size_t)size >= sizeof(value_str_buf))
 		value_str = GETDNS_XMALLOC(*mf, char, size + 1);
 	else	value_str = value_str_buf;
diff --git a/src/dict.c b/src/dict.c
index 23b42531..b8c9db99 100644
--- a/src/dict.c
+++ b/src/dict.c
@@ -51,6 +51,7 @@
 #include "const-info.h"
 #include "gldns/gbuffer.h"
 #include "gldns/wire2str.h"
+#include "gldns/parseutil.h"
 
 
 static char *_json_ptr_first(const struct mem_funcs *mf,
@@ -731,6 +732,33 @@ _getdns_bindata_is_dname(getdns_bindata *bindata)
 		bindata->data[bindata->size - 1] == 0;
 }
 
+static int
+getdns_pp_base64(gldns_buffer *buf, getdns_bindata *bindata)
+{
+	size_t p = gldns_buffer_position(buf);
+	size_t base64str_sz;
+	char *target;
+	size_t avail;
+
+	if (gldns_buffer_printf(buf, " <bindata of ") < 0)
+		return -1;
+
+	base64str_sz = gldns_b64_ntop_calculate_size(bindata->size);
+	target = (char *)gldns_buffer_current(buf);
+	avail = gldns_buffer_remaining(buf);
+	if (avail >= base64str_sz)
+		gldns_buffer_skip(buf, gldns_b64_ntop(
+		    bindata->data, bindata->size,
+		    target, base64str_sz));
+	else
+		gldns_buffer_skip(buf, base64str_sz);
+
+	if (gldns_buffer_printf(buf, ">") < 0)
+		return -1;
+
+	return gldns_buffer_position(buf) - p;
+}
+
 /*---------------------------------------- getdns_pp_bindata */
 /**
  * private function to pretty print bindata to a gldns_buffer
@@ -1094,6 +1122,16 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 				              )) < 0)
 					return -1;
 	
+			} else if (!json &&
+			    (strcmp(item->node.key, "pin-sha256") == 0 ||
+			     strcmp(item->node.key, "value") == 0) &&
+			     item->i.data.bindata->size > 0 &&
+			     item->i.data.bindata->size % 4 == 0) {
+
+				if (getdns_pp_base64(buf,
+				    item->i.data.bindata) < 0)
+					return -1;
+
 			} else if (getdns_pp_bindata(
 			    buf, item->i.data.bindata,
 			    (strcmp(item->node.key, "rdata_raw") == 0),
diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf
index 054a9256..1055e277 100644
--- a/src/tools/stubby.conf
+++ b/src/tools/stubby.conf
@@ -5,54 +5,54 @@
     , tls_auth_name: "dnsovertls.sinodun.com"
     , tls_pubkey_pinset:
       [ { digest: "sha256"
-        , value: 0xEB694ABBD1EC0D56F288F7A70299DCE2C7E64984C73957C580BDE9C81F9C04BE
+        , value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
       } ] 
     },
     { address_data: 145.100.185.16
     , tls_auth_name: "dnsovertls1.sinodun.com"
     , tls_pubkey_pinset:
       [ { digest: "sha256"
-        , value: 0x704D9E7002DE13907EBAB2610EB26554599FDFC7092C0BEA7A438DBE3BE9A940
+        , value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
       } ] 
     },
     { address_data: 185.49.141.38
     , tls_auth_name: "getdnsapi.net"
     , tls_pubkey_pinset:
       [ { digest: "sha256"
-        , value: 0x7e8c59467221f606695a797ecc488a6b4109dab7421aba0c5a6d3681ac5273d4
+        , value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
       } ]
     },
     { address_data: 2001:610:1:40ba:145:100:185:15
     , tls_auth_name: "dnsovertls.sinodun.com"
     , tls_pubkey_pinset:
       [ { digest: "sha256"
-        , value: 0xEB694ABBD1EC0D56F288F7A70299DCE2C7E64984C73957C580BDE9C81F9C04BE
+        , value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
       } ] 
     },
     { address_data: 2001:610:1:40ba:145:100:185:16
     , tls_auth_name: "dnsovertls1.sinodun.com"
     , tls_pubkey_pinset:
       [ { digest: "sha256"
-        , value: 0x704D9E7002DE13907EBAB2610EB26554599FDFC7092C0BEA7A438DBE3BE9A940
+        , value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
       } ] 
     },
     { address_data: 2a04:b900:0:100::38
     , tls_auth_name: "getdnsapi.net"
     , tls_pubkey_pinset:
       [ { digest: "sha256"
-        , value: 0x7e8c59467221f606695a797ecc488a6b4109dab7421aba0c5a6d3681ac5273d4
+        , value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
       } ]
     },
     { address_data: 184.105.193.78
     , tls_pubkey_pinset:
       [ { digest: "sha256"
-        , value: 0xA4E5EBA54B7D9203E06D6C411457014DB447DA17A8DB01F05E9D5F7780045572
+        , value: pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=
       } ]
     },
     { address_data: 2620:ff:c000:0:1::64:25
     , tls_pubkey_pinset:
       [ { digest: "sha256"
-        , value: 0xA4E5EBA54B7D9203E06D6C411457014DB447DA17A8DB01F05E9D5F7780045572
+        , value: pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=
       } ]
     }
   ]

From 40585290811b6eb848121e1a86d9470ffff42a36 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Fri, 3 Mar 2017 16:52:02 -0800
Subject: [PATCH 162/249] First version of the MDNS multicast client that
 actually works.

---
 src/mdns.c | 513 ++++++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 429 insertions(+), 84 deletions(-)

diff --git a/src/mdns.c b/src/mdns.c
index 7923585c..9efef1ff 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -85,6 +85,10 @@ static uint8_t mdns_suffix_b_e_f_ip6_arpa[] = {
 	3, 'i', 'p', '6',
 	4, 'a', 'r', 'p', 'a', 0 };
 
+#define MDNS_PACKET_INDEX_QCODE 2
+#define MDNS_PACKET_INDEX_QUERY 4
+#define MDNS_PACKET_INDEX_ANSWER 6
+
 /*
  * MDNS cache management using LRU Hash.
  *
@@ -607,6 +611,19 @@ static void msdn_cache_deldata(void* vdata, void* vcontext)
 	GETDNS_FREE(((struct getdns_context *) vcontext)->mf, vdata);
 }
 
+/*
+ * Read the number of answers in a cached record
+ */
+static int
+mdns_cache_nb_records_in_entry(uint8_t * cached_data)
+{
+	int message_index = sizeof(getdns_mdns_cached_record_header);
+	int nb_answers = (cached_data[message_index + MDNS_PACKET_INDEX_ANSWER] << 8) | 
+		cached_data[message_index + MDNS_PACKET_INDEX_ANSWER + 1];
+
+	return nb_answers;
+}
+
 /*
  * Create a key in preallocated buffer
  * the allocated size of key should be >= sizeof(getdns_mdns_cached_key_header) + name_len
@@ -663,6 +680,7 @@ static uint8_t * mdns_cache_create_data(
 		header->netreq_first = NULL;
 		current_index = sizeof(getdns_mdns_cached_record_header);
 		memset(data + current_index, 0, 12);
+		data[current_index + MDNS_PACKET_INDEX_QUERY + 1] = 1; /* 1 query present by default */
 		current_index += 12;
 		memcpy(data + current_index, name, name_len);
 		current_index += name_len;
@@ -691,13 +709,13 @@ mdns_add_record_to_cache_entry(struct getdns_context *context,
 	uint32_t record_length = 2 + 2 + 2 + 4 + 2 + record_data_len;
 	uint32_t current_length = header->content_len;
 	/* update the number of records */
-	uint8_t *start_answer_code = old_record + sizeof(getdns_mdns_cached_record_header) + 2 + 2;
+	uint8_t *start_answer_code = old_record + sizeof(getdns_mdns_cached_record_header) + MDNS_PACKET_INDEX_ANSWER;
 	uint16_t nb_answers = (start_answer_code[0] << 8) + start_answer_code[1];
 	nb_answers++;
 	start_answer_code[0] = (uint8_t)(nb_answers >> 8);
 	start_answer_code[1] = (uint8_t)(nb_answers&0xFF);
 
-	/* Update the content length */
+	/* Update the content length and reallocate memory if needed */
 	header->content_len += record_length;
 	if (header->content_len > header->allocated_length)
 	{
@@ -722,7 +740,7 @@ mdns_add_record_to_cache_entry(struct getdns_context *context,
 		/* copy the record */
 		/* First, point name relative to beginning of DNS message */
 		(*new_record)[current_length++] = 0xC0;
-		(*new_record)[current_length++] = 0x12;
+		(*new_record)[current_length++] = 12;
 		/* encode the components of the per record header */
 		(*new_record)[current_length++] = (uint8_t)((record_type >> 8) & 0xFF);
 		(*new_record)[current_length++] = (uint8_t)((record_type)& 0xFF);
@@ -735,6 +753,7 @@ mdns_add_record_to_cache_entry(struct getdns_context *context,
 		(*new_record)[current_length++] = (uint8_t)((record_data_len >> 8) & 0xFF);
 		(*new_record)[current_length++] = (uint8_t)((record_data_len) & 0xFF);
 		memcpy(*new_record + current_length, record_data, record_data_len);
+
 	}
 
 	return ret;
@@ -765,14 +784,17 @@ mdns_update_cache_ttl_and_prune(struct getdns_context *context,
 	int current_record_match;
 	int last_copied_index;
 	int current_hole_index = 0;
+	int record_name_length = 0;
+	int record_ttl_index = 0;
 
 	/*
 	 * Skip the query
 	 */
 	message_index = sizeof(getdns_mdns_cached_record_header);
-	nb_answers = (old_record[message_index + 4] << 8) | old_record[message_index + 5];
+	nb_answers = (old_record[message_index + MDNS_PACKET_INDEX_ANSWER] << 8) |
+		old_record[message_index + MDNS_PACKET_INDEX_ANSWER + 1];
 	nb_answers_left = nb_answers;
-	answer_index = mdns_util_skip_query(old_record + message_index + 12);
+	answer_index = message_index + 12 + mdns_util_skip_query(old_record + message_index + 12);
 	last_copied_index = answer_index;
 
 	/*
@@ -780,19 +802,22 @@ mdns_update_cache_ttl_and_prune(struct getdns_context *context,
 	 */
 	for (int i = 0; i < nb_answers; i++)
 	{
-		current_record_ttl = (old_record[answer_index + 2 + 2 + 2] << 24)
-			| (old_record[answer_index + 2 + 2 + 2 + 1] << 16)
-			| (old_record[answer_index + 2 + 2 + 2 + 2] << 8)
-			| (old_record[answer_index + 2 + 2 + 2 + 3]);
+		record_name_length = mdns_util_skip_name(old_record + answer_index);
+		record_ttl_index = answer_index + record_name_length + 2 + 2;
 
-		current_record_data_len = (old_record[answer_index + 2 + 2 + 2 + 4] << 8)
-			| (old_record[answer_index + 2 + 2 + 2 + 4 + 1]);
+		current_record_ttl = (old_record[record_ttl_index] << 24)
+			| (old_record[record_ttl_index + 1] << 16)
+			| (old_record[record_ttl_index + 2] << 8)
+			| (old_record[record_ttl_index + 3]);
 
-		current_record_length = 2 + 2 + 2 + 4 + 2 + current_record_data_len;
+		current_record_data_len = (old_record[record_ttl_index + 4] << 8)
+			| (old_record[record_ttl_index + 5]);
+
+		current_record_length = record_name_length + 2 + 2 + 4 + 2 + current_record_data_len;
 
 		if (not_matched_yet &&
 		    current_record_data_len == record_data_len &&
-			memcmp(old_record + answer_index + 2 + 2 + 2 + 4 + 2, record_data, record_data_len) == 0)
+			memcmp(old_record + record_ttl_index + 4 + 2, record_data, record_data_len) == 0)
 		{
 			current_record_match = 1;
 			not_matched_yet = 0;
@@ -813,7 +838,7 @@ mdns_update_cache_ttl_and_prune(struct getdns_context *context,
 			}
 		}
 
-		if (current_record_ttl != 0)
+		if (current_record_ttl == 0)
 		{
 			nb_answers_left--;
 
@@ -833,42 +858,43 @@ mdns_update_cache_ttl_and_prune(struct getdns_context *context,
 				last_copied_index += answer_index - current_hole_index;
 			}
 			
-			/* in all cases, the current hole begins after the message's encoding */
+			/* extend the current hole */
 			current_hole_index = answer_index + current_record_length;
 		}
 		else
 		{
 			/* keeping this record, but updating the TTL */
-			old_record[answer_index + 2 + 2 + 2] = (uint8_t)(current_record_ttl >> 24);
-			old_record[answer_index + 2 + 2 + 2 + 1] = (uint8_t)(current_record_ttl >> 16);
-			old_record[answer_index + 2 + 2 + 2 + 2] = (uint8_t)(current_record_ttl >> 8);
-			old_record[answer_index + 2 + 2 + 2 + 3] = (uint8_t)(current_record_ttl);
+			old_record[record_ttl_index] = (uint8_t)(current_record_ttl >> 24);
+			old_record[record_ttl_index + 1] = (uint8_t)(current_record_ttl >> 16);
+			old_record[record_ttl_index + 2] = (uint8_t)(current_record_ttl >> 8);
+			old_record[record_ttl_index + 3] = (uint8_t)(current_record_ttl);
 		}
 		/* progress to the next record */
 		answer_index += current_record_length;
 	}
 
 	/* if necessary, copy the pending data */
-	if (current_hole_index != answer_index)
+	if (current_hole_index != answer_index && current_hole_index != 0)
 	{
 		/* copy the data from hole to last answer */
 		memmove(old_record + last_copied_index, old_record + current_hole_index,
 			answer_index - current_hole_index);
 		last_copied_index += answer_index - current_hole_index;
+		answer_index = last_copied_index;
 	}
 
 	/* if some records were deleted, update the record headers */
 	if (nb_answers != nb_answers_left)
 	{
 		header->content_len = last_copied_index;
-		old_record[message_index + 4] = (uint8_t)(nb_answers >> 8);
-		old_record[message_index + 5] = (uint8_t)(nb_answers);
+		old_record[message_index + MDNS_PACKET_INDEX_ANSWER] = (uint8_t)(nb_answers_left >> 8);
+		old_record[message_index + MDNS_PACKET_INDEX_ANSWER + 1] = (uint8_t)(nb_answers_left);
 	}
 
 	/*
 	* if the update was never seen, ask for an addition
 	*/
-	if (ttl == 0 && not_matched_yet)
+	if (ttl > 0 && not_matched_yet)
 	{
 		mdns_add_record_to_cache_entry(context, old_record, new_record,
 			record_type, record_class, ttl, record_data, record_data_len);
@@ -882,15 +908,30 @@ mdns_update_cache_ttl_and_prune(struct getdns_context *context,
 	return ret;
 }
 
-static int
-mdns_cache_nb_records_in_entry(uint8_t * cached_data)
+/*
+ * Get a cached entry by name and record type .
+ */
+static struct lruhash_entry *
+mdns_access_cached_entry_by_name(
+struct getdns_context *context,
+	uint8_t * name, int name_len,
+	int record_type, int record_class)
 {
-	int message_index = sizeof(getdns_mdns_cached_record_header);
-	int nb_answers = (cached_data[message_index + 4] << 8) | cached_data[message_index + 5];
+	uint8_t temp_key[256 + sizeof(getdns_mdns_cached_key_header)];
+	hashvalue_type hash;
+	struct lruhash_entry *entry;
 
-	return nb_answers;
+	msdn_cache_create_key_in_buffer(temp_key, name, name_len, record_type, record_class);
+
+	/* TODO: make hash init value a random number in the context, for defense against DOS */
+	hash = hashlittle(temp_key, name_len + sizeof(getdns_mdns_cached_key_header), 0xCAC8E);
+
+	entry = lruhash_lookup(context->mdns_cache, hash, temp_key, 1);
+
+	return entry;
 }
 
+
 /*
 * Add entry function for the MDNS record cache.
 */
@@ -982,11 +1023,16 @@ mdns_propose_entry_to_cache(
 			netreq->mdns_netreq_next = header->netreq_first;
 			header->netreq_first = netreq;
 		}
-
-		/* if the entry is empty, move it to the bottom of the LRU */
-		if (mdns_cache_nb_records_in_entry((uint8_t*)(entry->data)) == 0)
+		else
 		{
-			lru_demote(context->mdns_cache, entry);
+			header = (getdns_mdns_cached_record_header *)entry->data;
+
+			/* if the entry is empty, move it to the bottom of the LRU */
+			if (mdns_cache_nb_records_in_entry((uint8_t*)(entry->data)) == 0 &&
+				header->netreq_first == NULL)
+			{
+				lru_demote(context->mdns_cache, entry);
+			}
 		}
 
 		/* then, unlock the entry */
@@ -996,6 +1042,90 @@ mdns_propose_entry_to_cache(
 	return ret;
 }
 
+
+/*
+ * Serve a request from the cached value
+ */
+static int
+mdns_complete_query_from_cache_entry(
+	getdns_network_req *netreq,
+	struct lruhash_entry *entry)
+{
+	int ret = 0;
+	uint8_t *packet = ((uint8_t *)entry->data) + sizeof(getdns_mdns_cached_record_header);
+	getdns_mdns_cached_record_header * header = (getdns_mdns_cached_record_header*)entry->data;
+	size_t packet_length = header->content_len - sizeof(getdns_mdns_cached_record_header);
+	getdns_network_req **prev_netreq;
+	int found = 0;
+	int nb_answers = mdns_cache_nb_records_in_entry((uint8_t *)entry->data);
+
+	/* Clear the event associated to the query */
+	GETDNS_CLEAR_EVENT(netreq->owner->loop, &netreq->event);
+
+	/* remove the completed query from the waiting list */
+	prev_netreq = &header->netreq_first;
+	while (*prev_netreq != NULL)
+	{
+		if (*prev_netreq == netreq)
+		{
+			*prev_netreq = netreq->mdns_netreq_next;
+			netreq->mdns_netreq_next = NULL;
+			found = 1;
+			break;
+		}
+		else
+		{
+			prev_netreq = &((*prev_netreq)->mdns_netreq_next);
+		}
+	}
+
+	if (found)
+	{
+		if (nb_answers == 0)
+		{
+		}
+		else
+		{
+			/* copy the returned value in the response field  */
+			if (packet_length > netreq->wire_data_sz)
+			{
+				netreq->response = GETDNS_XREALLOC(
+					netreq->owner->context->mf, netreq->response, uint8_t, packet_length);
+			}
+
+			if (netreq->response != NULL)
+			{
+				memcpy(netreq->response, packet, packet_length);
+
+				netreq->response[MDNS_PACKET_INDEX_QCODE] = 0x84;
+
+				netreq->response_len = packet_length;
+				netreq->debug_end_time = _getdns_get_time_as_uintt64();
+				netreq->state = NET_REQ_FINISHED;
+				_getdns_check_dns_req_complete(netreq->owner);
+			}
+			else
+			{
+				/* Fail the query? */
+				netreq->response_len = 0;
+				netreq->debug_end_time = _getdns_get_time_as_uintt64();
+				netreq->state = NET_REQ_ERRORED;
+				_getdns_check_dns_req_complete(netreq->owner);
+			}
+		}
+	}
+	else
+	{
+		/* Failure */
+		netreq->response_len = 0;
+		netreq->debug_end_time = _getdns_get_time_as_uintt64();
+		netreq->state = NET_REQ_ERRORED;
+		_getdns_check_dns_req_complete(netreq->owner);
+	}
+
+	return ret;
+}
+
 /*
  * Processing of requests after cache update.
  * This is coded as synchronous processing, under lock. This is probably wrong.
@@ -1010,55 +1140,21 @@ mdns_cache_complete_queries(
 {
 	int ret = 0;
 	size_t required_memory = 0;
-	uint8_t temp_key[256 + sizeof(getdns_mdns_cached_key_header)];
-	hashvalue_type hash;
 	struct lruhash_entry *entry;
-	uint8_t *packet;
-	int packet_length;
 	getdns_mdns_cached_record_header * header;
 	getdns_network_req * netreq;
 
-	msdn_cache_create_key_in_buffer(temp_key, name, name_len, record_type, record_class);
+	entry = mdns_access_cached_entry_by_name(context, name, name_len, record_type, record_class);
 
-
-	/* TODO: make hash init value a random number in the context, for defense against DOS */
-	hash = hashlittle(temp_key, name_len + sizeof(getdns_mdns_cached_key_header), 0xCAC8E);
-
-	entry = lruhash_lookup(context->mdns_cache, hash, temp_key, 1);
-
-	if (entry != NULL && entry->data != NULL)
+	if (entry != NULL)
 	{
-		header = (getdns_mdns_cached_record_header *)entry->data;
-
-		packet = ((uint8_t *)entry->data) + sizeof(getdns_mdns_cached_record_header);
-		packet_length = header->content_len; /* TODO: check that */
-
-		while ((netreq = header->netreq_first) != NULL)
+		if (entry->data != NULL)
 		{
-			header->netreq_first = netreq->mdns_netreq_next;
-			netreq->mdns_netreq_next = NULL;
-			/* TODO: copy the returned value in the response field  */
-			if (packet_length > netreq->wire_data_sz)
-			{
-				/* TODO: allocation. */
-			}
+			header = (getdns_mdns_cached_record_header *)entry->data;
 
-			if (netreq->response != NULL)
+			while ((netreq = header->netreq_first) != NULL)
 			{
-				memcpy(netreq->response, packet, packet_length);
-				/* TODO: process the query */
-				netreq->response_len = packet_length;
-				netreq->debug_end_time = _getdns_get_time_as_uintt64();
-				netreq->state = NET_REQ_FINISHED;
-				_getdns_check_dns_req_complete(netreq->owner);
-			}
-			else
-			{
-				/* Fail the query? */
-				netreq->response_len = 0;
-				netreq->debug_end_time = _getdns_get_time_as_uintt64();
-				netreq->state = NET_REQ_ERRORED;
-				_getdns_check_dns_req_complete(netreq->owner);
+				mdns_complete_query_from_cache_entry(netreq, entry);
 			}
 		}
 		lock_rw_unlock(entry->lock);
@@ -1067,6 +1163,57 @@ mdns_cache_complete_queries(
 	return ret;
 }
 
+/*
+* Timeout of multicast MDNS query
+*/
+static void
+mdns_mcast_timeout_cb(void *userarg)
+{
+	getdns_network_req *netreq = (getdns_network_req *)userarg;
+	getdns_dns_req *dnsreq = netreq->owner;
+	getdns_context *context = dnsreq->context;
+
+	int ret = 0;
+	size_t required_memory = 0;
+	uint8_t temp_key[256 + sizeof(getdns_mdns_cached_key_header)];
+	hashvalue_type hash;
+	struct lruhash_entry *entry;
+	int found = 0;
+
+	DEBUG_MDNS("%s %-35s: MSG:  %p\n",
+		MDNS_DEBUG_CLEANUP, __FUNCTION__, netreq);
+
+	msdn_cache_create_key_in_buffer(temp_key, dnsreq->name, dnsreq->name_len,
+		netreq->request_type, dnsreq->request_class);
+
+
+	/* TODO: make hash init value a random number in the context, for defense against DOS */
+	hash = hashlittle(temp_key, dnsreq->name_len + sizeof(getdns_mdns_cached_key_header), 0xCAC8E);
+
+	/* Open the corresponding cache entry */
+	entry = lruhash_lookup(context->mdns_cache, hash, temp_key, 1);
+
+	if (entry != NULL)
+	{
+		if (entry->data != NULL)
+		{
+			/* Remove entry from chain and serve the query */
+			found = 1;
+			mdns_complete_query_from_cache_entry(netreq, entry);
+		}
+		lock_rw_unlock(entry->lock);
+	}
+
+	if (!found)
+	{
+		/* Fail the request on timeout */
+		netreq->response_len = 0;
+		netreq->debug_end_time = _getdns_get_time_as_uintt64();
+		netreq->state = NET_REQ_ERRORED;
+		_getdns_check_dns_req_complete(netreq->owner);
+	}
+}
+
 /*
  * Multicast receive event callback
  */
@@ -1145,7 +1292,8 @@ mdns_udp_multicast_read_cb(void *userarg)
 					/* Parse the record header */
 					record_type = (cnx->response[current_index++] << 8);
 					record_type |= (cnx->response[current_index++]);
-					record_class = (cnx->response[current_index++] << 8);
+					/* TODO: handle the cache flush bit! */
+					record_class = (cnx->response[current_index++] << 8)&0x7F;
 					record_class |= (cnx->response[current_index++]);
 					record_ttl = (cnx->response[current_index++] << 24);
 					record_ttl |= (cnx->response[current_index++] << 16);
@@ -1154,7 +1302,7 @@ mdns_udp_multicast_read_cb(void *userarg)
 					record_data_len = (cnx->response[current_index++] << 8);
 					record_data_len |= (cnx->response[current_index++]);
 
-					if (current_index + record_data_len < read)
+					if (current_index + record_data_len <= read)
 					{
 						/* 
 						 * Set the record to canonical form. This is required, since 
@@ -1244,7 +1392,7 @@ static int mdns_open_ipv4_multicast(SOCKADDR_STORAGE* mcast_dest, int* mcast_des
 	uint8_t ttl = 255;
 	IP_MREQ mreq4;
 
-	memset(&mcast_dest, 0, sizeof(SOCKADDR_STORAGE));
+	memset(mcast_dest, 0, sizeof(SOCKADDR_STORAGE));
 	*mcast_dest_len = 0;
 	memset(&ipv4_dest, 0, sizeof(ipv4_dest));
 	memset(&ipv4_port, 0, sizeof(ipv4_dest));
@@ -1299,7 +1447,7 @@ static int mdns_open_ipv4_multicast(SOCKADDR_STORAGE* mcast_dest, int* mcast_des
 
 	if (ret == 0)
 	{
-		memcpy(&mcast_dest, &ipv4_dest, sizeof(ipv4_dest));
+		memcpy(mcast_dest, &ipv4_dest, sizeof(ipv4_dest));
 		*mcast_dest_len = sizeof(ipv4_dest);
 	}
 
@@ -1316,7 +1464,7 @@ static int mdns_open_ipv6_multicast(SOCKADDR_STORAGE* mcast_dest, int* mcast_des
 	uint8_t ttl = 255;
 	IPV6_MREQ mreq6;
 
-	memset(&mcast_dest, 0, sizeof(SOCKADDR_STORAGE));
+	memset(mcast_dest, 0, sizeof(SOCKADDR_STORAGE));
 	*mcast_dest_len = 0;
 	memset(&ipv6_dest, 0, sizeof(ipv6_dest));
 	memset(&ipv6_port, 0, sizeof(ipv6_dest));
@@ -1374,7 +1522,7 @@ static int mdns_open_ipv6_multicast(SOCKADDR_STORAGE* mcast_dest, int* mcast_des
 
 	if (ret == 0)
 	{
-		memcpy(&mcast_dest, &ipv6_dest, sizeof(ipv6_dest));
+		memcpy(mcast_dest, &ipv6_dest, sizeof(ipv6_dest));
 		*mcast_dest_len = sizeof(ipv6_dest);
 	}
 	return fd6;
@@ -1414,9 +1562,11 @@ static getdns_return_t mdns_delayed_network_init(struct getdns_context *context)
 				context->mdns_connection[0].fd = mdns_open_ipv4_multicast(
 					&context->mdns_connection[0].addr_mcast
 					, &context->mdns_connection[0].addr_mcast_len);
+				context->mdns_connection[0].context = context;
 				context->mdns_connection[1].fd = mdns_open_ipv6_multicast(
-					&context->mdns_connection[0].addr_mcast
-					, &context->mdns_connection[0].addr_mcast_len);
+					&context->mdns_connection[1].addr_mcast
+					, &context->mdns_connection[1].addr_mcast_len);
+				context->mdns_connection[1].context = context;
 
 				if (context->mdns_connection[0].fd == -1 ||
 					context->mdns_connection[1].fd == -1)
@@ -1479,7 +1629,7 @@ static getdns_return_t mdns_delayed_network_init(struct getdns_context *context)
  */
 static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *netreq)
 {
-	int ret = 0;
+	getdns_return_t ret = 0;
 	getdns_dns_req *dnsreq = netreq->owner;
 	struct getdns_context *context = dnsreq->context;
 
@@ -1521,6 +1671,15 @@ static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *ne
 
 	if (ret == 0)
 	{
+		/* If the query is not actually complete, are a per query timer. */
+		if (netreq->state < NET_REQ_FINISHED)
+		{
+			GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
+			GETDNS_SCHEDULE_EVENT(
+				dnsreq->loop, -1, dnsreq->context->timeout,
+				getdns_eventloop_event_init(&netreq->event, netreq,
+					NULL, NULL, mdns_mcast_timeout_cb));
+		}
 		/* If the entry was created less than 1 sec ago, send a query */
 
 		if (context->mdns_connection_nb <= 0)
@@ -1532,12 +1691,13 @@ static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *ne
 		{
 			/* TODO? Set TTL=255 for compliance with RFC 6762 */
 			int fd_index = context->mdns_connection_nb - 1;
-
-			if ((ssize_t)pkt_len != sendto(
+			int sent = sendto(
 				context->mdns_connection[fd_index].fd
 				, (const void *)netreq->query, pkt_len, 0
 				, (SOCKADDR*)&context->mdns_connection[fd_index].addr_mcast
-				, context->mdns_connection[fd_index].addr_mcast_len))
+				, context->mdns_connection[fd_index].addr_mcast_len);
+
+			if (pkt_len != sent)
 			{
 				ret = GETDNS_RETURN_GENERIC_ERROR;
 			}
@@ -1900,3 +2060,188 @@ _getdns_mdns_namespace_check(
 }
 
 #endif /* HAVE_MDNS_SUPPORT */
+
+#ifdef MDNS_UNIT_TEST
+
+/*
+ * Test adding data to the LRU Cache
+ */
+
+static BYTE mdns_exampleRRAM[] = {
+	0, 0, /* Transaction ID = 0 */
+	0x84, 0, /* Answer: QR=1 (80), AA=1 (04) */
+	0, 0, /* QD Count = 0 */
+	0, 1, /* AN Count = 1 */
+	0, 0, /* NS Count = 0 */
+	0, 0, /* AD Count = 0 */
+	7, /* length of "example" name part */
+	'e', 'x', 'a', 'm', 'p', 'l', 'e',
+	5, /* length of "local" name part */
+	'l', 'o', 'c', 'a', 'l',
+	0, /* length of the root name part */
+	0, 1, /* QTYPE = 1, A record */
+	0, 1, /* QCLASS = 1, IN */
+	0, 0, 0, 255, /* TTL: 255 sec */
+	0, 4, /* length of RDATA */
+	10, 0, 0, 1 /* Value of RDATA (some IPv4 address) */
+};
+
+
+uint8_t mdns_test_name[] = {
+	7, /* length of "example" name part */
+	't', 'e', 's', 't', 'i', 'n', 'g',
+	5, /* length of "local" name part */
+	'l', 'o', 'c', 'a', 'l',
+	0, /* length of the root name part */
+};
+
+uint8_t mdns_test_first_address[4] = { 10, 0, 0, 1 };
+uint8_t mdns_test_second_address[4] = { 10, 0, 0, 2 };
+uint8_t mdns_test_third_address[4] = { 10, 0, 0, 3 };
+
+int mdns_finalize_lru_test(struct getdns_context* context,
+	uint8_t * name, int name_len, int record_type, int record_class,
+	int expected_nb_records,
+	uint8_t * buffer, size_t buffer_max, size_t* entry_length)
+{
+	int ret = 0;
+	/* verify that the entry is there */
+	struct lruhash_entry * entry =
+		mdns_access_cached_entry_by_name(context, name, name_len, record_type, record_class);
+
+	
+	*entry_length = 0;
+
+	if (entry == NULL)
+	{
+		if (expected_nb_records != 0)
+			ret = -1;
+	}
+	else
+	{
+		int nbanswers = mdns_cache_nb_records_in_entry((uint8_t*)entry->data);
+		if (nbanswers != expected_nb_records)
+		{
+			ret = -2;
+		}
+		
+		if (buffer != NULL)
+		{
+			getdns_mdns_cached_record_header * header =
+				(getdns_mdns_cached_record_header*)entry->data;
+			size_t record_length = header->content_len - sizeof(getdns_mdns_cached_record_header);
+
+			if (record_length > buffer_max)
+			{
+				ret = -3;
+			}
+			else
+			{
+				memcpy(buffer, ((uint8_t *)entry->data) + sizeof(getdns_mdns_cached_record_header),
+					record_length);
+				*entry_length = record_length;
+			}
+		}
+
+		lock_rw_unlock(entry->lock);
+	}
+
+	return ret;
+}
+
+int mdns_addition_test(struct getdns_context* context, 
+	uint8_t * buffer, size_t buffer_max, size_t* entry_length)
+{
+	int ret = 
+	mdns_propose_entry_to_cache(context, mdns_test_name, sizeof(mdns_test_name), 1, 1, 255,
+		mdns_test_first_address, 4, NULL, _getdns_get_time_as_uintt64());
+
+	if (ret == 0)
+	{
+		ret = mdns_finalize_lru_test(context, &mdns_exampleRRAM[12], 15, 1, 1,
+			1, buffer, buffer_max, entry_length);
+	}
+
+	return ret;
+}
+
+int mdns_addition_test2(struct getdns_context* context,
+	uint8_t * buffer, size_t buffer_max, size_t* entry_length)
+{
+	int ret =
+		mdns_propose_entry_to_cache(context, mdns_test_name, sizeof(mdns_test_name), 1, 1, 255,
+			mdns_test_first_address, 4, NULL, _getdns_get_time_as_uintt64());
+
+	if (ret == 0)
+	{
+		/* add a second entry, with a different value */
+		ret =
+			mdns_propose_entry_to_cache(context, mdns_test_name, sizeof(mdns_test_name), 1, 1, 255,
+				mdns_test_second_address, 4, NULL, _getdns_get_time_as_uintt64());
+	}
+
+	if (ret == 0)
+	{
+		/* add a third entry, with a different value */
+		ret =
+			mdns_propose_entry_to_cache(context, mdns_test_name, sizeof(mdns_test_name), 1, 1, 255,
+				mdns_test_third_address, 4, NULL, _getdns_get_time_as_uintt64());
+	}
+
+	if (ret == 0)
+	{
+		ret = mdns_finalize_lru_test(context, mdns_test_name, sizeof(mdns_test_name), 1, 1,
+			3, buffer, buffer_max, entry_length);
+	}
+
+	return ret;
+}
+
+int mdns_deletion_test(struct getdns_context* context,
+	uint8_t * buffer, size_t buffer_max, size_t* entry_length)
+{
+	/* insert data with TTL = 0 to trigger suppression */
+	int ret =
+		mdns_propose_entry_to_cache(context, mdns_test_name, sizeof(mdns_test_name), 1, 1, 0,
+			mdns_test_second_address, 4, NULL, _getdns_get_time_as_uintt64());
+
+	if (ret == 0)
+	{
+		ret = mdns_finalize_lru_test(context, mdns_test_name, sizeof(mdns_test_name), 1, 1,
+			2, buffer, buffer_max, entry_length);
+	}
+
+	return ret;
+}
+
+int mdns_deletion_test2(struct getdns_context* context,
+	uint8_t * buffer, size_t buffer_max, size_t* entry_length)
+{
+	/* insert data with TTL = 0 to trigger suppression */
+	int ret =
+		mdns_propose_entry_to_cache(context, mdns_test_name, sizeof(mdns_test_name), 1, 1, 0,
+			mdns_test_first_address, 4, NULL, _getdns_get_time_as_uintt64());
+
+	if (ret == 0)
+	{
+		ret =
+			mdns_propose_entry_to_cache(context, mdns_test_name, sizeof(mdns_test_name), 1, 1, 0,
+				mdns_test_third_address, 4, NULL, _getdns_get_time_as_uintt64());
+	}
+
+	if (ret == 0)
+	{
+		ret = mdns_finalize_lru_test(context, mdns_test_name, sizeof(mdns_test_name), 1, 1,
+			0, buffer, buffer_max, entry_length);
+	}
+
+	return ret;
+}
+
+
+int mdns_test_prepare(struct getdns_context* context)
+{
+	return mdns_delayed_network_init(context);
+}
+
+#endif
\ No newline at end of file

From 028dd0bf3c8be0824fb49d798e8a4b9acfe9c94f Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 8 Mar 2017 21:25:39 +0100
Subject: [PATCH 163/249] Configure option to enable draft mdns support

---
 configure.ac | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 555b7792..7e8273e9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -481,9 +481,10 @@ case "$enable_dsa" in
       ;;
 esac
 
-AC_ARG_ENABLE(all-drafts, AC_HELP_STRING([--enable-all-drafts], [No drafts in this release]))
+AC_ARG_ENABLE(all-drafts, AC_HELP_STRING([--enable-all-drafts], [Enables the draft mdns client support]))
 case "$enable_all_drafts" in
 	yes)
+		AC_DEFINE_UNQUOTED([HAVE_MDNS_SUPPORT], [1], [Define this to enable the draft mdns client support.])
 		;;
 	no|*)
 		;;
@@ -514,6 +515,15 @@ AC_DEFINE_UNQUOTED([EDNS_COOKIE_ROLLOVER_TIME], [(24 * 60 * 60)], [How often the
 AC_DEFINE_UNQUOTED([MAXIMUM_UPSTREAM_OPTION_SPACE], [3000], [limit for dynamically-generated DNS options])
 AC_DEFINE_UNQUOTED([EDNS_PADDING_OPCODE], [12], [The edns padding option code.])
 
+AC_ARG_ENABLE(draft-mdns-support, AC_HELP_STRING([--enable-draft-mdns-support], [Enable draft mdns client support]))
+case "$enable_draft_mdns_support" in
+	yes)
+		AC_DEFINE_UNQUOTED([HAVE_MDNS_SUPPORT], [1], [Define this to enable the draft mdns client support.])
+		;;
+	no|*)
+		;;
+esac
+
 my_with_libunbound=1
 AC_ARG_ENABLE(stub-only, AC_HELP_STRING([--enable-stub-only], [Restricts resolution modes to STUB (which will be the default mode).  Removes the libunbound dependency.]))
 case "$enable_stub_only" in

From ec685e900d5151dd805e1510e4ee60b9cb785b72 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 8 Mar 2017 22:10:22 +0100
Subject: [PATCH 164/249] Map rbtree symbols

---
 src/util/rbtree.c    | 152 ++++++++++++++--------------
 src/util/rbtree.h    | 232 +++++++++----------------------------------
 src/util/ub/rbtree.h | 192 +++++++++++++++++++++++++++++++++++
 3 files changed, 316 insertions(+), 260 deletions(-)
 create mode 100644 src/util/ub/rbtree.h

diff --git a/src/util/rbtree.c b/src/util/rbtree.c
index c52be727..f031c9a1 100644
--- a/src/util/rbtree.c
+++ b/src/util/rbtree.c
@@ -40,8 +40,8 @@
  */
 
 #include "config.h"
-#include "util/log.h"
-#include "util/fptr_wlist.h"
+#include "log.h"
+#include "fptr_wlist.h"
 #include "util/rbtree.h"
 
 /** Node colour black */
@@ -50,7 +50,7 @@
 #define	RED	1
 
 /** the NULL node, global alloc */
-_getdns_rbnode_t	_getdns_rbtree_null_node = {
+rbnode_type	rbtree_null_node = {
 	RBTREE_NULL,		/* Parent.  */
 	RBTREE_NULL,		/* Left.  */
 	RBTREE_NULL,		/* Right.  */
@@ -59,13 +59,14 @@ _getdns_rbnode_t	_getdns_rbtree_null_node = {
 };
 
 /** rotate subtree left (to preserve redblack property) */
-static void _getdns_rbtree_rotate_left(_getdns_rbtree_t *rbtree, _getdns_rbnode_t *node);
+static void rbtree_rotate_left(rbtree_type *rbtree, rbnode_type *node);
 /** rotate subtree right (to preserve redblack property) */
-static void _getdns_rbtree_rotate_right(_getdns_rbtree_t *rbtree, _getdns_rbnode_t *node);
+static void rbtree_rotate_right(rbtree_type *rbtree, rbnode_type *node);
 /** Fixup node colours when insert happened */
-static void _getdns_rbtree_insert_fixup(_getdns_rbtree_t *rbtree, _getdns_rbnode_t *node);
+static void rbtree_insert_fixup(rbtree_type *rbtree, rbnode_type *node);
 /** Fixup node colours when delete happened */
-static void _getdns_rbtree_delete_fixup(_getdns_rbtree_t* rbtree, _getdns_rbnode_t* child, _getdns_rbnode_t* child_parent);
+static void rbtree_delete_fixup(rbtree_type* rbtree, rbnode_type* child,
+	rbnode_type* child_parent);
 
 /*
  * Creates a new red black tree, initializes and returns a pointer to it.
@@ -73,25 +74,25 @@ static void _getdns_rbtree_delete_fixup(_getdns_rbtree_t* rbtree, _getdns_rbnode
  * Return NULL on failure.
  *
  */
-_getdns_rbtree_t *
-_getdns_rbtree_create (int (*cmpf)(const void *, const void *))
+rbtree_type *
+rbtree_create (int (*cmpf)(const void *, const void *))
 {
-	_getdns_rbtree_t *rbtree;
+	rbtree_type *rbtree;
 
 	/* Allocate memory for it */
-	rbtree = (_getdns_rbtree_t *) malloc(sizeof(_getdns_rbtree_t));
+	rbtree = (rbtree_type *) malloc(sizeof(rbtree_type));
 	if (!rbtree) {
 		return NULL;
 	}
 
 	/* Initialize it */
-	_getdns_rbtree_init(rbtree, cmpf);
+	rbtree_init(rbtree, cmpf);
 
 	return rbtree;
 }
 
 void 
-_getdns_rbtree_init(_getdns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *))
+rbtree_init(rbtree_type *rbtree, int (*cmpf)(const void *, const void *))
 {
 	/* Initialize it */
 	rbtree->root = RBTREE_NULL;
@@ -104,9 +105,9 @@ _getdns_rbtree_init(_getdns_rbtree_t *rbtree, int (*cmpf)(const void *, const vo
  *
  */
 static void
-_getdns_rbtree_rotate_left(_getdns_rbtree_t *rbtree, _getdns_rbnode_t *node)
+rbtree_rotate_left(rbtree_type *rbtree, rbnode_type *node)
 {
-	_getdns_rbnode_t *right = node->right;
+	rbnode_type *right = node->right;
 	node->right = right->left;
 	if (right->left != RBTREE_NULL)
 		right->left->parent = node;
@@ -131,9 +132,9 @@ _getdns_rbtree_rotate_left(_getdns_rbtree_t *rbtree, _getdns_rbnode_t *node)
  *
  */
 static void
-_getdns_rbtree_rotate_right(_getdns_rbtree_t *rbtree, _getdns_rbnode_t *node)
+rbtree_rotate_right(rbtree_type *rbtree, rbnode_type *node)
 {
-	_getdns_rbnode_t *left = node->left;
+	rbnode_type *left = node->left;
 	node->left = left->right;
 	if (left->right != RBTREE_NULL)
 		left->right->parent = node;
@@ -154,9 +155,9 @@ _getdns_rbtree_rotate_right(_getdns_rbtree_t *rbtree, _getdns_rbnode_t *node)
 }
 
 static void
-_getdns_rbtree_insert_fixup(_getdns_rbtree_t *rbtree, _getdns_rbnode_t *node)
+rbtree_insert_fixup(rbtree_type *rbtree, rbnode_type *node)
 {
-	_getdns_rbnode_t	*uncle;
+	rbnode_type	*uncle;
 
 	/* While not at the root and need fixing... */
 	while (node != rbtree->root && node->parent->color == RED) {
@@ -179,12 +180,12 @@ _getdns_rbtree_insert_fixup(_getdns_rbtree_t *rbtree, _getdns_rbnode_t *node)
 				/* Are we the right child? */
 				if (node == node->parent->right) {
 					node = node->parent;
-					_getdns_rbtree_rotate_left(rbtree, node);
+					rbtree_rotate_left(rbtree, node);
 				}
 				/* Now we're the left child, repaint and rotate... */
 				node->parent->color = BLACK;
 				node->parent->parent->color = RED;
-				_getdns_rbtree_rotate_right(rbtree, node->parent->parent);
+				rbtree_rotate_right(rbtree, node->parent->parent);
 			}
 		} else {
 			uncle = node->parent->parent->left;
@@ -204,12 +205,12 @@ _getdns_rbtree_insert_fixup(_getdns_rbtree_t *rbtree, _getdns_rbnode_t *node)
 				/* Are we the right child? */
 				if (node == node->parent->left) {
 					node = node->parent;
-					_getdns_rbtree_rotate_right(rbtree, node);
+					rbtree_rotate_right(rbtree, node);
 				}
 				/* Now we're the right child, repaint and rotate... */
 				node->parent->color = BLACK;
 				node->parent->parent->color = RED;
-				_getdns_rbtree_rotate_left(rbtree, node->parent->parent);
+				rbtree_rotate_left(rbtree, node->parent->parent);
 			}
 		}
 	}
@@ -223,17 +224,17 @@ _getdns_rbtree_insert_fixup(_getdns_rbtree_t *rbtree, _getdns_rbnode_t *node)
  * Returns NULL on failure or the pointer to the newly added node
  * otherwise.
  */
-_getdns_rbnode_t *
-_getdns_rbtree_insert (_getdns_rbtree_t *rbtree, _getdns_rbnode_t *data)
+rbnode_type *
+rbtree_insert (rbtree_type *rbtree, rbnode_type *data)
 {
 	/* XXX Not necessary, but keeps compiler quiet... */
 	int r = 0;
 
 	/* We start at the root of the tree */
-	_getdns_rbnode_t	*node = rbtree->root;
-	_getdns_rbnode_t	*parent = RBTREE_NULL;
+	rbnode_type	*node = rbtree->root;
+	rbnode_type	*parent = RBTREE_NULL;
 
-	fptr_ok(fptr_whitelist__getdns_rbtree_cmp(rbtree->cmp));
+	fptr_ok(fptr_whitelist_rbtree_cmp(rbtree->cmp));
 	/* Lets find the new parent... */
 	while (node != RBTREE_NULL) {
 		/* Compare two keys, do we have a duplicate? */
@@ -267,7 +268,7 @@ _getdns_rbtree_insert (_getdns_rbtree_t *rbtree, _getdns_rbnode_t *data)
 	}
 
 	/* Fix up the red-black properties... */
-	_getdns_rbtree_insert_fixup(rbtree, data);
+	rbtree_insert_fixup(rbtree, data);
 
 	return data;
 }
@@ -276,12 +277,12 @@ _getdns_rbtree_insert (_getdns_rbtree_t *rbtree, _getdns_rbnode_t *data)
  * Searches the red black tree, returns the data if key is found or NULL otherwise.
  *
  */
-_getdns_rbnode_t *
-_getdns_rbtree_search (_getdns_rbtree_t *rbtree, const void *key)
+rbnode_type *
+rbtree_search (rbtree_type *rbtree, const void *key)
 {
-	_getdns_rbnode_t *node;
+	rbnode_type *node;
 
-	if (_getdns_rbtree_find_less_equal(rbtree, key, &node)) {
+	if (rbtree_find_less_equal(rbtree, key, &node)) {
 		return node;
 	} else {
 		return NULL;
@@ -295,13 +296,14 @@ static void swap_int8(uint8_t* x, uint8_t* y)
 }
 
 /** helpers for delete: swap node pointers */
-static void swap_np(_getdns_rbnode_t** x, _getdns_rbnode_t** y) 
+static void swap_np(rbnode_type** x, rbnode_type** y) 
 {
-	_getdns_rbnode_t* t = *x; *x = *y; *y = t; 
+	rbnode_type* t = *x; *x = *y; *y = t; 
 }
 
 /** Update parent pointers of child trees of 'parent' */
-static void change_parent_ptr(_getdns_rbtree_t* rbtree, _getdns_rbnode_t* parent, _getdns_rbnode_t* old, _getdns_rbnode_t* new)
+static void change_parent_ptr(rbtree_type* rbtree, rbnode_type* parent,
+	rbnode_type* old, rbnode_type* new)
 {
 	if(parent == RBTREE_NULL)
 	{
@@ -315,30 +317,31 @@ static void change_parent_ptr(_getdns_rbtree_t* rbtree, _getdns_rbnode_t* parent
 	if(parent->right == old) parent->right = new;
 }
 /** Update parent pointer of a node 'child' */
-static void change_child_ptr(_getdns_rbnode_t* child, _getdns_rbnode_t* old, _getdns_rbnode_t* new)
+static void change_child_ptr(rbnode_type* child, rbnode_type* old,
+	rbnode_type* new)
 {
 	if(child == RBTREE_NULL) return;
 	log_assert(child->parent == old || child->parent == new);
 	if(child->parent == old) child->parent = new;
 }
 
-_getdns_rbnode_t* 
-_getdns_rbtree_delete(_getdns_rbtree_t *rbtree, const void *key)
+rbnode_type* 
+rbtree_delete(rbtree_type *rbtree, const void *key)
 {
-	_getdns_rbnode_t *to_delete;
-	_getdns_rbnode_t *child;
-	if((to_delete = _getdns_rbtree_search(rbtree, key)) == 0) return 0;
+	rbnode_type *to_delete;
+	rbnode_type *child;
+	if((to_delete = rbtree_search(rbtree, key)) == 0) return 0;
 	rbtree->count--;
 
 	/* make sure we have at most one non-leaf child */
 	if(to_delete->left != RBTREE_NULL && to_delete->right != RBTREE_NULL)
 	{
 		/* swap with smallest from right subtree (or largest from left) */
-		_getdns_rbnode_t *smright = to_delete->right;
+		rbnode_type *smright = to_delete->right;
 		while(smright->left != RBTREE_NULL)
 			smright = smright->left;
 		/* swap the smright and to_delete elements in the tree,
-		 * but the _getdns_rbnode_t is first part of user data struct
+		 * but the rbnode_type is first part of user data struct
 		 * so cannot just swap the keys and data pointers. Instead
 		 * readjust the pointers left,right,parent */
 
@@ -390,7 +393,7 @@ _getdns_rbtree_delete(_getdns_rbtree_t *rbtree, const void *key)
 		/* change child to BLACK, removing a RED node is no problem */
 		if(child!=RBTREE_NULL) child->color = BLACK;
 	}
-	else _getdns_rbtree_delete_fixup(rbtree, child, to_delete->parent);
+	else rbtree_delete_fixup(rbtree, child, to_delete->parent);
 
 	/* unlink completely */
 	to_delete->parent = RBTREE_NULL;
@@ -400,9 +403,10 @@ _getdns_rbtree_delete(_getdns_rbtree_t *rbtree, const void *key)
 	return to_delete;
 }
 
-static void _getdns_rbtree_delete_fixup(_getdns_rbtree_t* rbtree, _getdns_rbnode_t* child, _getdns_rbnode_t* child_parent)
+static void rbtree_delete_fixup(rbtree_type* rbtree, rbnode_type* child,
+	rbnode_type* child_parent)
 {
-	_getdns_rbnode_t* sibling;
+	rbnode_type* sibling;
 	int go_up = 1;
 
 	/* determine sibling to the node that is one-black short */
@@ -422,8 +426,8 @@ static void _getdns_rbtree_delete_fixup(_getdns_rbtree_t* rbtree, _getdns_rbnode
 			child_parent->color = RED;
 			sibling->color = BLACK;
 			if(child_parent->right == child)
-				_getdns_rbtree_rotate_right(rbtree, child_parent);
-			else	_getdns_rbtree_rotate_left(rbtree, child_parent);
+				rbtree_rotate_right(rbtree, child_parent);
+			else	rbtree_rotate_left(rbtree, child_parent);
 			/* new sibling after rotation */
 			if(child_parent->right == child) sibling = child_parent->left;
 			else sibling = child_parent->right;
@@ -468,7 +472,7 @@ static void _getdns_rbtree_delete_fixup(_getdns_rbtree_t* rbtree, _getdns_rbnode
 	{
 		sibling->color = RED;
 		sibling->right->color = BLACK;
-		_getdns_rbtree_rotate_left(rbtree, sibling);
+		rbtree_rotate_left(rbtree, sibling);
 		/* new sibling after rotation */
 		if(child_parent->right == child) sibling = child_parent->left;
 		else sibling = child_parent->right;
@@ -480,7 +484,7 @@ static void _getdns_rbtree_delete_fixup(_getdns_rbtree_t* rbtree, _getdns_rbnode
 	{
 		sibling->color = RED;
 		sibling->left->color = BLACK;
-		_getdns_rbtree_rotate_right(rbtree, sibling);
+		rbtree_rotate_right(rbtree, sibling);
 		/* new sibling after rotation */
 		if(child_parent->right == child) sibling = child_parent->left;
 		else sibling = child_parent->right;
@@ -493,21 +497,22 @@ static void _getdns_rbtree_delete_fixup(_getdns_rbtree_t* rbtree, _getdns_rbnode
 	{
 		log_assert(sibling->left->color == RED);
 		sibling->left->color = BLACK;
-		_getdns_rbtree_rotate_right(rbtree, child_parent);
+		rbtree_rotate_right(rbtree, child_parent);
 	}
 	else
 	{
 		log_assert(sibling->right->color == RED);
 		sibling->right->color = BLACK;
-		_getdns_rbtree_rotate_left(rbtree, child_parent);
+		rbtree_rotate_left(rbtree, child_parent);
 	}
 }
 
 int
-_getdns_rbtree_find_less_equal(_getdns_rbtree_t *rbtree, const void *key, _getdns_rbnode_t **result)
+rbtree_find_less_equal(rbtree_type *rbtree, const void *key,
+	rbnode_type **result)
 {
 	int r;
-	_getdns_rbnode_t *node;
+	rbnode_type *node;
 
 	log_assert(result);
 	
@@ -515,7 +520,7 @@ _getdns_rbtree_find_less_equal(_getdns_rbtree_t *rbtree, const void *key, _getdn
 	node = rbtree->root;
 
 	*result = NULL;
-	fptr_ok(fptr_whitelist__getdns_rbtree_cmp(rbtree->cmp));
+	fptr_ok(fptr_whitelist_rbtree_cmp(rbtree->cmp));
 
 	/* While there are children... */
 	while (node != RBTREE_NULL) {
@@ -540,19 +545,19 @@ _getdns_rbtree_find_less_equal(_getdns_rbtree_t *rbtree, const void *key, _getdn
  * Finds the first element in the red black tree
  *
  */
-_getdns_rbnode_t *
-_getdns_rbtree_first (_getdns_rbtree_t *rbtree)
+rbnode_type *
+rbtree_first (rbtree_type *rbtree)
 {
-	_getdns_rbnode_t *node;
+	rbnode_type *node;
 
 	for (node = rbtree->root; node->left != RBTREE_NULL; node = node->left);
 	return node;
 }
 
-_getdns_rbnode_t *
-_getdns_rbtree_last (_getdns_rbtree_t *rbtree)
+rbnode_type *
+rbtree_last (rbtree_type *rbtree)
 {
-	_getdns_rbnode_t *node;
+	rbnode_type *node;
 
 	for (node = rbtree->root; node->right != RBTREE_NULL; node = node->right);
 	return node;
@@ -562,10 +567,10 @@ _getdns_rbtree_last (_getdns_rbtree_t *rbtree)
  * Returns the next node...
  *
  */
-_getdns_rbnode_t *
-_getdns_rbtree_next (_getdns_rbnode_t *node)
+rbnode_type *
+rbtree_next (rbnode_type *node)
 {
-	_getdns_rbnode_t *parent;
+	rbnode_type *parent;
 
 	if (node->right != RBTREE_NULL) {
 		/* One right, then keep on going left... */
@@ -581,10 +586,10 @@ _getdns_rbtree_next (_getdns_rbnode_t *node)
 	return node;
 }
 
-_getdns_rbnode_t *
-_getdns_rbtree_previous(_getdns_rbnode_t *node)
+rbnode_type *
+rbtree_previous(rbnode_type *node)
 {
-	_getdns_rbnode_t *parent;
+	rbnode_type *parent;
 
 	if (node->left != RBTREE_NULL) {
 		/* One left, then keep on going right... */
@@ -602,19 +607,20 @@ _getdns_rbtree_previous(_getdns_rbnode_t *node)
 
 /** recursive descent traverse */
 static void 
-_getdns_traverse_post(void (*func)(_getdns_rbnode_t*, void*), void* arg, _getdns_rbnode_t* node)
+traverse_post(void (*func)(rbnode_type*, void*), void* arg, rbnode_type* node)
 {
 	if(!node || node == RBTREE_NULL)
 		return;
 	/* recurse */
-	_getdns_traverse_post(func, arg, node->left);
-	_getdns_traverse_post(func, arg, node->right);
+	traverse_post(func, arg, node->left);
+	traverse_post(func, arg, node->right);
 	/* call user func */
 	(*func)(node, arg);
 }
 
 void 
-_getdns_traverse_postorder(_getdns_rbtree_t* tree, void (*func)(_getdns_rbnode_t*, void*), void* arg)
+traverse_postorder(rbtree_type* tree, void (*func)(rbnode_type*, void*),
+	void* arg)
 {
-	_getdns_traverse_post(func, arg, tree->root);
+	traverse_post(func, arg, tree->root);
 }
diff --git a/src/util/rbtree.h b/src/util/rbtree.h
index aa620e1c..7772ffda 100644
--- a/src/util/rbtree.h
+++ b/src/util/rbtree.h
@@ -1,192 +1,50 @@
+/**
+ *
+ * \file rbtree.h
+ * /brief Alternative symbol names for unbound's rbtree.h
+ *
+ */
 /*
- * rbtree.h -- generic red-black tree
+ * Copyright (c) 2017, NLnet Labs, the getdns team
+ * All rights reserved.
  *
- * Copyright (c) 2001-2007, NLnet Labs. All rights reserved.
- * 
- * This software is open source.
- * 
  * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * 
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * 
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
  *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-
-/**
- * \file
- * Red black tree. Implementation taken from NSD 3.0.5, adjusted for use
- * in unbound (memory allocation, logging and so on).
- */
-
-#ifndef UTIL_RBTREE_H_
-#define	UTIL_RBTREE_H_
-
-/**
- * This structure must be the first member of the data structure in
- * the rbtree.  This allows easy casting between an _getdns_rbnode_t and the
- * user data (poor man's inheritance).
- */
-typedef struct _getdns_rbnode_t _getdns_rbnode_t;
-/**
- * The _getdns_rbnode_t struct definition.
- */
-struct _getdns_rbnode_t {
-	/** parent in rbtree, RBTREE_NULL for root */
-	_getdns_rbnode_t   *parent;
-	/** left node (smaller items) */
-	_getdns_rbnode_t   *left;
-	/** right node (larger items) */
-	_getdns_rbnode_t   *right;
-	/** pointer to sorting key */
-	const void *key;
-	/** colour of this node */
-	uint8_t	    color;
-};
-
-/** The nullpointer, points to empty node */
-#define	RBTREE_NULL &_getdns_rbtree_null_node
-/** the global empty node */
-extern	_getdns_rbnode_t	_getdns_rbtree_null_node;
-
-/** An entire red black tree */
-typedef struct _getdns_rbtree_t _getdns_rbtree_t;
-/** definition for tree struct */
-struct _getdns_rbtree_t {
-	/** The root of the red-black tree */
-	_getdns_rbnode_t    *root;
-
-	/** The number of the nodes in the tree */
-	size_t       count;
-
-	/** 
-	 * Key compare function. <0,0,>0 like strcmp. 
-	 * Return 0 on two NULL ptrs. 
-	 */
-	int (*cmp) (const void *, const void *);
-};
-
-/** 
- * Create new tree (malloced) with given key compare function. 
- * @param cmpf: compare function (like strcmp) takes pointers to two keys.
- * @return: new tree, empty.
- */
-_getdns_rbtree_t *_getdns_rbtree_create(int (*cmpf)(const void *, const void *));
-
-/** 
- * Init a new tree (malloced by caller) with given key compare function. 
- * @param rbtree: uninitialised memory for new tree, returned empty.
- * @param cmpf: compare function (like strcmp) takes pointers to two keys.
- */
-void _getdns_rbtree_init(_getdns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *));
-
-/** 
- * Insert data into the tree. 
- * @param rbtree: tree to insert to.
- * @param data: element to insert. 
- * @return: data ptr or NULL if key already present. 
- */
-_getdns_rbnode_t *_getdns_rbtree_insert(_getdns_rbtree_t *rbtree, _getdns_rbnode_t *data);
-
-/**
- * Delete element from tree.
- * @param rbtree: tree to delete from.
- * @param key: key of item to delete.
- * @return: node that is now unlinked from the tree. User to delete it. 
- * returns 0 if node not present 
- */
-_getdns_rbnode_t *_getdns_rbtree_delete(_getdns_rbtree_t *rbtree, const void *key);
-
-/**
- * Find key in tree. Returns NULL if not found.
- * @param rbtree: tree to find in.
- * @param key: key that must match.
- * @return: node that fits or NULL.
- */
-_getdns_rbnode_t *_getdns_rbtree_search(_getdns_rbtree_t *rbtree, const void *key);
-
-/**
- * Find, but match does not have to be exact.
- * @param rbtree: tree to find in.
- * @param key: key to find position of.
- * @param result: set to the exact node if present, otherwise to element that
- *   precedes the position of key in the tree. NULL if no smaller element.
- * @return: true if exact match in result. Else result points to <= element,
- * or NULL if key is smaller than the smallest key. 
- */
-int _getdns_rbtree_find_less_equal(_getdns_rbtree_t *rbtree, const void *key, 
-	_getdns_rbnode_t **result);
-
-/**
- * Returns first (smallest) node in the tree
- * @param rbtree: tree
- * @return: smallest element or NULL if tree empty.
- */
-_getdns_rbnode_t *_getdns_rbtree_first(_getdns_rbtree_t *rbtree);
-
-/**
- * Returns last (largest) node in the tree
- * @param rbtree: tree
- * @return: largest element or NULL if tree empty.
- */
-_getdns_rbnode_t *_getdns_rbtree_last(_getdns_rbtree_t *rbtree);
-
-/**
- * Returns next larger node in the tree
- * @param rbtree: tree
- * @return: next larger element or NULL if no larger in tree.
- */
-_getdns_rbnode_t *_getdns_rbtree_next(_getdns_rbnode_t *rbtree);
-
-/**
- * Returns previous smaller node in the tree
- * @param rbtree: tree
- * @return: previous smaller element or NULL if no previous in tree.
- */
-_getdns_rbnode_t *_getdns_rbtree_previous(_getdns_rbnode_t *rbtree);
-
-/**
- * Call with node=variable of struct* with _getdns_rbnode_t as first element.
- * with type is the type of a pointer to that struct. 
- */
-#define RBTREE_FOR(node, type, rbtree) \
-	for(node=(type)_getdns_rbtree_first(rbtree); \
-		(_getdns_rbnode_t*)node != RBTREE_NULL; \
-		node = (type)_getdns_rbtree_next((_getdns_rbnode_t*)node))
-
-/**
- * Call function for all elements in the redblack tree, such that
- * leaf elements are called before parent elements. So that all
- * elements can be safely free()d.
- * Note that your function must not remove the nodes from the tree.
- * Since that may trigger rebalances of the rbtree.
- * @param tree: the tree
- * @param func: function called with element and user arg.
- * 	The function must not alter the rbtree.
- * @param arg: user argument.
- */
-void _getdns_traverse_postorder(_getdns_rbtree_t* tree, void (*func)(_getdns_rbnode_t*, void*),
-	void* arg);
-
-#endif /* UTIL_RBTREE_H_ */
+#ifndef RBTREE_H_SYMBOLS
+#define RBTREE_H_SYMBOLS
+#define rbnode_type		_getdns_rbnode_t
+#define rbtree_null_node	_getdns_rbtree_null_node
+#define rbtree_type		_getdns_rbtree_t
+#define rbtree_create		_getdns_rbtree_create
+#define rbtree_init		_getdns_rbtree_init
+#define rbtree_insert		_getdns_rbtree_insert
+#define rbtree_delete		_getdns_rbtree_delete
+#define rbtree_search		_getdns_rbtree_search
+#define rbtree_find_less_equal	_getdns_rbtree_find_less_equal
+#define rbtree_first		_getdns_rbtree_first
+#define rbtree_last		_getdns_rbtree_last
+#define rbtree_next		_getdns_rbtree_next
+#define rbtree_previous		_getdns_rbtree_previous
+#define traverse_postorder	_getdns_traverse_postorder
+#include "util/ub/rbtree.h"
+#endif
diff --git a/src/util/ub/rbtree.h b/src/util/ub/rbtree.h
new file mode 100644
index 00000000..dfcf09ac
--- /dev/null
+++ b/src/util/ub/rbtree.h
@@ -0,0 +1,192 @@
+/*
+ * rbtree.h -- generic red-black tree
+ *
+ * Copyright (c) 2001-2007, NLnet Labs. All rights reserved.
+ * 
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/**
+ * \file
+ * Red black tree. Implementation taken from NSD 3.0.5, adjusted for use
+ * in unbound (memory allocation, logging and so on).
+ */
+
+#ifndef UTIL_RBTREE_H_
+#define	UTIL_RBTREE_H_
+
+/**
+ * This structure must be the first member of the data structure in
+ * the rbtree.  This allows easy casting between an rbnode_type and the
+ * user data (poor man's inheritance).
+ */
+typedef struct rbnode_type rbnode_type;
+/**
+ * The rbnode_type struct definition.
+ */
+struct rbnode_type {
+	/** parent in rbtree, RBTREE_NULL for root */
+	rbnode_type   *parent;
+	/** left node (smaller items) */
+	rbnode_type   *left;
+	/** right node (larger items) */
+	rbnode_type   *right;
+	/** pointer to sorting key */
+	const void    *key;
+	/** colour of this node */
+	uint8_t	       color;
+};
+
+/** The nullpointer, points to empty node */
+#define	RBTREE_NULL &rbtree_null_node
+/** the global empty node */
+extern	rbnode_type	rbtree_null_node;
+
+/** An entire red black tree */
+typedef struct rbtree_type rbtree_type;
+/** definition for tree struct */
+struct rbtree_type {
+	/** The root of the red-black tree */
+	rbnode_type    *root;
+
+	/** The number of the nodes in the tree */
+	size_t          count;
+
+	/** 
+	 * Key compare function. <0,0,>0 like strcmp. 
+	 * Return 0 on two NULL ptrs. 
+	 */
+	int (*cmp) (const void *, const void *);
+};
+
+/** 
+ * Create new tree (malloced) with given key compare function. 
+ * @param cmpf: compare function (like strcmp) takes pointers to two keys.
+ * @return: new tree, empty.
+ */
+rbtree_type *rbtree_create(int (*cmpf)(const void *, const void *));
+
+/** 
+ * Init a new tree (malloced by caller) with given key compare function. 
+ * @param rbtree: uninitialised memory for new tree, returned empty.
+ * @param cmpf: compare function (like strcmp) takes pointers to two keys.
+ */
+void rbtree_init(rbtree_type *rbtree, int (*cmpf)(const void *, const void *));
+
+/** 
+ * Insert data into the tree. 
+ * @param rbtree: tree to insert to.
+ * @param data: element to insert. 
+ * @return: data ptr or NULL if key already present. 
+ */
+rbnode_type *rbtree_insert(rbtree_type *rbtree, rbnode_type *data);
+
+/**
+ * Delete element from tree.
+ * @param rbtree: tree to delete from.
+ * @param key: key of item to delete.
+ * @return: node that is now unlinked from the tree. User to delete it. 
+ * returns 0 if node not present 
+ */
+rbnode_type *rbtree_delete(rbtree_type *rbtree, const void *key);
+
+/**
+ * Find key in tree. Returns NULL if not found.
+ * @param rbtree: tree to find in.
+ * @param key: key that must match.
+ * @return: node that fits or NULL.
+ */
+rbnode_type *rbtree_search(rbtree_type *rbtree, const void *key);
+
+/**
+ * Find, but match does not have to be exact.
+ * @param rbtree: tree to find in.
+ * @param key: key to find position of.
+ * @param result: set to the exact node if present, otherwise to element that
+ *   precedes the position of key in the tree. NULL if no smaller element.
+ * @return: true if exact match in result. Else result points to <= element,
+ * or NULL if key is smaller than the smallest key. 
+ */
+int rbtree_find_less_equal(rbtree_type *rbtree, const void *key, 
+	rbnode_type **result);
+
+/**
+ * Returns first (smallest) node in the tree
+ * @param rbtree: tree
+ * @return: smallest element or NULL if tree empty.
+ */
+rbnode_type *rbtree_first(rbtree_type *rbtree);
+
+/**
+ * Returns last (largest) node in the tree
+ * @param rbtree: tree
+ * @return: largest element or NULL if tree empty.
+ */
+rbnode_type *rbtree_last(rbtree_type *rbtree);
+
+/**
+ * Returns next larger node in the tree
+ * @param rbtree: tree
+ * @return: next larger element or NULL if no larger in tree.
+ */
+rbnode_type *rbtree_next(rbnode_type *rbtree);
+
+/**
+ * Returns previous smaller node in the tree
+ * @param rbtree: tree
+ * @return: previous smaller element or NULL if no previous in tree.
+ */
+rbnode_type *rbtree_previous(rbnode_type *rbtree);
+
+/**
+ * Call with node=variable of struct* with rbnode_type as first element.
+ * with type is the type of a pointer to that struct. 
+ */
+#define RBTREE_FOR(node, type, rbtree) \
+	for(node=(type)rbtree_first(rbtree); \
+		(rbnode_type*)node != RBTREE_NULL; \
+		node = (type)rbtree_next((rbnode_type*)node))
+
+/**
+ * Call function for all elements in the redblack tree, such that
+ * leaf elements are called before parent elements. So that all
+ * elements can be safely free()d.
+ * Note that your function must not remove the nodes from the tree.
+ * Since that may trigger rebalances of the rbtree.
+ * @param tree: the tree
+ * @param func: function called with element and user arg.
+ * 	The function must not alter the rbtree.
+ * @param arg: user argument.
+ */
+void traverse_postorder(rbtree_type* tree, void (*func)(rbnode_type*, void*),
+	void* arg);
+
+#endif /* UTIL_RBTREE_H_ */

From e02442eb9891343adea28cf4544b92ea81a8e8f5 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 8 Mar 2017 23:04:52 +0100
Subject: [PATCH 165/249] Original val_secalgo files + symbol mapping

---
 src/Makefile.in                              |   2 +-
 src/util/ub/val_secalgo.h                    | 107 +++++
 src/util/ub_reroute/sldns/keyraw.h           |   1 +
 src/util/ub_reroute/sldns/rrdef.h            |   1 +
 src/util/ub_reroute/sldns/sbuffer.h          |   1 +
 src/util/ub_reroute/util/data/packed_rrset.h |   1 +
 src/util/ub_reroute/validator/val_nsec3.h    |   1 +
 src/util/ub_reroute/validator/val_secalgo.h  |   1 +
 src/util/val_secalgo.c                       | 415 ++++++++++---------
 src/util/val_secalgo.h                       | 171 ++++----
 10 files changed, 399 insertions(+), 302 deletions(-)
 create mode 100644 src/util/ub/val_secalgo.h
 create mode 100644 src/util/ub_reroute/sldns/keyraw.h
 create mode 100644 src/util/ub_reroute/sldns/rrdef.h
 create mode 100644 src/util/ub_reroute/sldns/sbuffer.h
 create mode 100644 src/util/ub_reroute/util/data/packed_rrset.h
 create mode 100644 src/util/ub_reroute/validator/val_nsec3.h
 create mode 100644 src/util/ub_reroute/validator/val_secalgo.h

diff --git a/src/Makefile.in b/src/Makefile.in
index 6f06858a..2b0502f4 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -48,7 +48,7 @@ srcdir = @srcdir@
 LIBTOOL = ../libtool
 
 CC=@CC@
-CFLAGS=-I$(srcdir) -I. @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
+CFLAGS=-I$(srcdir) -I. -I$(srcdir)/util/ub_reroute @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
 WPEDANTICFLAG=@WPEDANTICFLAG@
 WNOERRORFLAG=@WNOERRORFLAG@
 LDFLAGS=@LDFLAGS@ @LIBS@
diff --git a/src/util/ub/val_secalgo.h b/src/util/ub/val_secalgo.h
new file mode 100644
index 00000000..52aaeb9f
--- /dev/null
+++ b/src/util/ub/val_secalgo.h
@@ -0,0 +1,107 @@
+/*
+ * validator/val_secalgo.h - validator security algorithm functions.
+ *
+ * Copyright (c) 2012, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This file contains helper functions for the validator module.
+ * The functions take buffers with raw data and convert to library calls.
+ */
+
+#ifndef VALIDATOR_VAL_SECALGO_H
+#define VALIDATOR_VAL_SECALGO_H
+struct sldns_buffer;
+
+/** Return size of nsec3 hash algorithm, 0 if not supported */
+size_t nsec3_hash_algo_size_supported(int id);
+
+/**
+ * Hash a single hash call of an NSEC3 hash algorithm.
+ * Iterations and salt are done by the caller.
+ * @param algo: nsec3 hash algorithm.
+ * @param buf: the buffer to digest
+ * @param len: length of buffer to digest.
+ * @param res: result stored here (must have sufficient space).
+ * @return false on failure.
+*/
+int secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len,
+        unsigned char* res);
+
+/**
+ * Calculate the sha256 hash for the data buffer into the result.
+ * @param buf: buffer to digest.
+ * @param len: length of the buffer to digest.
+ * @param res: result is stored here (space 256/8 bytes).
+ */
+void secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res);
+
+/**
+ * Return size of DS digest according to its hash algorithm.
+ * @param algo: DS digest algo.
+ * @return size in bytes of digest, or 0 if not supported. 
+ */
+size_t ds_digest_size_supported(int algo);
+
+/**
+ * @param algo: the DS digest algo
+ * @param buf: the buffer to digest
+ * @param len: length of buffer to digest.
+ * @param res: result stored here (must have sufficient space).
+ * @return false on failure.
+ */
+int secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
+	unsigned char* res);
+
+/** return true if DNSKEY algorithm id is supported */
+int dnskey_algo_id_is_supported(int id);
+
+/**
+ * Check a canonical sig+rrset and signature against a dnskey
+ * @param buf: buffer with data to verify, the first rrsig part and the
+ *	canonicalized rrset.
+ * @param algo: DNSKEY algorithm.
+ * @param sigblock: signature rdata field from RRSIG
+ * @param sigblock_len: length of sigblock data.
+ * @param key: public key data from DNSKEY RR.
+ * @param keylen: length of keydata.
+ * @param reason: bogus reason in more detail.
+ * @return secure if verification succeeded, bogus on crypto failure,
+ *	unchecked on format errors and alloc failures.
+ */
+enum sec_status verify_canonrrset(struct sldns_buffer* buf, int algo,
+	unsigned char* sigblock, unsigned int sigblock_len,
+	unsigned char* key, unsigned int keylen, char** reason);
+
+#endif /* VALIDATOR_VAL_SECALGO_H */
diff --git a/src/util/ub_reroute/sldns/keyraw.h b/src/util/ub_reroute/sldns/keyraw.h
new file mode 100644
index 00000000..27bc5c3e
--- /dev/null
+++ b/src/util/ub_reroute/sldns/keyraw.h
@@ -0,0 +1 @@
+#include "gldns/keyraw.h"
diff --git a/src/util/ub_reroute/sldns/rrdef.h b/src/util/ub_reroute/sldns/rrdef.h
new file mode 100644
index 00000000..842c1ba6
--- /dev/null
+++ b/src/util/ub_reroute/sldns/rrdef.h
@@ -0,0 +1 @@
+#include "gldns/rrdef.h"
diff --git a/src/util/ub_reroute/sldns/sbuffer.h b/src/util/ub_reroute/sldns/sbuffer.h
new file mode 100644
index 00000000..963b8628
--- /dev/null
+++ b/src/util/ub_reroute/sldns/sbuffer.h
@@ -0,0 +1 @@
+#include "gldns/gbuffer.h"
diff --git a/src/util/ub_reroute/util/data/packed_rrset.h b/src/util/ub_reroute/util/data/packed_rrset.h
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/src/util/ub_reroute/util/data/packed_rrset.h
@@ -0,0 +1 @@
+
diff --git a/src/util/ub_reroute/validator/val_nsec3.h b/src/util/ub_reroute/validator/val_nsec3.h
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/src/util/ub_reroute/validator/val_nsec3.h
@@ -0,0 +1 @@
+
diff --git a/src/util/ub_reroute/validator/val_secalgo.h b/src/util/ub_reroute/validator/val_secalgo.h
new file mode 100644
index 00000000..1e187cba
--- /dev/null
+++ b/src/util/ub_reroute/validator/val_secalgo.h
@@ -0,0 +1 @@
+#include "util/val_secalgo.h"
diff --git a/src/util/val_secalgo.c b/src/util/val_secalgo.c
index 77238b2c..302820fc 100644
--- a/src/util/val_secalgo.c
+++ b/src/util/val_secalgo.c
@@ -41,12 +41,14 @@
  * and do the library calls (for the crypto library in use).
  */
 #include "config.h"
-#include "util/val_secalgo.h"
-#define NSEC3_HASH_SHA1 0x01
+/* packed_rrset on top to define enum types (forced by c99 standard) */
+#include "util/data/packed_rrset.h"
+#include "validator/val_secalgo.h"
+#include "validator/val_nsec3.h"
 #include "util/log.h"
-#include "gldns/rrdef.h"
-#include "gldns/keyraw.h"
-#include "gldns/gbuffer.h"
+#include "sldns/rrdef.h"
+#include "sldns/keyraw.h"
+#include "sldns/sbuffer.h"
 
 #if !defined(HAVE_SSL) && !defined(HAVE_NSS) && !defined(HAVE_NETTLE)
 #error "Need crypto library to do digital signature cryptography"
@@ -70,9 +72,12 @@
 #include <openssl/engine.h>
 #endif
 
+/** fake DSA support for unit tests */
+int fake_dsa = 0;
+
 /* return size of digest if supported, or 0 otherwise */
 size_t
-_getdns_nsec3_hash_algo_size_supported(int id)
+nsec3_hash_algo_size_supported(int id)
 {
 	switch(id) {
 	case NSEC3_HASH_SHA1:
@@ -84,7 +89,7 @@ _getdns_nsec3_hash_algo_size_supported(int id)
 
 /* perform nsec3 hash. return false on failure */
 int
-_getdns_secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len,
+secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len,
         unsigned char* res)
 {
 	switch(algo) {
@@ -97,7 +102,7 @@ _getdns_secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len,
 }
 
 void
-_getdns_secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
+secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
 {
 	(void)SHA256(buf, len, res);
 }
@@ -108,27 +113,27 @@ _getdns_secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
  * @return size in bytes of digest, or 0 if not supported.
  */
 size_t
-_getdns_ds_digest_size_supported(int algo)
+ds_digest_size_supported(int algo)
 {
 	switch(algo) {
 #ifdef HAVE_EVP_SHA1
-		case GLDNS_SHA1:
+		case LDNS_SHA1:
 			return SHA_DIGEST_LENGTH;
 #endif
 #ifdef HAVE_EVP_SHA256
-		case GLDNS_SHA256:
+		case LDNS_SHA256:
 			return SHA256_DIGEST_LENGTH;
 #endif
 #ifdef USE_GOST
-		case GLDNS_HASH_GOST:
+		case LDNS_HASH_GOST:
 			/* we support GOST if it can be loaded */
-			(void)gldns_key_EVP_load_gost_id();
+			(void)sldns_key_EVP_load_gost_id();
 			if(EVP_get_digestbyname("md_gost94"))
 				return 32;
 			else	return 0;
 #endif
 #ifdef USE_ECDSA
-		case GLDNS_SHA384:
+		case LDNS_SHA384:
 			return SHA384_DIGEST_LENGTH;
 #endif
 		default: break;
@@ -144,33 +149,33 @@ do_gost94(unsigned char* data, size_t len, unsigned char* dest)
 	const EVP_MD* md = EVP_get_digestbyname("md_gost94");
 	if(!md) 
 		return 0;
-	return gldns_digest_evp(data, (unsigned int)len, dest, md);
+	return sldns_digest_evp(data, (unsigned int)len, dest, md);
 }
 #endif
 
 int
-_getdns_secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
+secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
 	unsigned char* res)
 {
 	switch(algo) {
 #ifdef HAVE_EVP_SHA1
-		case GLDNS_SHA1:
+		case LDNS_SHA1:
 			(void)SHA1(buf, len, res);
 			return 1;
 #endif
 #ifdef HAVE_EVP_SHA256
-		case GLDNS_SHA256:
+		case LDNS_SHA256:
 			(void)SHA256(buf, len, res);
 			return 1;
 #endif
 #ifdef USE_GOST
-		case GLDNS_HASH_GOST:
+		case LDNS_HASH_GOST:
 			if(do_gost94(buf, len, res))
 				return 1;
 			break;
 #endif
 #ifdef USE_ECDSA
-		case GLDNS_SHA384:
+		case LDNS_SHA384:
 			(void)SHA384(buf, len, res);
 			return 1;
 #endif
@@ -184,33 +189,37 @@ _getdns_secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
 
 /** return true if DNSKEY algorithm id is supported */
 int
-_getdns_dnskey_algo_id_is_supported(int id)
+dnskey_algo_id_is_supported(int id)
 {
 	switch(id) {
-	case GLDNS_RSAMD5:
+	case LDNS_RSAMD5:
 		/* RFC 6725 deprecates RSAMD5 */
 		return 0;
+	case LDNS_DSA:
+	case LDNS_DSA_NSEC3:
 #ifdef USE_DSA
-	case GLDNS_DSA:
-	case GLDNS_DSA_NSEC3:
+		return 1;
+#else
+		if(fake_dsa) return 1;
+		return 0;
 #endif
-	case GLDNS_RSASHA1:
-	case GLDNS_RSASHA1_NSEC3:
+	case LDNS_RSASHA1:
+	case LDNS_RSASHA1_NSEC3:
 #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
-	case GLDNS_RSASHA256:
+	case LDNS_RSASHA256:
 #endif
 #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
-	case GLDNS_RSASHA512:
+	case LDNS_RSASHA512:
 #endif
 #ifdef USE_ECDSA
-	case GLDNS_ECDSAP256SHA256:
-	case GLDNS_ECDSAP384SHA384:
+	case LDNS_ECDSAP256SHA256:
+	case LDNS_ECDSAP384SHA384:
 #endif
 		return 1;
 #ifdef USE_GOST
-	case GLDNS_ECC_GOST:
+	case LDNS_ECC_GOST:
 		/* we support GOST if it can be loaded */
-		return gldns_key_EVP_load_gost_id();
+		return sldns_key_EVP_load_gost_id();
 #endif
 	default:
 		return 0;
@@ -230,7 +239,6 @@ log_crypto_error(const char* str, unsigned long e)
 	ERR_error_string_n(e, buf, sizeof(buf));
 	/* buf now contains */
 	/* error:[error code]:[library name]:[function name]:[reason string] */
-	(void)str;
 	log_err("%s crypto %s", str, buf);
 }
 
@@ -356,7 +364,7 @@ i	 * the '44' is the total remaining length.
 #ifdef USE_ECDSA_EVP_WORKAROUND
 static EVP_MD ecdsa_evp_256_md;
 static EVP_MD ecdsa_evp_384_md;
-void _getdns_ecdsa_evp_workaround_init(void)
+void ecdsa_evp_workaround_init(void)
 {
 	/* openssl before 1.0.0 fixes RSA with the SHA256
 	 * hash in EVP.  We create one for ecdsa_sha256 */
@@ -391,17 +399,17 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 
 	switch(algo) {
 #ifdef USE_DSA
-		case GLDNS_DSA:
-		case GLDNS_DSA_NSEC3:
+		case LDNS_DSA:
+		case LDNS_DSA_NSEC3:
 			*evp_key = EVP_PKEY_new();
 			if(!*evp_key) {
 				log_err("verify: malloc failure in crypto");
 				return 0;
 			}
-			dsa = gldns_key_buf2dsa_raw(key, keylen);
+			dsa = sldns_key_buf2dsa_raw(key, keylen);
 			if(!dsa) {
 				verbose(VERB_QUERY, "verify: "
-					"gldns_key_buf2dsa_raw failed");
+					"sldns_key_buf2dsa_raw failed");
 				return 0;
 			}
 			if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) {
@@ -417,23 +425,23 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 
 			break;
 #endif /* USE_DSA */
-		case GLDNS_RSASHA1:
-		case GLDNS_RSASHA1_NSEC3:
+		case LDNS_RSASHA1:
+		case LDNS_RSASHA1_NSEC3:
 #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
-		case GLDNS_RSASHA256:
+		case LDNS_RSASHA256:
 #endif
 #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
-		case GLDNS_RSASHA512:
+		case LDNS_RSASHA512:
 #endif
 			*evp_key = EVP_PKEY_new();
 			if(!*evp_key) {
 				log_err("verify: malloc failure in crypto");
 				return 0;
 			}
-			rsa = gldns_key_buf2rsa_raw(key, keylen);
+			rsa = sldns_key_buf2rsa_raw(key, keylen);
 			if(!rsa) {
 				verbose(VERB_QUERY, "verify: "
-					"gldns_key_buf2rsa_raw SHA failed");
+					"sldns_key_buf2rsa_raw SHA failed");
 				return 0;
 			}
 			if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
@@ -444,28 +452,28 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 
 			/* select SHA version */
 #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
-			if(algo == GLDNS_RSASHA256)
+			if(algo == LDNS_RSASHA256)
 				*digest_type = EVP_sha256();
 			else
 #endif
 #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
-				if(algo == GLDNS_RSASHA512)
+				if(algo == LDNS_RSASHA512)
 				*digest_type = EVP_sha512();
 			else
 #endif
 				*digest_type = EVP_sha1();
 
 			break;
-		case GLDNS_RSAMD5:
+		case LDNS_RSAMD5:
 			*evp_key = EVP_PKEY_new();
 			if(!*evp_key) {
 				log_err("verify: malloc failure in crypto");
 				return 0;
 			}
-			rsa = gldns_key_buf2rsa_raw(key, keylen);
+			rsa = sldns_key_buf2rsa_raw(key, keylen);
 			if(!rsa) {
 				verbose(VERB_QUERY, "verify: "
-					"gldns_key_buf2rsa_raw MD5 failed");
+					"sldns_key_buf2rsa_raw MD5 failed");
 				return 0;
 			}
 			if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
@@ -477,11 +485,11 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 
 			break;
 #ifdef USE_GOST
-		case GLDNS_ECC_GOST:
-			*evp_key = gldns_gost2pkey_raw(key, keylen);
+		case LDNS_ECC_GOST:
+			*evp_key = sldns_gost2pkey_raw(key, keylen);
 			if(!*evp_key) {
 				verbose(VERB_QUERY, "verify: "
-					"gldns_gost2pkey_raw failed");
+					"sldns_gost2pkey_raw failed");
 				return 0;
 			}
 			*digest_type = EVP_get_digestbyname("md_gost94");
@@ -493,12 +501,12 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 			break;
 #endif
 #ifdef USE_ECDSA
-		case GLDNS_ECDSAP256SHA256:
-			*evp_key = gldns_ecdsa2pkey_raw(key, keylen,
-				GLDNS_ECDSAP256SHA256);
+		case LDNS_ECDSAP256SHA256:
+			*evp_key = sldns_ecdsa2pkey_raw(key, keylen,
+				LDNS_ECDSAP256SHA256);
 			if(!*evp_key) {
 				verbose(VERB_QUERY, "verify: "
-					"gldns_ecdsa2pkey_raw failed");
+					"sldns_ecdsa2pkey_raw failed");
 				return 0;
 			}
 #ifdef USE_ECDSA_EVP_WORKAROUND
@@ -507,12 +515,12 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 			*digest_type = EVP_sha256();
 #endif
 			break;
-		case GLDNS_ECDSAP384SHA384:
-			*evp_key = gldns_ecdsa2pkey_raw(key, keylen,
-				GLDNS_ECDSAP384SHA384);
+		case LDNS_ECDSAP384SHA384:
+			*evp_key = sldns_ecdsa2pkey_raw(key, keylen,
+				LDNS_ECDSAP384SHA384);
 			if(!*evp_key) {
 				verbose(VERB_QUERY, "verify: "
-					"gldns_ecdsa2pkey_raw failed");
+					"sldns_ecdsa2pkey_raw failed");
 				return 0;
 			}
 #ifdef USE_ECDSA_EVP_WORKAROUND
@@ -543,8 +551,8 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
  * @return secure if verification succeeded, bogus on crypto failure,
  *	unchecked on format errors and alloc failures.
  */
-int
-_getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, 
+enum sec_status
+verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, 
 	unsigned int sigblock_len, unsigned char* key, unsigned int keylen,
 	char** reason)
 {
@@ -552,22 +560,27 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 	EVP_MD_CTX* ctx;
 	int res, dofree = 0, docrypto_free = 0;
 	EVP_PKEY *evp_key = NULL;
+
+#ifndef USE_DSA
+	if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) && fake_dsa)
+		return sec_status_secure;
+#endif
 	
 	if(!setup_key_digest(algo, &evp_key, &digest_type, key, keylen)) {
 		verbose(VERB_QUERY, "verify: failed to setup key");
 		*reason = "use of key for crypto failed";
 		EVP_PKEY_free(evp_key);
-		return 0;
+		return sec_status_bogus;
 	}
 #ifdef USE_DSA
 	/* if it is a DSA signature in bind format, convert to DER format */
-	if((algo == GLDNS_DSA || algo == GLDNS_DSA_NSEC3) && 
+	if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) && 
 		sigblock_len == 1+2*SHA_DIGEST_LENGTH) {
 		if(!setup_dsa_sig(&sigblock, &sigblock_len)) {
 			verbose(VERB_QUERY, "verify: failed to setup DSA sig");
 			*reason = "use of key for DSA crypto failed";
 			EVP_PKEY_free(evp_key);
-			return 0;
+			return sec_status_bogus;
 		}
 		docrypto_free = 1;
 	}
@@ -576,13 +589,13 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 	else 
 #endif
 #ifdef USE_ECDSA
-	if(algo == GLDNS_ECDSAP256SHA256 || algo == GLDNS_ECDSAP384SHA384) {
+	if(algo == LDNS_ECDSAP256SHA256 || algo == LDNS_ECDSAP384SHA384) {
 		/* EVP uses ASN prefix on sig, which is not in the wire data */
 		if(!setup_ecdsa_sig(&sigblock, &sigblock_len)) {
 			verbose(VERB_QUERY, "verify: failed to setup ECDSA sig");
 			*reason = "use of signature for ECDSA crypto failed";
 			EVP_PKEY_free(evp_key);
-			return 0;
+			return sec_status_bogus;
 		}
 		dofree = 1;
 	}
@@ -600,7 +613,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 		EVP_PKEY_free(evp_key);
 		if(dofree) free(sigblock);
 		else if(docrypto_free) OPENSSL_free(sigblock);
-		return 0;
+		return sec_status_unchecked;
 	}
 	if(EVP_VerifyInit(ctx, digest_type) == 0) {
 		verbose(VERB_QUERY, "verify: EVP_VerifyInit failed");
@@ -608,16 +621,16 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 		EVP_PKEY_free(evp_key);
 		if(dofree) free(sigblock);
 		else if(docrypto_free) OPENSSL_free(sigblock);
-		return 0;
+		return sec_status_unchecked;
 	}
-	if(EVP_VerifyUpdate(ctx, (unsigned char*)gldns_buffer_begin(buf), 
-		(unsigned int)gldns_buffer_limit(buf)) == 0) {
+	if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf), 
+		(unsigned int)sldns_buffer_limit(buf)) == 0) {
 		verbose(VERB_QUERY, "verify: EVP_VerifyUpdate failed");
 		EVP_MD_CTX_destroy(ctx);
 		EVP_PKEY_free(evp_key);
 		if(dofree) free(sigblock);
 		else if(docrypto_free) OPENSSL_free(sigblock);
-		return 0;
+		return sec_status_unchecked;
 	}
 
 	res = EVP_VerifyFinal(ctx, sigblock, sigblock_len, evp_key);
@@ -633,15 +646,15 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 	else if(docrypto_free) OPENSSL_free(sigblock);
 
 	if(res == 1) {
-		return 1;
+		return sec_status_secure;
 	} else if(res == 0) {
 		verbose(VERB_QUERY, "verify: signature mismatch");
 		*reason = "signature crypto failed";
-		return 0;
+		return sec_status_bogus;
 	}
 
 	log_crypto_error("verify:", ERR_get_error());
-	return 0;
+	return sec_status_unchecked;
 }
 
 /**************************************************/
@@ -658,7 +671,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 
 /* return size of digest if supported, or 0 otherwise */
 size_t
-_getdns_nsec3_hash_algo_size_supported(int id)
+nsec3_hash_algo_size_supported(int id)
 {
 	switch(id) {
 	case NSEC3_HASH_SHA1:
@@ -670,7 +683,7 @@ _getdns_nsec3_hash_algo_size_supported(int id)
 
 /* perform nsec3 hash. return false on failure */
 int
-_getdns_secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len,
+secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len,
         unsigned char* res)
 {
 	switch(algo) {
@@ -683,53 +696,53 @@ _getdns_secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len,
 }
 
 void
-_getdns_secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
+secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
 {
 	(void)HASH_HashBuf(HASH_AlgSHA256, res, buf, (unsigned long)len);
 }
 
 size_t
-_getdns_ds_digest_size_supported(int algo)
+ds_digest_size_supported(int algo)
 {
 	/* uses libNSS */
 	switch(algo) {
-		case GLDNS_SHA1:
+		case LDNS_SHA1:
 			return SHA1_LENGTH;
 #ifdef USE_SHA2
-		case GLDNS_SHA256:
+		case LDNS_SHA256:
 			return SHA256_LENGTH;
 #endif
 #ifdef USE_ECDSA
-		case GLDNS_SHA384:
+		case LDNS_SHA384:
 			return SHA384_LENGTH;
 #endif
 		/* GOST not supported in NSS */
-		case GLDNS_HASH_GOST:
+		case LDNS_HASH_GOST:
 		default: break;
 	}
 	return 0;
 }
 
 int
-_getdns_secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
+secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
 	unsigned char* res)
 {
 	/* uses libNSS */
 	switch(algo) {
-		case GLDNS_SHA1:
+		case LDNS_SHA1:
 			return HASH_HashBuf(HASH_AlgSHA1, res, buf, len)
 				== SECSuccess;
 #if defined(USE_SHA2)
-		case GLDNS_SHA256:
+		case LDNS_SHA256:
 			return HASH_HashBuf(HASH_AlgSHA256, res, buf, len)
 				== SECSuccess;
 #endif
 #ifdef USE_ECDSA
-		case GLDNS_SHA384:
+		case LDNS_SHA384:
 			return HASH_HashBuf(HASH_AlgSHA384, res, buf, len)
 				== SECSuccess;
 #endif
-		case GLDNS_HASH_GOST:
+		case LDNS_HASH_GOST:
 		default: 
 			verbose(VERB_QUERY, "unknown DS digest algorithm %d", 
 				algo);
@@ -739,32 +752,32 @@ _getdns_secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
 }
 
 int
-_getdns_dnskey_algo_id_is_supported(int id)
+dnskey_algo_id_is_supported(int id)
 {
 	/* uses libNSS */
 	switch(id) {
-	case GLDNS_RSAMD5:
+	case LDNS_RSAMD5:
 		/* RFC 6725 deprecates RSAMD5 */
 		return 0;
 #ifdef USE_DSA
-	case GLDNS_DSA:
-	case GLDNS_DSA_NSEC3:
+	case LDNS_DSA:
+	case LDNS_DSA_NSEC3:
 #endif
-	case GLDNS_RSASHA1:
-	case GLDNS_RSASHA1_NSEC3:
+	case LDNS_RSASHA1:
+	case LDNS_RSASHA1_NSEC3:
 #ifdef USE_SHA2
-	case GLDNS_RSASHA256:
+	case LDNS_RSASHA256:
 #endif
 #ifdef USE_SHA2
-	case GLDNS_RSASHA512:
+	case LDNS_RSASHA512:
 #endif
 		return 1;
 #ifdef USE_ECDSA
-	case GLDNS_ECDSAP256SHA256:
-	case GLDNS_ECDSAP384SHA384:
+	case LDNS_ECDSAP256SHA256:
+	case LDNS_ECDSAP384SHA384:
 		return PK11_TokenExists(CKM_ECDSA);
 #endif
-	case GLDNS_ECC_GOST:
+	case LDNS_ECC_GOST:
 	default:
 		return 0;
 	}
@@ -810,10 +823,10 @@ static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo)
 	unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
 
 	/* check length, which uncompressed must be 2 bignums */
-	if(algo == GLDNS_ECDSAP256SHA256) {
+	if(algo == LDNS_ECDSAP256SHA256) {
 		if(len != 2*256/8) return NULL;
 		/* ECCurve_X9_62_PRIME_256V1 */
-	} else if(algo == GLDNS_ECDSAP384SHA384) {
+	} else if(algo == LDNS_ECDSAP384SHA384) {
 		if(len != 2*384/8) return NULL;
 		/* ECCurve_X9_62_PRIME_384R1 */
 	} else    return NULL;
@@ -822,7 +835,7 @@ static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo)
 	memmove(buf+1, key, len);
 	pub.data = buf;
 	pub.len = len+1;
-	if(algo == GLDNS_ECDSAP256SHA256) {
+	if(algo == LDNS_ECDSAP256SHA256) {
 		params.data = param256;
 		params.len = sizeof(param256);
 	} else {
@@ -991,8 +1004,8 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype,
 
 	switch(algo) {
 #ifdef USE_DSA
-		case GLDNS_DSA:
-		case GLDNS_DSA_NSEC3:
+		case LDNS_DSA:
+		case LDNS_DSA_NSEC3:
 			*pubkey = nss_buf2dsa(key, keylen);
 			if(!*pubkey) {
 				log_err("verify: malloc failure in crypto");
@@ -1002,13 +1015,13 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype,
 			/* no prefix for DSA verification */
 			break;
 #endif
-		case GLDNS_RSASHA1:
-		case GLDNS_RSASHA1_NSEC3:
+		case LDNS_RSASHA1:
+		case LDNS_RSASHA1_NSEC3:
 #ifdef USE_SHA2
-		case GLDNS_RSASHA256:
+		case LDNS_RSASHA256:
 #endif
 #ifdef USE_SHA2
-		case GLDNS_RSASHA512:
+		case LDNS_RSASHA512:
 #endif
 			*pubkey = nss_buf2rsa(key, keylen);
 			if(!*pubkey) {
@@ -1017,14 +1030,14 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype,
 			}
 			/* select SHA version */
 #ifdef USE_SHA2
-			if(algo == GLDNS_RSASHA256) {
+			if(algo == LDNS_RSASHA256) {
 				*htype = HASH_AlgSHA256;
 				*prefix = p_sha256;
 				*prefixlen = sizeof(p_sha256);
 			} else
 #endif
 #ifdef USE_SHA2
-				if(algo == GLDNS_RSASHA512) {
+				if(algo == LDNS_RSASHA512) {
 				*htype = HASH_AlgSHA512;
 				*prefix = p_sha512;
 				*prefixlen = sizeof(p_sha512);
@@ -1037,7 +1050,7 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype,
 			}
 
 			break;
-		case GLDNS_RSAMD5:
+		case LDNS_RSAMD5:
 			*pubkey = nss_buf2rsa(key, keylen);
 			if(!*pubkey) {
 				log_err("verify: malloc failure in crypto");
@@ -1049,9 +1062,9 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype,
 
 			break;
 #ifdef USE_ECDSA
-		case GLDNS_ECDSAP256SHA256:
+		case LDNS_ECDSAP256SHA256:
 			*pubkey = nss_buf2ecdsa(key, keylen,
-				GLDNS_ECDSAP256SHA256);
+				LDNS_ECDSAP256SHA256);
 			if(!*pubkey) {
 				log_err("verify: malloc failure in crypto");
 				return 0;
@@ -1059,9 +1072,9 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype,
 			*htype = HASH_AlgSHA256;
 			/* no prefix for DSA verification */
 			break;
-		case GLDNS_ECDSAP384SHA384:
+		case LDNS_ECDSAP384SHA384:
 			*pubkey = nss_buf2ecdsa(key, keylen,
-				GLDNS_ECDSAP384SHA384);
+				LDNS_ECDSAP384SHA384);
 			if(!*pubkey) {
 				log_err("verify: malloc failure in crypto");
 				return 0;
@@ -1070,7 +1083,7 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype,
 			/* no prefix for DSA verification */
 			break;
 #endif /* USE_ECDSA */
-		case GLDNS_ECC_GOST:
+		case LDNS_ECC_GOST:
 		default:
 			verbose(VERB_QUERY, "verify: unknown algorithm %d", 
 				algo);
@@ -1092,8 +1105,8 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype,
  * @return secure if verification succeeded, bogus on crypto failure,
  *	unchecked on format errors and alloc failures.
  */
-int
-_getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, 
+enum sec_status
+verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, 
 	unsigned int sigblock_len, unsigned char* key, unsigned int keylen,
 	char** reason)
 {
@@ -1115,12 +1128,12 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 		verbose(VERB_QUERY, "verify: failed to setup key");
 		*reason = "use of key for crypto failed";
 		SECKEY_DestroyPublicKey(pubkey);
-		return 0;
+		return sec_status_bogus;
 	}
 
 #ifdef USE_DSA
 	/* need to convert DSA, ECDSA signatures? */
-	if((algo == GLDNS_DSA || algo == GLDNS_DSA_NSEC3)) {
+	if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3)) {
 		if(sigblock_len == 1+2*SHA1_LENGTH) {
 			secsig.data ++;
 			secsig.len --;
@@ -1130,13 +1143,13 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 				verbose(VERB_QUERY, "verify: failed DER decode");
 				*reason = "signature DER decode failed";
 				SECKEY_DestroyPublicKey(pubkey);
-				return 0;
+				return sec_status_bogus;
 			}
 			if(SECITEM_CopyItem(pubkey->arena, &secsig, p)) {
 				log_err("alloc failure in DER decode");
 				SECKEY_DestroyPublicKey(pubkey);
 				SECITEM_FreeItem(p, PR_TRUE);
-				return 0;
+				return sec_status_unchecked;
 			}
 			SECITEM_FreeItem(p, PR_TRUE);
 		}
@@ -1149,20 +1162,20 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 	if(sechash.len > sizeof(hash)) {
 		verbose(VERB_QUERY, "verify: hash too large for buffer");
 		SECKEY_DestroyPublicKey(pubkey);
-		return 0;
+		return sec_status_unchecked;
 	}
-	if(HASH_HashBuf(htype, hash, (unsigned char*)gldns_buffer_begin(buf),
-		(unsigned int)gldns_buffer_limit(buf)) != SECSuccess) {
+	if(HASH_HashBuf(htype, hash, (unsigned char*)sldns_buffer_begin(buf),
+		(unsigned int)sldns_buffer_limit(buf)) != SECSuccess) {
 		verbose(VERB_QUERY, "verify: HASH_HashBuf failed");
 		SECKEY_DestroyPublicKey(pubkey);
-		return 0;
+		return sec_status_unchecked;
 	}
 	if(prefix) {
 		int hashlen = sechash.len;
 		if(prefixlen+hashlen > sizeof(hash2)) {
 			verbose(VERB_QUERY, "verify: hashprefix too large");
 			SECKEY_DestroyPublicKey(pubkey);
-			return 0;
+			return sec_status_unchecked;
 		}
 		sechash.data = hash2;
 		sechash.len = prefixlen+hashlen;
@@ -1175,7 +1188,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 	SECKEY_DestroyPublicKey(pubkey);
 
 	if(res == SECSuccess) {
-		return 1;
+		return sec_status_secure;
 	}
 	err = PORT_GetError();
 	if(err != SEC_ERROR_BAD_SIGNATURE) {
@@ -1185,17 +1198,17 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 		/* if it is not supported, like ECC is removed, we get,
 		 * SEC_ERROR_NO_MODULE */
 		if(err == SEC_ERROR_NO_MODULE)
-			return 0;
+			return sec_status_unchecked;
 		/* but other errors are commonly returned
 		 * for a bad signature from NSS.  Thus we return bogus,
 		 * not unchecked */
 		*reason = "signature crypto failed";
-		return 0;
+		return sec_status_bogus;
 	}
 	verbose(VERB_QUERY, "verify: signature mismatch: %s",
 		PORT_ErrorToString(err));
 	*reason = "signature crypto failed";
-	return 0;
+	return sec_status_bogus;
 }
 
 #elif defined(HAVE_NETTLE)
@@ -1259,7 +1272,7 @@ _digest_nettle(int algo, uint8_t* buf, size_t len,
 
 /* return size of digest if supported, or 0 otherwise */
 size_t
-_getdns_nsec3_hash_algo_size_supported(int id)
+nsec3_hash_algo_size_supported(int id)
 {
 	switch(id) {
 	case NSEC3_HASH_SHA1:
@@ -1271,7 +1284,7 @@ _getdns_nsec3_hash_algo_size_supported(int id)
 
 /* perform nsec3 hash. return false on failure */
 int
-_getdns_secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len,
+secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len,
         unsigned char* res)
 {
 	switch(algo) {
@@ -1284,7 +1297,7 @@ _getdns_secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len,
 }
 
 void
-_getdns_secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
+secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
 {
 	_digest_nettle(SHA256_DIGEST_SIZE, (uint8_t*)buf, len, res);
 }
@@ -1295,21 +1308,21 @@ _getdns_secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
  * @return size in bytes of digest, or 0 if not supported.
  */
 size_t
-_getdns_ds_digest_size_supported(int algo)
+ds_digest_size_supported(int algo)
 {
 	switch(algo) {
-		case GLDNS_SHA1:
+		case LDNS_SHA1:
 			return SHA1_DIGEST_SIZE;
 #ifdef USE_SHA2
-		case GLDNS_SHA256:
+		case LDNS_SHA256:
 			return SHA256_DIGEST_SIZE;
 #endif
 #ifdef USE_ECDSA
-		case GLDNS_SHA384:
+		case LDNS_SHA384:
 			return SHA384_DIGEST_SIZE;
 #endif
 		/* GOST not supported */
-		case GLDNS_HASH_GOST:
+		case LDNS_HASH_GOST:
 		default:
 			break;
 	}
@@ -1317,22 +1330,22 @@ _getdns_ds_digest_size_supported(int algo)
 }
 
 int
-_getdns_secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
+secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
 	unsigned char* res)
 {
 	switch(algo) {
-		case GLDNS_SHA1:
+		case LDNS_SHA1:
 			return _digest_nettle(SHA1_DIGEST_SIZE, buf, len, res);
 #if defined(USE_SHA2)
-		case GLDNS_SHA256:
+		case LDNS_SHA256:
 			return _digest_nettle(SHA256_DIGEST_SIZE, buf, len, res);
 #endif
 #ifdef USE_ECDSA
-		case GLDNS_SHA384:
+		case LDNS_SHA384:
 			return _digest_nettle(SHA384_DIGEST_SIZE, buf, len, res);
 
 #endif
-		case GLDNS_HASH_GOST:
+		case LDNS_HASH_GOST:
 		default:
 			verbose(VERB_QUERY, "unknown DS digest algorithm %d",
 				algo);
@@ -1342,27 +1355,27 @@ _getdns_secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
 }
 
 int
-_getdns_dnskey_algo_id_is_supported(int id)
+dnskey_algo_id_is_supported(int id)
 {
 	/* uses libnettle */
 	switch(id) {
 #ifdef USE_DSA
-	case GLDNS_DSA:
-	case GLDNS_DSA_NSEC3:
+	case LDNS_DSA:
+	case LDNS_DSA_NSEC3:
 #endif
-	case GLDNS_RSASHA1:
-	case GLDNS_RSASHA1_NSEC3:
+	case LDNS_RSASHA1:
+	case LDNS_RSASHA1_NSEC3:
 #ifdef USE_SHA2
-	case GLDNS_RSASHA256:
-	case GLDNS_RSASHA512:
+	case LDNS_RSASHA256:
+	case LDNS_RSASHA512:
 #endif
 #ifdef USE_ECDSA
-	case GLDNS_ECDSAP256SHA256:
-	case GLDNS_ECDSAP384SHA384:
+	case LDNS_ECDSAP256SHA256:
+	case LDNS_ECDSAP384SHA384:
 #endif
 		return 1;
-	case GLDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */
-	case GLDNS_ECC_GOST:
+	case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */
+	case LDNS_ECC_GOST:
 	default:
 		return 0;
 	}
@@ -1370,11 +1383,11 @@ _getdns_dnskey_algo_id_is_supported(int id)
 
 #ifdef USE_DSA
 static char *
-_verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock,
+_verify_nettle_dsa(sldns_buffer* buf, unsigned char* sigblock,
 	unsigned int sigblock_len, unsigned char* key, unsigned int keylen)
 {
 	uint8_t digest[SHA1_DIGEST_SIZE];
-	uint8_t key_t;
+	uint8_t key_t_value;
 	int res = 0;
 	size_t offset;
 	struct dsa_public_key pubkey;
@@ -1413,8 +1426,8 @@ _verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock,
 	}
 
 	/* Validate T values constraints - RFC 2536 sec. 2 & sec. 3 */
-	key_t = key[0];
-	if (key_t > 8) {
+	key_t_value = key[0];
+	if (key_t_value > 8) {
 		return "invalid T value in DSA pubkey";
 	}
 
@@ -1425,9 +1438,9 @@ _verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock,
 
 	expected_len =   1 +		/* T */
 		        20 +		/* Q */
-		       (64 + key_t*8) +	/* P */
-		       (64 + key_t*8) +	/* G */
-		       (64 + key_t*8);	/* Y */
+		       (64 + key_t_value*8) +	/* P */
+		       (64 + key_t_value*8) +	/* G */
+		       (64 + key_t_value*8);	/* Y */
 	if (keylen != expected_len ) {
 		return "invalid DSA pubkey length";
 	}
@@ -1437,15 +1450,15 @@ _verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock,
 	offset = 1;
 	nettle_mpz_set_str_256_u(pubkey.q, 20, key+offset);
 	offset += 20;
-	nettle_mpz_set_str_256_u(pubkey.p, (64 + key_t*8), key+offset);
-	offset += (64 + key_t*8);
-	nettle_mpz_set_str_256_u(pubkey.g, (64 + key_t*8), key+offset);
-	offset += (64 + key_t*8);
-	nettle_mpz_set_str_256_u(pubkey.y, (64 + key_t*8), key+offset);
+	nettle_mpz_set_str_256_u(pubkey.p, (64 + key_t_value*8), key+offset);
+	offset += (64 + key_t_value*8);
+	nettle_mpz_set_str_256_u(pubkey.g, (64 + key_t_value*8), key+offset);
+	offset += (64 + key_t_value*8);
+	nettle_mpz_set_str_256_u(pubkey.y, (64 + key_t_value*8), key+offset);
 
 	/* Digest content of "buf" and verify its DSA signature in "sigblock"*/
-	res = _digest_nettle(SHA1_DIGEST_SIZE, (unsigned char*)gldns_buffer_begin(buf),
-						(unsigned int)gldns_buffer_limit(buf), (unsigned char*)digest);
+	res = _digest_nettle(SHA1_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf),
+						(unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest);
 	res &= dsa_sha1_verify_digest(&pubkey, digest, &signature);
 
 	/* Clear and return */
@@ -1459,7 +1472,7 @@ _verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock,
 #endif /* USE_DSA */
 
 static char *
-_verify_nettle_rsa(gldns_buffer* buf, unsigned int digest_size, char* sigblock,
+_verify_nettle_rsa(sldns_buffer* buf, unsigned int digest_size, char* sigblock,
 	unsigned int sigblock_len, uint8_t* key, unsigned int keylen)
 {
 	uint16_t exp_len = 0;
@@ -1502,24 +1515,24 @@ _verify_nettle_rsa(gldns_buffer* buf, unsigned int digest_size, char* sigblock,
 		case SHA1_DIGEST_SIZE:
 		{
 			uint8_t digest[SHA1_DIGEST_SIZE];
-			res = _digest_nettle(SHA1_DIGEST_SIZE, (unsigned char*)gldns_buffer_begin(buf),
-						(unsigned int)gldns_buffer_limit(buf), (unsigned char*)digest);
+			res = _digest_nettle(SHA1_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf),
+						(unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest);
 			res &= rsa_sha1_verify_digest(&pubkey, digest, signature);
 			break;
 		}
 		case SHA256_DIGEST_SIZE:
 		{
 			uint8_t digest[SHA256_DIGEST_SIZE];
-			res = _digest_nettle(SHA256_DIGEST_SIZE, (unsigned char*)gldns_buffer_begin(buf),
-						(unsigned int)gldns_buffer_limit(buf), (unsigned char*)digest);
+			res = _digest_nettle(SHA256_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf),
+						(unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest);
 			res &= rsa_sha256_verify_digest(&pubkey, digest, signature);
 			break;
 		}
 		case SHA512_DIGEST_SIZE:
 		{
 			uint8_t digest[SHA512_DIGEST_SIZE];
-			res = _digest_nettle(SHA512_DIGEST_SIZE, (unsigned char*)gldns_buffer_begin(buf),
-						(unsigned int)gldns_buffer_limit(buf), (unsigned char*)digest);
+			res = _digest_nettle(SHA512_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf),
+						(unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest);
 			res &= rsa_sha512_verify_digest(&pubkey, digest, signature);
 			break;
 		}
@@ -1539,7 +1552,7 @@ _verify_nettle_rsa(gldns_buffer* buf, unsigned int digest_size, char* sigblock,
 
 #ifdef USE_ECDSA
 static char *
-_verify_nettle_ecdsa(gldns_buffer* buf, unsigned int digest_size, unsigned char* sigblock,
+_verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char* sigblock,
 	unsigned int sigblock_len, unsigned char* key, unsigned int keylen)
 {
 	int res = 0;
@@ -1563,8 +1576,8 @@ _verify_nettle_ecdsa(gldns_buffer* buf, unsigned int digest_size, unsigned char*
 			nettle_mpz_init_set_str_256_u(y, SHA256_DIGEST_SIZE, key+SHA256_DIGEST_SIZE);
 			nettle_mpz_set_str_256_u(signature.r, SHA256_DIGEST_SIZE, sigblock);
 			nettle_mpz_set_str_256_u(signature.s, SHA256_DIGEST_SIZE, sigblock+SHA256_DIGEST_SIZE);
-			res = _digest_nettle(SHA256_DIGEST_SIZE, (unsigned char*)gldns_buffer_begin(buf),
-						(unsigned int)gldns_buffer_limit(buf), (unsigned char*)digest);
+			res = _digest_nettle(SHA256_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf),
+						(unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest);
 			res &= nettle_ecc_point_set(&pubkey, x, y);
 			res &= nettle_ecdsa_verify (&pubkey, SHA256_DIGEST_SIZE, digest, &signature);
 			mpz_clear(x);
@@ -1580,8 +1593,8 @@ _verify_nettle_ecdsa(gldns_buffer* buf, unsigned int digest_size, unsigned char*
 			nettle_mpz_init_set_str_256_u(y, SHA384_DIGEST_SIZE, key+SHA384_DIGEST_SIZE);
 			nettle_mpz_set_str_256_u(signature.r, SHA384_DIGEST_SIZE, sigblock);
 			nettle_mpz_set_str_256_u(signature.s, SHA384_DIGEST_SIZE, sigblock+SHA384_DIGEST_SIZE);
-			res = _digest_nettle(SHA384_DIGEST_SIZE, (unsigned char*)gldns_buffer_begin(buf),
-						(unsigned int)gldns_buffer_limit(buf), (unsigned char*)digest);
+			res = _digest_nettle(SHA384_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf),
+						(unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest);
 			res &= nettle_ecc_point_set(&pubkey, x, y);
 			res &= nettle_ecdsa_verify (&pubkey, SHA384_DIGEST_SIZE, digest, &signature);
 			mpz_clear(x);
@@ -1615,8 +1628,8 @@ _verify_nettle_ecdsa(gldns_buffer* buf, unsigned int digest_size, unsigned char*
  * @return secure if verification succeeded, bogus on crypto failure,
  *	unchecked on format errors and alloc failures.
  */
-int
-_getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
+enum sec_status
+verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 	unsigned int sigblock_len, unsigned char* key, unsigned int keylen,
 	char** reason)
 {
@@ -1624,54 +1637,54 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
 
 	if (sigblock_len == 0 || keylen == 0) {
 		*reason = "null signature";
-		return 0;
+		return sec_status_bogus;
 	}
 
 	switch(algo) {
 #ifdef USE_DSA
-	case GLDNS_DSA:
-	case GLDNS_DSA_NSEC3:
+	case LDNS_DSA:
+	case LDNS_DSA_NSEC3:
 		*reason = _verify_nettle_dsa(buf, sigblock, sigblock_len, key, keylen);
 		if (*reason != NULL)
-			return 0;
+			return sec_status_bogus;
 		else
-			return 1;
+			return sec_status_secure;
 #endif /* USE_DSA */
 
-	case GLDNS_RSASHA1:
-	case GLDNS_RSASHA1_NSEC3:
+	case LDNS_RSASHA1:
+	case LDNS_RSASHA1_NSEC3:
 		digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE);
 #ifdef USE_SHA2
-	case GLDNS_RSASHA256:
+	case LDNS_RSASHA256:
 		digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE);
-	case GLDNS_RSASHA512:
+	case LDNS_RSASHA512:
 		digest_size = (digest_size ? digest_size : SHA512_DIGEST_SIZE);
 
 #endif
 		*reason = _verify_nettle_rsa(buf, digest_size, (char*)sigblock,
 						sigblock_len, key, keylen);
 		if (*reason != NULL)
-			return 0;
+			return sec_status_bogus;
 		else
-			return 1;
+			return sec_status_secure;
 
 #ifdef USE_ECDSA
-	case GLDNS_ECDSAP256SHA256:
+	case LDNS_ECDSAP256SHA256:
 		digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE);
-	case GLDNS_ECDSAP384SHA384:
+	case LDNS_ECDSAP384SHA384:
 		digest_size = (digest_size ? digest_size : SHA384_DIGEST_SIZE);
 		*reason = _verify_nettle_ecdsa(buf, digest_size, sigblock,
 						sigblock_len, key, keylen);
 		if (*reason != NULL)
-			return 0;
+			return sec_status_bogus;
 		else
-			return 1;
+			return sec_status_secure;
 #endif
-	case GLDNS_RSAMD5:
-	case GLDNS_ECC_GOST:
+	case LDNS_RSAMD5:
+	case LDNS_ECC_GOST:
 	default:
 		*reason = "unable to verify signature, unknown algorithm";
-		return 0;
+		return sec_status_bogus;
 	}
 }
 
diff --git a/src/util/val_secalgo.h b/src/util/val_secalgo.h
index 704449ec..d9904f06 100644
--- a/src/util/val_secalgo.h
+++ b/src/util/val_secalgo.h
@@ -1,107 +1,78 @@
+/**
+ *
+ * \file rbtree.h
+ * /brief Alternative symbol names for unbound's rbtree.h
+ *
+ */
 /*
- * validator/val_secalgo.h - validator security algorithm functions.
+ * Copyright (c) 2017, NLnet Labs, the getdns team
+ * All rights reserved.
  *
- * Copyright (c) 2012, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- * 
  * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * 
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * 
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
+#ifndef VAL_SECALGO_H_SYMBOLS
+#define VAL_SECALGO_H_SYMBOLS
+#define sldns_buffer			gldns_buffer
+#define nsec3_hash_algo_size_supported	_getdns_nsec3_hash_algo_size_supported
+#define secalgo_nsec3_hash		_getdns_secalgo_nsec3_hash
+#define secalgo_hash_sha256		_getdns_secalgo_hash_sha256
+#define ds_digest_size_supported	_getdns_ds_digest_size_supported
+#define secalgo_ds_digest		_getdns_secalgo_ds_digest
+#define dnskey_algo_id_is_supported	_getdns_dnskey_algo_id_is_supported
+#define verify_canonrrset		_getdns_verify_canonrrset
+#define sec_status			_getdns_sec_status
+#define sec_status_secure		_getdns_sec_status_secure
+#define sec_status_insecure		_getdns_sec_status_insecure
+#define sec_status_unchecked		_getdns_sec_status_unchecked
+#define sec_status_bogus		_getdns_sec_status_bogus
 
-/**
- * \file
- *
- * This file contains helper functions for the validator module.
- * The functions take buffers with raw data and convert to library calls.
- */
+enum sec_status { sec_status_bogus     = 0
+                , sec_status_unchecked = 0
+                , sec_status_insecure  = 0
+		, sec_status_secure    = 1 };
+#define NSEC3_HASH_SHA1			0x01
 
-#ifndef VALIDATOR_VAL_SECALGO_H
-#define VALIDATOR_VAL_SECALGO_H
-struct gldns_buffer;
-
-/** Return size of nsec3 hash algorithm, 0 if not supported */
-size_t _getdns_nsec3_hash_algo_size_supported(int id);
-
-/**
- * Hash a single hash call of an NSEC3 hash algorithm.
- * Iterations and salt are done by the caller.
- * @param algo: nsec3 hash algorithm.
- * @param buf: the buffer to digest
- * @param len: length of buffer to digest.
- * @param res: result stored here (must have sufficient space).
- * @return false on failure.
-*/
-int _getdns_secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len,
-        unsigned char* res);
-
-/**
- * Calculate the sha256 hash for the data buffer into the result.
- * @param buf: buffer to digest.
- * @param len: length of the buffer to digest.
- * @param res: result is stored here (space 256/8 bytes).
- */
-void _getdns_secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res);
-
-/**
- * Return size of DS digest according to its hash algorithm.
- * @param algo: DS digest algo.
- * @return size in bytes of digest, or 0 if not supported. 
- */
-size_t _getdns_ds_digest_size_supported(int algo);
-
-/**
- * @param algo: the DS digest algo
- * @param buf: the buffer to digest
- * @param len: length of buffer to digest.
- * @param res: result stored here (must have sufficient space).
- * @return false on failure.
- */
-int _getdns_secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
-	unsigned char* res);
-
-/** return true if DNSKEY algorithm id is supported */
-int _getdns_dnskey_algo_id_is_supported(int id);
-
-/**
- * Check a canonical sig+rrset and signature against a dnskey
- * @param buf: buffer with data to verify, the first rrsig part and the
- *	canonicalized rrset.
- * @param algo: DNSKEY algorithm.
- * @param sigblock: signature rdata field from RRSIG
- * @param sigblock_len: length of sigblock data.
- * @param key: public key data from DNSKEY RR.
- * @param keylen: length of keydata.
- * @param reason: bogus reason in more detail.
- * @return secure if verification succeeded, bogus on crypto failure,
- *	unchecked on format errors and alloc failures.
- */
-int _getdns_verify_canonrrset(struct gldns_buffer* buf, int algo,
-	unsigned char* sigblock, unsigned int sigblock_len,
-	unsigned char* key, unsigned int keylen, char** reason);
-
-#endif /* VALIDATOR_VAL_SECALGO_H */
+#define	LDNS_SHA1			GLDNS_SHA1
+#define	LDNS_SHA256			GLDNS_SHA256
+#define LDNS_SHA384			GLDNS_SHA384
+#define LDNS_HASH_GOST			GLDNS_HASH_GOST
+#define LDNS_RSAMD5			GLDNS_RSAMD5
+#define LDNS_DSA			GLDNS_DSA
+#define LDNS_DSA_NSEC3			GLDNS_DSA_NSEC3
+#define LDNS_RSASHA1			GLDNS_RSASHA1
+#define LDNS_RSASHA1_NSEC3		GLDNS_RSASHA1_NSEC3
+#define LDNS_RSASHA256			GLDNS_RSASHA256
+#define LDNS_RSASHA512			GLDNS_RSASHA512
+#define LDNS_ECDSAP256SHA256		GLDNS_ECDSAP256SHA256
+#define LDNS_ECDSAP384SHA384		GLDNS_ECDSAP384SHA384
+#define LDNS_ECC_GOST			GLDNS_ECC_GOST
+#define sldns_key_EVP_load_gost_id	gldns_key_EVP_load_gost_id
+#define sldns_digest_evp		gldns_digest_evp
+#define sldns_key_buf2dsa_raw		gldns_key_buf2dsa_raw
+#define sldns_key_buf2rsa_raw		gldns_key_buf2rsa_raw
+#define sldns_gost2pkey_raw		gldns_gost2pkey_raw
+#define sldns_ecdsa2pkey_raw		gldns_ecdsa2pkey_raw
+#define sldns_buffer_begin		gldns_buffer_begin
+#define sldns_buffer_limit		gldns_buffer_limit
+#include "util/ub/val_secalgo.h"
+#endif

From 0ecaf163d9ae7be742bb5dda8068ed774c773c05 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 8 Mar 2017 23:14:24 +0100
Subject: [PATCH 166/249] Update original source directly

---
 src/util/import.sh | 62 ++++------------------------------------------
 1 file changed, 5 insertions(+), 57 deletions(-)

diff --git a/src/util/import.sh b/src/util/import.sh
index 82f03921..43c9be7a 100755
--- a/src/util/import.sh
+++ b/src/util/import.sh
@@ -1,60 +1,8 @@
 #!/bin/sh
 
-# Meant to be run from this directory
+REPO=http://unbound.net/svn/trunk
 
-mkdir ub || true
-cd ub
-for f in rbtree.c rbtree.h
-do
-	wget http://unbound.net/svn/trunk/util/$f || \
-	ftp  http://unbound.net/svn/trunk/util/$f || continue
-	sed -e 's/event_/_getdns_event_/g' \
-	    -e 's/signal_add/_getdns_signal_add/g' \
-	    -e 's/signal_del/_getdns_signal_del/g' \
-	    -e 's/signal_set/_getdns_signal_set/g' \
-	    -e 's/evtimer_/_getdns_evtimer_/g' \
-	    -e 's/struct event/struct _getdns_event/g' \
-	    -e 's/mini_ev_cmp/_getdns_mini_ev_cmp/g' \
-	    -e 's/static void handle_timeouts/void handle_timeouts/g' \
-	    -e 's/handle_timeouts/_getdns_handle_timeouts/g' \
-	    -e 's/static int handle_select/int handle_select/g' \
-	    -e 's/handle_select/_getdns_handle_select/g' \
-	    -e 's/#include "rbtree\.h"/#include "util\/rbtree.h"/g' \
-	    -e 's/rbnode_/_getdns_rbnode_/g' \
-	    -e 's/rbtree_/_getdns_rbtree_/g' \
-	    -e 's/traverse_post/_getdns_traverse_post/g' \
-	    -e 's/#include "fptr_wlist\.h"/#include "util\/fptr_wlist.h"/g' \
-	    -e 's/#include "log\.h"/#include "util\/log.h"/g' \
-	    -e '/^#define _getdns_.* mini_getdns_/d' \
-	    -e '/^\/\* redefine to use our own namespace so that on platforms where$/d' \
-	    -e '/^ \* linkers crosslink library-private symbols with other symbols, it works \*\//d' \
-	    $f > ../$f
-done
-for f in val_secalgo.h val_secalgo.c
-do
-	wget http://unbound.net/svn/trunk/validator/$f || \
-	ftp  http://unbound.net/svn/trunk/validator/$f || continue
-	sed -e 's/sldns/gldns/g' \
-	    -e '/^\/\* packed_rrset on top to define enum types (forced by c99 standard) \*\/$/d' \
-	    -e '/^#include "util\/data\/packed_rrset.h"$/d' \
-	    -e 's/^#include "validator/#include "util/g' \
-	    -e 's/^#include "gldns\/sbuffer/#include "gldns\/gbuffer/g' \
-	    -e 's/^#include "util\/val_nsec3.h"/#define NSEC3_HASH_SHA1 0x01/g' \
-	    -e 's/ds_digest_size_supported/_getdns_ds_digest_size_supported/g' \
-	    -e 's/secalgo_ds_digest/_getdns_secalgo_ds_digest/g' \
-	    -e 's/dnskey_algo_id_is_supported/_getdns_dnskey_algo_id_is_supported/g' \
-	    -e 's/verify_canonrrset/_getdns_verify_canonrrset/g' \
-	    -e 's/nsec3_hash_algo_size_supported/_getdns_nsec3_hash_algo_size_supported/g' \
-	    -e 's/secalgo_nsec3_hash/_getdns_secalgo_nsec3_hash/g' \
-	    -e 's/secalgo_hash_sha256/_getdns_secalgo_hash_sha256/g' \
-	    -e 's/ecdsa_evp_workaround_init/_getdns_ecdsa_evp_workaround_init/g' \
-	    -e 's/LDNS_/GLDNS_/g' \
-	    -e 's/enum sec_status/int/g' \
-	    -e 's/sec_status_bogus/0/g' \
-	    -e 's/sec_status_unchecked/0/g' \
-	    -e 's/sec_status_secure/1/g' \
-	    $f > ../$f
-done
-
-cd ..
-rm -r ub
+wget -O rbtree.c		${REPO}/util/rbtree.c
+wget -O ub/rbtree.h		${REPO}/util/rbtree.h
+wget -O val_secalgo.c		${REPO}/validator/val_secalgo.c
+wget -O ub/val_secalgo.h	${REPO}/validator/val_secalgo.h

From dd656b7421bfbf4a622535291dd64df89c1ca9f5 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 9 Mar 2017 10:44:38 +0100
Subject: [PATCH 167/249] More comprehensible auxiliary directory names

(in src/util)
---
 spec/example/Makefile.in                      |  24 +-
 src/Makefile.in                               | 368 +++++++-----------
 src/test/Makefile.in                          |  71 ++--
 src/tools/Makefile.in                         |   7 +-
 src/util/{ => auxiliary}/fptr_wlist.h         |   0
 src/util/auxiliary/log.h                      |   1 +
 .../{ub_reroute => auxiliary}/sldns/keyraw.h  |   0
 .../{ub_reroute => auxiliary}/sldns/rrdef.h   |   0
 .../{ub_reroute => auxiliary}/sldns/sbuffer.h |   0
 .../util/data/packed_rrset.h                  |   0
 src/util/{ => auxiliary/util}/log.h           |   0
 .../validator/val_nsec3.h                     |   0
 .../validator/val_secalgo.h                   |   0
 src/util/import.sh                            |   8 +-
 src/util/{ub => orig-headers}/rbtree.h        |   0
 src/util/{ub => orig-headers}/val_secalgo.h   |   0
 src/util/rbtree.h                             |   2 +-
 src/util/val_secalgo.h                        |   2 +-
 18 files changed, 187 insertions(+), 296 deletions(-)
 rename src/util/{ => auxiliary}/fptr_wlist.h (100%)
 create mode 100644 src/util/auxiliary/log.h
 rename src/util/{ub_reroute => auxiliary}/sldns/keyraw.h (100%)
 rename src/util/{ub_reroute => auxiliary}/sldns/rrdef.h (100%)
 rename src/util/{ub_reroute => auxiliary}/sldns/sbuffer.h (100%)
 rename src/util/{ub_reroute => auxiliary}/util/data/packed_rrset.h (100%)
 rename src/util/{ => auxiliary/util}/log.h (100%)
 rename src/util/{ub_reroute => auxiliary}/validator/val_nsec3.h (100%)
 rename src/util/{ub_reroute => auxiliary}/validator/val_secalgo.h (100%)
 rename src/util/{ub => orig-headers}/rbtree.h (100%)
 rename src/util/{ub => orig-headers}/val_secalgo.h (100%)

diff --git a/spec/example/Makefile.in b/spec/example/Makefile.in
index 8ff7f2d1..7bf5e016 100644
--- a/spec/example/Makefile.in
+++ b/spec/example/Makefile.in
@@ -149,24 +149,16 @@ depend:
 
 # Dependencies for the examples
 example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
-example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/config.h ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
+example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h ../../src/config.h \
+ ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
 example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
+ ../../src/config.h ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
 example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
  ../../src/getdns/getdns.h
-example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h ../../src/config.h \
+ ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
diff --git a/src/Makefile.in b/src/Makefile.in
index 2b0502f4..4997677e 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -48,7 +48,7 @@ srcdir = @srcdir@
 LIBTOOL = ../libtool
 
 CC=@CC@
-CFLAGS=-I$(srcdir) -I. -I$(srcdir)/util/ub_reroute @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
+CFLAGS=-I$(srcdir) -I. -I$(srcdir)/util/auxiliary @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
 WPEDANTICFLAG=@WPEDANTICFLAG@
 WNOERRORFLAG=@WNOERRORFLAG@
 LDFLAGS=@LDFLAGS@ @LIBS@
@@ -191,7 +191,7 @@ Makefile: $(srcdir)/Makefile.in ../config.status
 
 depend:
 	(cd $(srcdir) ; awk 'BEGIN{P=1}{if(P)print}/^# Dependencies/{P=0}' Makefile.in > Makefile.in.new )
-	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" *.c gldns/*.c compat/*.c util/*.c jsmn/*.c extension/*.c| \
+	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" -Iutil/auxiliary *.c gldns/*.c compat/*.c util/*.c jsmn/*.c extension/*.c| \
 		sed -e "s? $$blddir/? ?g" \
 		    -e 's?gldns/?$$(srcdir)/gldns/?g' \
 		    -e 's?compat/?$$(srcdir)/compat/?g' \
@@ -215,232 +215,160 @@ depend:
 FORCE:
 
 # Dependencies for gldns, utils, the extensions and compat functions
-const-info.lo const-info.o: $(srcdir)/const-info.c \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/const-info.h
-context.lo context.o: $(srcdir)/context.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
- $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
-convert.lo convert.o: $(srcdir)/convert.c \
- config.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h \
- $(srcdir)/convert.h
-dict.lo dict.o: $(srcdir)/dict.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+const-info.lo const-info.o: $(srcdir)/const-info.c getdns/getdns.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/const-info.h
+context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h \
+ $(srcdir)/pubkey-pinning.h
+convert.lo convert.o: $(srcdir)/convert.c config.h getdns/getdns.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
+dict.lo dict.o: $(srcdir)/dict.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
  $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h \
- $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h
-dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
- config.h \
- $(srcdir)/debug.h \
- getdns/getdns.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
- $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h \
- $(srcdir)/util/val_secalgo.h
-general.lo general.o: $(srcdir)/general.c \
- config.h \
- $(srcdir)/general.h \
- getdns/getdns.h \
- $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h \
- $(srcdir)/mdns.h
-list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h \
- config.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
-mdns.lo mdns.o: $(srcdir)/mdns.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/context.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/general.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/mdns.h
-pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
- config.h \
- $(srcdir)/debug.h \
- getdns/getdns.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
- $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
-request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/parseutil.h
+dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h $(srcdir)/debug.h getdns/getdns.h $(srcdir)/context.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h \
+ $(srcdir)/list.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/orig-headers/val_secalgo.h
+general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/general.h getdns/getdns.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util-internal.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h $(srcdir)/mdns.h
+list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
+ config.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
+mdns.lo mdns.o: $(srcdir)/mdns.c config.h $(srcdir)/debug.h $(srcdir)/context.h getdns/getdns.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/mdns.h
+pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c config.h $(srcdir)/debug.h getdns/getdns.h \
+ $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ config.h $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
+request-internal.lo request-internal.o: $(srcdir)/request-internal.c config.h $(srcdir)/types-internal.h \
+ getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
  $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
  $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h $(srcdir)/convert.h
-rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
- config.h \
- getdns/getdns.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h config.h getdns/getdns.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/util-internal.h $(srcdir)/context.h getdns/getdns_extra.h getdns/getdns.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
  $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
-rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- config.h \
- getdns/getdns.h \
+rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h config.h getdns/getdns.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
-server.lo server.o: $(srcdir)/server.c \
- config.h \
- getdns/getdns_extra.h \
- getdns/getdns.h \
- $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h
-stub.lo stub.o: $(srcdir)/stub.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/stub.h \
- getdns/getdns.h \
- $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
+server.lo server.o: $(srcdir)/server.c config.h getdns/getdns_extra.h getdns/getdns.h \
+ $(srcdir)/context.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h
+stub.lo stub.o: $(srcdir)/stub.c config.h $(srcdir)/debug.h $(srcdir)/stub.h getdns/getdns.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
  $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/general.h \
- $(srcdir)/pubkey-pinning.h
-sync.lo sync.o: $(srcdir)/sync.c \
- getdns/getdns.h \
- config.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
-ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
- config.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/debug.h
-util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
- config.h \
- getdns/getdns.h \
- $(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
+sync.lo sync.o: $(srcdir)/sync.c getdns/getdns.h config.h $(srcdir)/context.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
+ $(srcdir)/gldns/wire2str.h
+ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h config.h getdns/getdns.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
+util-internal.lo util-internal.o: $(srcdir)/util-internal.c config.h getdns/getdns.h $(srcdir)/dict.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
  $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h \
  $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
-gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
- config.h \
+version.lo version.o: version.c
+gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c config.h $(srcdir)/gldns/gbuffer.h
+keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c config.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
+parse.lo parse.o: $(srcdir)/gldns/parse.c config.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h \
  $(srcdir)/gldns/gbuffer.h
-keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
- config.h \
- $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
-parse.lo parse.o: $(srcdir)/gldns/parse.c \
- config.h \
- $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
-parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
- config.h \
- $(srcdir)/gldns/parseutil.h
-rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
- config.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
-str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
- config.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
-wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
- config.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
-arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
- config.h
-arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
- config.h \
- $(srcdir)/compat/chacha_private.h
-arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c \
- config.h
-explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c \
- config.h
-getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c \
- config.h
-getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c \
- config.h
-getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c \
- config.h
+parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c config.h $(srcdir)/gldns/parseutil.h
+rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
+str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c config.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
+wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c config.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/keyraw.h
+arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h
+arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
+arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c config.h
+explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
+getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
+getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h
+getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
 getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
-gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c \
- config.h
-inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c \
- config.h
-inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c \
- config.h
-sha512.lo sha512.o: $(srcdir)/compat/sha512.c \
- config.h
-strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
- config.h
-rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
- config.h \
- $(srcdir)/util/log.h $(srcdir)/debug.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/rbtree.h
-val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
- config.h \
- $(srcdir)/util/val_secalgo.h $(srcdir)/util/log.h $(srcdir)/debug.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/keyraw.h \
- $(srcdir)/gldns/gbuffer.h
+gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c config.h
+inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
+inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
+sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
+strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
+rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/auxiliary/log.h \
+ $(srcdir)/util/auxiliary/$(srcdir)/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/fptr_wlist.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
+val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h \
+ $(srcdir)/util/auxiliary/$(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/auxiliary/validator/val_secalgo.h $(srcdir)/util/val_secalgo.h \
+ $(srcdir)/util/orig-headers/val_secalgo.h $(srcdir)/util/auxiliary/validator/val_nsec3.h \
+ $(srcdir)/util/auxiliary/$(srcdir)/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/util/auxiliary/sldns/keyraw.h $(srcdir)/gldns/keyraw.h \
+ $(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
-libev.lo libev.o: $(srcdir)/extension/libev.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
-libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
-libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
-poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
- config.h \
- $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/debug.h
-select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
- config.h \
- $(srcdir)/extension/select_eventloop.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h
+libev.lo libev.o: $(srcdir)/extension/libev.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h \
+ getdns/getdns_extra.h
+libevent.lo libevent.o: $(srcdir)/extension/libevent.c config.h $(srcdir)/types-internal.h \
+ getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h \
+ getdns/getdns_extra.h
+libuv.lo libuv.o: $(srcdir)/extension/libuv.c config.h $(srcdir)/debug.h config.h $(srcdir)/types-internal.h \
+ getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h \
+ getdns/getdns_extra.h
+poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h config.h
+select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c config.h \
+ $(srcdir)/extension/select_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/debug.h config.h $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
diff --git a/src/test/Makefile.in b/src/test/Makefile.in
index 758435c1..c481fdab 100644
--- a/src/test/Makefile.in
+++ b/src/test/Makefile.in
@@ -216,13 +216,10 @@ depend:
 .PHONY: clean test
 
 # Dependencies for the unit tests
-check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
- ../getdns/getdns.h \
- $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_address.h $(srcdir)/check_getdns_address_sync.h \
- $(srcdir)/check_getdns_cancel_callback.h $(srcdir)/check_getdns_context_create.h \
- $(srcdir)/check_getdns_context_destroy.h \
+check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_address.h \
+ $(srcdir)/check_getdns_address_sync.h $(srcdir)/check_getdns_cancel_callback.h \
+ $(srcdir)/check_getdns_context_create.h $(srcdir)/check_getdns_context_destroy.h \
  $(srcdir)/check_getdns_context_set_context_update_callback.h \
  $(srcdir)/check_getdns_context_set_dns_transport.h \
  $(srcdir)/check_getdns_context_set_timeout.h \
@@ -242,58 +239,34 @@ check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
  $(srcdir)/check_getdns_list_get_list.h $(srcdir)/check_getdns_pretty_print_dict.h \
  $(srcdir)/check_getdns_service.h $(srcdir)/check_getdns_service_sync.h \
  $(srcdir)/check_getdns_transport.h
-check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c \
- ../getdns/getdns.h \
- ../config.h \
- $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h \
+check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c ../getdns/getdns.h \
+ ../config.h $(srcdir)/check_getdns_common.h ../getdns/getdns_extra.h \
  $(srcdir)/check_getdns_eventloop.h
 check_getdns_context_set_timeout.lo check_getdns_context_set_timeout.o: $(srcdir)/check_getdns_context_set_timeout.c \
  $(srcdir)/check_getdns_context_set_timeout.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
+ ../getdns/getdns.h ../getdns/getdns_extra.h
 check_getdns_libev.lo check_getdns_libev.o: $(srcdir)/check_getdns_libev.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
- $(srcdir)/../getdns/getdns_ext_libev.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_common.h
+ ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libev.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
 check_getdns_libevent.lo check_getdns_libevent.o: $(srcdir)/check_getdns_libevent.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
- $(srcdir)/../getdns/getdns_ext_libevent.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
+ ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libevent.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
 check_getdns_libuv.lo check_getdns_libuv.o: $(srcdir)/check_getdns_libuv.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
- $(srcdir)/../getdns/getdns_ext_libuv.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_common.h
+ ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libuv.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
 check_getdns_selectloop.lo check_getdns_selectloop.o: $(srcdir)/check_getdns_selectloop.c \
- $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
+ $(srcdir)/check_getdns_eventloop.h ../config.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 check_getdns_transport.lo check_getdns_transport.o: $(srcdir)/check_getdns_transport.c \
- $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h \
+ $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h
-scratchpad.template.lo scratchpad.template.o: scratchpad.template.c \
- ../getdns/getdns.h \
+scratchpad.template.lo scratchpad.template.o: scratchpad.template.c ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 testmessages.lo testmessages.o: $(srcdir)/testmessages.c $(srcdir)/testmessages.h
-tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h
-tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h
-tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h
-tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c \
- ../config.h \
- $(srcdir)/testmessages.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
-tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h \
+tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h ../getdns/getdns.h
+tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h ../getdns/getdns.h
+tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h ../getdns/getdns.h
+tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c ../config.h $(srcdir)/testmessages.h \
+ ../getdns/getdns.h ../getdns/getdns_extra.h
+tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h
diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index d066e824..d98cf437 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -113,8 +113,5 @@ depend:
 .PHONY: clean test
 
 # Dependencies for getdns_query
-getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c \
- ../config.h \
- $(srcdir)/../debug.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
+getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c ../config.h $(srcdir)/../debug.h ../config.h \
+ ../getdns/getdns.h ../getdns/getdns_extra.h
diff --git a/src/util/fptr_wlist.h b/src/util/auxiliary/fptr_wlist.h
similarity index 100%
rename from src/util/fptr_wlist.h
rename to src/util/auxiliary/fptr_wlist.h
diff --git a/src/util/auxiliary/log.h b/src/util/auxiliary/log.h
new file mode 100644
index 00000000..bc885bf4
--- /dev/null
+++ b/src/util/auxiliary/log.h
@@ -0,0 +1 @@
+#include "util/log.h"
diff --git a/src/util/ub_reroute/sldns/keyraw.h b/src/util/auxiliary/sldns/keyraw.h
similarity index 100%
rename from src/util/ub_reroute/sldns/keyraw.h
rename to src/util/auxiliary/sldns/keyraw.h
diff --git a/src/util/ub_reroute/sldns/rrdef.h b/src/util/auxiliary/sldns/rrdef.h
similarity index 100%
rename from src/util/ub_reroute/sldns/rrdef.h
rename to src/util/auxiliary/sldns/rrdef.h
diff --git a/src/util/ub_reroute/sldns/sbuffer.h b/src/util/auxiliary/sldns/sbuffer.h
similarity index 100%
rename from src/util/ub_reroute/sldns/sbuffer.h
rename to src/util/auxiliary/sldns/sbuffer.h
diff --git a/src/util/ub_reroute/util/data/packed_rrset.h b/src/util/auxiliary/util/data/packed_rrset.h
similarity index 100%
rename from src/util/ub_reroute/util/data/packed_rrset.h
rename to src/util/auxiliary/util/data/packed_rrset.h
diff --git a/src/util/log.h b/src/util/auxiliary/util/log.h
similarity index 100%
rename from src/util/log.h
rename to src/util/auxiliary/util/log.h
diff --git a/src/util/ub_reroute/validator/val_nsec3.h b/src/util/auxiliary/validator/val_nsec3.h
similarity index 100%
rename from src/util/ub_reroute/validator/val_nsec3.h
rename to src/util/auxiliary/validator/val_nsec3.h
diff --git a/src/util/ub_reroute/validator/val_secalgo.h b/src/util/auxiliary/validator/val_secalgo.h
similarity index 100%
rename from src/util/ub_reroute/validator/val_secalgo.h
rename to src/util/auxiliary/validator/val_secalgo.h
diff --git a/src/util/import.sh b/src/util/import.sh
index 43c9be7a..e9626988 100755
--- a/src/util/import.sh
+++ b/src/util/import.sh
@@ -2,7 +2,7 @@
 
 REPO=http://unbound.net/svn/trunk
 
-wget -O rbtree.c		${REPO}/util/rbtree.c
-wget -O ub/rbtree.h		${REPO}/util/rbtree.h
-wget -O val_secalgo.c		${REPO}/validator/val_secalgo.c
-wget -O ub/val_secalgo.h	${REPO}/validator/val_secalgo.h
+wget -O rbtree.c			${REPO}/util/rbtree.c
+wget -O orig-headers/rbtree.h		${REPO}/util/rbtree.h
+wget -O val_secalgo.c			${REPO}/validator/val_secalgo.c
+wget -O orig-headers/val_secalgo.h	${REPO}/validator/val_secalgo.h
diff --git a/src/util/ub/rbtree.h b/src/util/orig-headers/rbtree.h
similarity index 100%
rename from src/util/ub/rbtree.h
rename to src/util/orig-headers/rbtree.h
diff --git a/src/util/ub/val_secalgo.h b/src/util/orig-headers/val_secalgo.h
similarity index 100%
rename from src/util/ub/val_secalgo.h
rename to src/util/orig-headers/val_secalgo.h
diff --git a/src/util/rbtree.h b/src/util/rbtree.h
index 7772ffda..c3ae4128 100644
--- a/src/util/rbtree.h
+++ b/src/util/rbtree.h
@@ -46,5 +46,5 @@
 #define rbtree_next		_getdns_rbtree_next
 #define rbtree_previous		_getdns_rbtree_previous
 #define traverse_postorder	_getdns_traverse_postorder
-#include "util/ub/rbtree.h"
+#include "util/orig-headers/rbtree.h"
 #endif
diff --git a/src/util/val_secalgo.h b/src/util/val_secalgo.h
index d9904f06..55bf423e 100644
--- a/src/util/val_secalgo.h
+++ b/src/util/val_secalgo.h
@@ -74,5 +74,5 @@ enum sec_status { sec_status_bogus     = 0
 #define sldns_ecdsa2pkey_raw		gldns_ecdsa2pkey_raw
 #define sldns_buffer_begin		gldns_buffer_begin
 #define sldns_buffer_limit		gldns_buffer_limit
-#include "util/ub/val_secalgo.h"
+#include "util/orig-headers/val_secalgo.h"
 #endif

From 5a2ee50de356db7adc51a9688bff8b2ba2293349 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 9 Mar 2017 11:40:39 +0100
Subject: [PATCH 168/249] Have a define for any debugging

---
 src/debug.h | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/debug.h b/src/debug.h
index 5087efb4..26ca50e4 100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -138,5 +138,14 @@
 #define DEBUG_MDNS(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 
+#if (defined(SCHED_DEBUG)  && SCHED_DEBUG)  || \
+    (defined(STUB_DEBUG)   && STUB_DEBUG)   || \
+    (defined(DAEMON_DEBUG) && DAEMON_DEBUG) || \
+    (defined(SEC_DEBUG)    && SEC_DEBUG)    || \
+    (defined(SERVER_DEBUG) && SERVER_DEBUG) || \
+    (defined(MDNS_DEBUG)   && MDNS_DEBUG)
+#define DEBUGGING 1
+#endif
+
 #endif
 /* debug.h */

From 5b5123a79dcab6f7fda3b98f9924492c2a0f643d Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 9 Mar 2017 11:46:15 +0100
Subject: [PATCH 169/249] HAVE_PTHREAD instead of HAVE_PTHREADS like unbound

---
 configure.ac           | 4 ++--
 src/compat/arc4_lock.c | 2 +-
 src/context.c          | 8 ++++----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index 555b7792..2bd99c6f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -992,7 +992,7 @@ fi
 
 
 #---- check for pthreads library
-AC_SEARCH_LIBS([pthread_mutex_init],[pthread],[AC_DEFINE([HAVE_PTHREADS], [1], [Have pthreads library])], [AC_MSG_WARN([pthreads not available])])
+AC_SEARCH_LIBS([pthread_mutex_init],[pthread],[AC_DEFINE([HAVE_PTHREAD], [1], [Have pthreads library])], [AC_MSG_WARN([pthreads not available])])
 
 AC_MSG_CHECKING([whether the C compiler (${CC-cc}) supports the __func__ variable])
 AC_LANG_PUSH(C)
@@ -1008,7 +1008,7 @@ dnl ----- Start of "Things needed for gldns" section
 dnl -----
 dnl ---------------------------------------------------------------------------
 
-AC_CHECK_HEADERS([stdarg.h stdint.h netinet/in.h arpa/inet.h netdb.h sys/socket.h time.h sys/time.h sys/select.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS([stdarg.h stdint.h netinet/in.h arpa/inet.h netdb.h sys/socket.h time.h sys/time.h sys/select.h endian.h],,, [AC_INCLUDES_DEFAULT])
 
 dnl Check the printf-format attribute (if any)
 dnl result in HAVE_ATTR_FORMAT.  
diff --git a/src/compat/arc4_lock.c b/src/compat/arc4_lock.c
index 34b85974..cb9b5056 100644
--- a/src/compat/arc4_lock.c
+++ b/src/compat/arc4_lock.c
@@ -34,7 +34,7 @@
 #include "config.h"
 #define LOCKRET(func) func
 
-#ifdef HAVE_PTHREADS
+#ifdef HAVE_PTHREAD
 #include "pthread.h"
 
 static pthread_mutex_t arc_lock = PTHREAD_MUTEX_INITIALIZER;
diff --git a/src/context.c b/src/context.c
index 5421fd81..1237ae7f 100644
--- a/src/context.c
+++ b/src/context.c
@@ -62,7 +62,7 @@ typedef unsigned short in_port_t;
 #include <assert.h>
 #include <ctype.h>
 
-#ifdef HAVE_PTHREADS
+#ifdef HAVE_PTHREAD
 #include <pthread.h>
 #endif
 #include <stdbool.h>
@@ -93,7 +93,7 @@ typedef unsigned short in_port_t;
    upstream. Using 1 hour for all transports - based on RFC7858 value for for TLS.*/
 #define BACKOFF_RETRY 3600
 
-#ifdef HAVE_PTHREADS
+#ifdef HAVE_PTHREAD
 static pthread_mutex_t ssl_init_lock = PTHREAD_MUTEX_INITIALIZER;
 #endif
 static bool ssl_init=false;
@@ -1434,7 +1434,7 @@ getdns_context_create_with_extended_memory_functions(
 	/* Unbound needs SSL to be init'ed this early when TLS is used. However we
 	 * don't know that till later so we will have to do this every time. */
 
-#ifdef HAVE_PTHREADS
+#ifdef HAVE_PTHREAD
 	pthread_mutex_lock(&ssl_init_lock);
 #else
 	/* XXX implement Windows-style lock here */
@@ -1444,7 +1444,7 @@ getdns_context_create_with_extended_memory_functions(
 		SSL_library_init();
 		ssl_init = true;
 	}
-#ifdef HAVE_PTHREADS
+#ifdef HAVE_PTHREAD
 	pthread_mutex_unlock(&ssl_init_lock);
 #else
 	/* XXX implement Windows-style unlock here */

From f751de696a5e8569b1339deedb2354ee79c7bca2 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 9 Mar 2017 12:08:53 +0100
Subject: [PATCH 170/249] Import lruhash and lookup3 from unbound

---
 src/Makefile.in                           |   13 +-
 src/util/auxiliary/fptr_wlist.h           |   43 +-
 src/util/auxiliary/util/fptr_wlist.h      |   42 +
 src/util/auxiliary/util/log.h             |   17 +-
 src/util/auxiliary/util/storage/lookup3.h |    1 +
 src/util/auxiliary/util/storage/lruhash.h |    1 +
 src/util/import.sh                        |    6 +
 src/util/locks.c                          |  264 ++++++
 src/util/locks.h                          |   64 ++
 src/util/lookup3.c                        | 1032 +++++++++++++++++++++
 src/util/lookup3.h                        |   41 +
 src/util/lruhash.c                        |  545 +++++++++++
 src/util/lruhash.h                        |   68 ++
 src/util/orig-headers/locks.h             |  313 +++++++
 src/util/orig-headers/lookup3.h           |   71 ++
 src/util/orig-headers/lruhash.h           |  414 +++++++++
 16 files changed, 2886 insertions(+), 49 deletions(-)
 create mode 100644 src/util/auxiliary/util/fptr_wlist.h
 create mode 100644 src/util/auxiliary/util/storage/lookup3.h
 create mode 100644 src/util/auxiliary/util/storage/lruhash.h
 create mode 100644 src/util/locks.c
 create mode 100644 src/util/locks.h
 create mode 100644 src/util/lookup3.c
 create mode 100644 src/util/lookup3.h
 create mode 100644 src/util/lruhash.c
 create mode 100644 src/util/lruhash.h
 create mode 100644 src/util/orig-headers/locks.h
 create mode 100644 src/util/orig-headers/lookup3.h
 create mode 100644 src/util/orig-headers/lruhash.h

diff --git a/src/Makefile.in b/src/Makefile.in
index 4997677e..abbb076e 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -79,7 +79,7 @@ LIBOBJDIR=
 LIBOBJS=@LIBOBJS@
 COMPAT_OBJ=$(LIBOBJS:.o=.lo)
 
-UTIL_OBJ=rbtree.lo val_secalgo.lo
+UTIL_OBJ=rbtree.lo val_secalgo.lo lruhash.lo lookup3.lo locks.lo
 
 JSMN_OBJ=jsmn.lo
 
@@ -341,9 +341,18 @@ inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
 inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
 sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
 strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
+locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/$(srcdir)/util/log.h $(srcdir)/debug.h config.h
+lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c config.h $(srcdir)/util/auxiliary/$(srcdir)/util/storage/lookup3.h \
+ $(srcdir)/util/lookup3.h $(srcdir)/util/orig-headers/lookup3.h
+lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c config.h $(srcdir)/util/auxiliary/$(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/$(srcdir)/util/log.h $(srcdir)/debug.h config.h \
+ $(srcdir)/util/auxiliary/$(srcdir)/util/fptr_wlist.h
 rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/auxiliary/log.h \
  $(srcdir)/util/auxiliary/$(srcdir)/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/fptr_wlist.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
+ $(srcdir)/util/auxiliary/$(srcdir)/util/fptr_wlist.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h
 val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h \
  $(srcdir)/util/auxiliary/$(srcdir)/util/data/packed_rrset.h \
  $(srcdir)/util/auxiliary/validator/val_secalgo.h $(srcdir)/util/val_secalgo.h \
diff --git a/src/util/auxiliary/fptr_wlist.h b/src/util/auxiliary/fptr_wlist.h
index d98741df..1eb5a74d 100644
--- a/src/util/auxiliary/fptr_wlist.h
+++ b/src/util/auxiliary/fptr_wlist.h
@@ -1,42 +1 @@
-/**
- *
- * /brief dummy prototypes for function pointer whitelisting
- *
- */
-
-/*
- * Copyright (c) 2013, NLnet Labs, Verisign, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- *   notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- *   notice, this list of conditions and the following disclaimer in the
- *   documentation and/or other materials provided with the distribution.
- * * Neither the names of the copyright holders nor the
- *   names of its contributors may be used to endorse or promote products
- *   derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef UTIL_FPTR_WLIST_H
-#define UTIL_FPTR_WLIST_H
-
-#define fptr_ok(x)
-#define fptr_whitelist_event(x)
-#define fptr_whitelist_rbtree_cmp(x)
-
-#endif /* UTIL_FPTR_WLIST_H */
-
+#include "util/fptr_wlist.h"
diff --git a/src/util/auxiliary/util/fptr_wlist.h b/src/util/auxiliary/util/fptr_wlist.h
new file mode 100644
index 00000000..d98741df
--- /dev/null
+++ b/src/util/auxiliary/util/fptr_wlist.h
@@ -0,0 +1,42 @@
+/**
+ *
+ * /brief dummy prototypes for function pointer whitelisting
+ *
+ */
+
+/*
+ * Copyright (c) 2013, NLnet Labs, Verisign, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef UTIL_FPTR_WLIST_H
+#define UTIL_FPTR_WLIST_H
+
+#define fptr_ok(x)
+#define fptr_whitelist_event(x)
+#define fptr_whitelist_rbtree_cmp(x)
+
+#endif /* UTIL_FPTR_WLIST_H */
+
diff --git a/src/util/auxiliary/util/log.h b/src/util/auxiliary/util/log.h
index 30c9ef8f..cdd949b2 100644
--- a/src/util/auxiliary/util/log.h
+++ b/src/util/auxiliary/util/log.h
@@ -37,15 +37,22 @@
 #include "config.h"
 #include "debug.h"
 
-#if defined(SEC_DEBUG) && SEC_DEBUG
+#ifdef DEBUGGING
 #define verbose(x, ...) DEBUG_NL(__VA_ARGS__)
-#define log_err(...) DEBUG_NL(__VA_ARGS__)
+#define log_err(...)	DEBUG_NL(__VA_ARGS__)
+#define log_info(...)	DEBUG_NL(__VA_ARGS__)
+#define fatal_exit(...) do { DEBUG_NL(__VA_ARGS__); exit(EXIT_FAILURE); } while(0)
+#define log_assert(x)	do { if(!(x)) fatal_exit("%s:%d: %s: assertion %s failed", \
+                                                __FILE__, __LINE__, __FUNC__, #x); \
+                        } while(0)
 #else
-#define verbose(...)
-#define log_err(...)
+#define verbose(...)	((void)0)
+#define log_err(...)	((void)0)
+#define log_info(...)	((void)0)
+#define fatal_exit(...)	((void)0)
+#define log_assert(x)	((void)0)
 #endif
 
-#define log_assert(x)
 
 #endif /* UTIL_LOG_H */
 
diff --git a/src/util/auxiliary/util/storage/lookup3.h b/src/util/auxiliary/util/storage/lookup3.h
new file mode 100644
index 00000000..d00a0b5c
--- /dev/null
+++ b/src/util/auxiliary/util/storage/lookup3.h
@@ -0,0 +1 @@
+#include "util/lookup3.h"
diff --git a/src/util/auxiliary/util/storage/lruhash.h b/src/util/auxiliary/util/storage/lruhash.h
new file mode 100644
index 00000000..cb2d18a1
--- /dev/null
+++ b/src/util/auxiliary/util/storage/lruhash.h
@@ -0,0 +1 @@
+#include "util/lruhash.h"
diff --git a/src/util/import.sh b/src/util/import.sh
index e9626988..49050268 100755
--- a/src/util/import.sh
+++ b/src/util/import.sh
@@ -6,3 +6,9 @@ wget -O rbtree.c			${REPO}/util/rbtree.c
 wget -O orig-headers/rbtree.h		${REPO}/util/rbtree.h
 wget -O val_secalgo.c			${REPO}/validator/val_secalgo.c
 wget -O orig-headers/val_secalgo.h	${REPO}/validator/val_secalgo.h
+wget -O lruhash.c			${REPO}/util/storage/lruhash.c
+wget -O orig-headers/lruhash.h		${REPO}/util/storage/lruhash.h
+wget -O lookup3.c			${REPO}/util/storage/lookup3.c
+wget -O orig-headers/lookup3.h		${REPO}/util/storage/lookup3.h
+wget -O locks.c				${REPO}/util/locks.c
+wget -O orig-headers/locks.h		${REPO}/util/locks.h
diff --git a/src/util/locks.c b/src/util/locks.c
new file mode 100644
index 00000000..b65a02bd
--- /dev/null
+++ b/src/util/locks.c
@@ -0,0 +1,264 @@
+/**
+ * util/locks.c - unbound locking primitives
+ *
+ * Copyright (c) 2007, NLnet Labs. All rights reserved.
+ * 
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ * Implementation of locking and threading support.
+ * A place for locking debug code since most locking functions are macros.
+ */
+
+#include "config.h"
+#include "util/locks.h"
+#include <signal.h>
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+/** block all signals, masks them away. */
+void 
+ub_thread_blocksigs(void)
+{
+#if defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS) || defined(HAVE_SIGPROCMASK)
+#  if defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS)
+	int err;
+#  endif
+	sigset_t sigset;
+	sigfillset(&sigset);
+#ifdef HAVE_PTHREAD
+	if((err=pthread_sigmask(SIG_SETMASK, &sigset, NULL)))
+		fatal_exit("pthread_sigmask: %s", strerror(err));
+#else
+#  ifdef HAVE_SOLARIS_THREADS
+	if((err=thr_sigsetmask(SIG_SETMASK, &sigset, NULL)))
+		fatal_exit("thr_sigsetmask: %s", strerror(err));
+#  else 
+	/* have nothing, do single process signal mask */
+	if(sigprocmask(SIG_SETMASK, &sigset, NULL))
+		fatal_exit("sigprocmask: %s", strerror(errno));
+#  endif /* HAVE_SOLARIS_THREADS */
+#endif /* HAVE_PTHREAD */
+#endif /* have signal stuff */
+}
+
+/** unblock one signal, so we can catch it */
+void ub_thread_sig_unblock(int sig)
+{
+#if defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS) || defined(HAVE_SIGPROCMASK)
+#  if defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS)
+	int err;
+#  endif
+	sigset_t sigset;
+	sigemptyset(&sigset);
+	sigaddset(&sigset, sig);
+#ifdef HAVE_PTHREAD
+	if((err=pthread_sigmask(SIG_UNBLOCK, &sigset, NULL)))
+		fatal_exit("pthread_sigmask: %s", strerror(err));
+#else
+#  ifdef HAVE_SOLARIS_THREADS
+	if((err=thr_sigsetmask(SIG_UNBLOCK, &sigset, NULL)))
+		fatal_exit("thr_sigsetmask: %s", strerror(err));
+#  else 
+	/* have nothing, do single thread case */
+	if(sigprocmask(SIG_UNBLOCK, &sigset, NULL))
+		fatal_exit("sigprocmask: %s", strerror(errno));
+#  endif /* HAVE_SOLARIS_THREADS */
+#endif /* HAVE_PTHREAD */
+#else
+	(void)sig;
+#endif /* have signal stuff */
+}
+
+#if !defined(HAVE_PTHREAD) && !defined(HAVE_SOLARIS_THREADS) && !defined(HAVE_WINDOWS_THREADS)
+/**
+ * No threading available: fork a new process.
+ * This means no shared data structure, and no locking.
+ * Only the main thread ever returns. Exits on errors.
+ * @param thr: the location where to store the thread-id.
+ * @param func: function body of the thread. Return value of func is lost.
+ * @param arg: user argument to func.
+ */
+void 
+ub_thr_fork_create(ub_thread_type* thr, void* (*func)(void*), void* arg)
+{
+	pid_t pid = fork();
+	switch(pid) {
+	default:	/* main */
+			*thr = (ub_thread_type)pid;
+			return;
+	case 0: 	/* child */
+			*thr = (ub_thread_type)getpid();
+			(void)(*func)(arg);
+			exit(0);
+	case -1:	/* error */
+			fatal_exit("could not fork: %s", strerror(errno));
+	}
+}
+
+/**
+ * There is no threading. Wait for a process to terminate.
+ * Note that ub_thread_type is defined as pid_t.
+ * @param thread: the process id to wait for.
+ */
+void ub_thr_fork_wait(ub_thread_type thread)
+{
+	int status = 0;
+	if(waitpid((pid_t)thread, &status, 0) == -1)
+		log_err("waitpid(%d): %s", (int)thread, strerror(errno));
+	if(status != 0)
+		log_warn("process %d abnormal exit with status %d",
+			(int)thread, status);
+}
+#endif /* !defined(HAVE_PTHREAD) && !defined(HAVE_SOLARIS_THREADS) && !defined(HAVE_WINDOWS_THREADS) */
+
+#ifdef HAVE_SOLARIS_THREADS
+void* ub_thread_key_get(ub_thread_key_type key)
+{
+	void* ret=NULL;
+	LOCKRET(thr_getspecific(key, &ret));
+	return ret;
+}
+#endif
+
+#ifdef HAVE_WINDOWS_THREADS
+/** log a windows GetLastError message */
+static void log_win_err(const char* str, DWORD err)
+{
+	LPTSTR buf;
+	if(FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | 
+		FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_ALLOCATE_BUFFER, 
+		NULL, err, 0, (LPTSTR)&buf, 0, NULL) == 0) {
+		/* could not format error message */
+		log_err("%s, GetLastError=%d", str, (int)err);
+		return;
+	}
+	log_err("%s, (err=%d): %s", str, (int)err, buf);
+	LocalFree(buf);
+}
+
+void lock_basic_init(lock_basic_type* lock)
+{
+	/* implement own lock, because windows HANDLE as Mutex usage
+	 * uses too many handles and would bog down the whole system. */
+	(void)InterlockedExchange(lock, 0);
+}
+
+void lock_basic_destroy(lock_basic_type* lock)
+{
+	(void)InterlockedExchange(lock, 0);
+}
+
+void lock_basic_lock(lock_basic_type* lock)
+{
+	LONG wait = 1; /* wait 1 msec at first */
+
+	while(InterlockedExchange(lock, 1)) {
+		/* if the old value was 1 then if was already locked */
+		Sleep(wait); /* wait with sleep */
+		wait *= 2;   /* exponential backoff for waiting */
+	}
+	/* the old value was 0, but we inserted 1, we locked it! */
+}
+
+void lock_basic_unlock(lock_basic_type* lock)
+{
+	/* unlock it by inserting the value of 0. xchg for cache coherency. */
+	(void)InterlockedExchange(lock, 0);
+}
+
+void ub_thread_key_create(ub_thread_key_type* key, void* f)
+{
+	*key = TlsAlloc();
+	if(*key == TLS_OUT_OF_INDEXES) {
+		*key = 0;
+		log_win_err("TlsAlloc Failed(OUT_OF_INDEXES)", GetLastError());
+	}
+	else ub_thread_key_set(*key, f);
+}
+
+void ub_thread_key_set(ub_thread_key_type key, void* v)
+{
+	if(!TlsSetValue(key, v)) {
+		log_win_err("TlsSetValue failed", GetLastError());
+	}
+}
+
+void* ub_thread_key_get(ub_thread_key_type key)
+{
+	void* ret = (void*)TlsGetValue(key);
+	if(ret == NULL && GetLastError() != ERROR_SUCCESS) {
+		log_win_err("TlsGetValue failed", GetLastError());
+	}
+	return ret;
+}
+
+void ub_thread_create(ub_thread_type* thr, void* (*func)(void*), void* arg)
+{
+#ifndef HAVE__BEGINTHREADEX
+	*thr = CreateThread(NULL, /* default security (no inherit handle) */
+		0, /* default stack size */
+		(LPTHREAD_START_ROUTINE)func, arg,
+		0, /* default flags, run immediately */
+		NULL); /* do not store thread identifier anywhere */
+#else
+	/* the beginthreadex routine setups for the C lib; aligns stack */
+	*thr=(ub_thread_type)_beginthreadex(NULL, 0, (void*)func, arg, 0, NULL);
+#endif
+	if(*thr == NULL) {
+		log_win_err("CreateThread failed", GetLastError());
+		fatal_exit("thread create failed");
+	}
+}
+
+ub_thread_type ub_thread_self(void)
+{
+	return GetCurrentThread();
+}
+
+void ub_thread_join(ub_thread_type thr)
+{
+	DWORD ret = WaitForSingleObject(thr, INFINITE);
+	if(ret == WAIT_FAILED) {
+		log_win_err("WaitForSingleObject(Thread):WAIT_FAILED", 
+			GetLastError());
+	} else if(ret == WAIT_TIMEOUT) {
+		log_win_err("WaitForSingleObject(Thread):WAIT_TIMEOUT", 
+			GetLastError());
+	}
+	/* and close the handle to the thread */
+	if(!CloseHandle(thr)) {
+		log_win_err("CloseHandle(Thread) failed", GetLastError());
+	}
+}
+#endif /* HAVE_WINDOWS_THREADS */
diff --git a/src/util/locks.h b/src/util/locks.h
new file mode 100644
index 00000000..fea65e0a
--- /dev/null
+++ b/src/util/locks.h
@@ -0,0 +1,64 @@
+/**
+ *
+ * \file locks.h
+ * /brief Alternative symbol names for unbound's locks.h
+ *
+ */
+/*
+ * Copyright (c) 2017, NLnet Labs, the getdns team
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef LOCKS_H_SYMBOLS
+#define LOCKS_H_SYMBOLS
+
+#include "config.h"
+
+#define ub_thread_blocksigs	_getdns_ub_thread_blocksigs
+#define ub_thread_sig_unblock	_getdns_ub_thread_sig_unblock
+
+#define ub_thread_type		_getdns_ub_thread_type
+#define ub_thr_fork_create	_getdns_ub_thr_fork_create
+#define ub_thr_fork_wait	_getdns_ub_thr_fork_wait
+
+#if defined(HAVE_SOLARIS_THREADS) || defined(HAVE_WINDOWS_THREADS)
+#define ub_thread_key_type	_getdns_ub_thread_key_type
+#define ub_thread_key_create	_getdns_ub_thread_key_create
+#define ub_thread_key_set	_getdns_ub_thread_key_set
+#define ub_thread_key_get	_getdns_ub_thread_key_get
+#endif
+
+#ifdef HAVE_WINDOWS_THREADS
+#define lock_basic_type		_getdns_lock_basic_type
+#define lock_basic_init		_getdns_lock_basic_init
+#define lock_basic_destroy	_getdns_lock_basic_destroy
+#define lock_basic_lock		_getdns_lock_basic_lock_
+#define lock_basic_unlock	_getdns_lock_basic_unlock
+
+#define ub_thread_create	_getdns_ub_thread_create
+#define ub_thread_self		_getdns_ub_thread_self
+#endif
+
+#include "util/orig-headers/locks.h"
+#endif
diff --git a/src/util/lookup3.c b/src/util/lookup3.c
new file mode 100644
index 00000000..e9b05af3
--- /dev/null
+++ b/src/util/lookup3.c
@@ -0,0 +1,1032 @@
+/*
+  February 2013(Wouter) patch defines for BSD endianness, from Brad Smith.
+  January 2012(Wouter) added randomised initial value, fallout from 28c3.
+  March 2007(Wouter) adapted from lookup3.c original, add config.h include.
+     added #ifdef VALGRIND to remove 298,384,660 'unused variable k8' warnings.
+     added include of lookup3.h to check definitions match declarations.
+     removed include of stdint - config.h takes care of platform independence.
+  url http://burtleburtle.net/bob/hash/index.html.
+*/
+/*
+-------------------------------------------------------------------------------
+lookup3.c, by Bob Jenkins, May 2006, Public Domain.
+
+These are functions for producing 32-bit hashes for hash table lookup.
+hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() 
+are externally useful functions.  Routines to test the hash are included 
+if SELF_TEST is defined.  You can use this free for any purpose.  It's in
+the public domain.  It has no warranty.
+
+You probably want to use hashlittle().  hashlittle() and hashbig()
+hash byte arrays.  hashlittle() is is faster than hashbig() on
+little-endian machines.  Intel and AMD are little-endian machines.
+On second thought, you probably want hashlittle2(), which is identical to
+hashlittle() except it returns two 32-bit hashes for the price of one.  
+You could implement hashbig2() if you wanted but I haven't bothered here.
+
+If you want to find a hash of, say, exactly 7 integers, do
+  a = i1;  b = i2;  c = i3;
+  mix(a,b,c);
+  a += i4; b += i5; c += i6;
+  mix(a,b,c);
+  a += i7;
+  final(a,b,c);
+then use c as the hash value.  If you have a variable length array of
+4-byte integers to hash, use hashword().  If you have a byte array (like
+a character string), use hashlittle().  If you have several byte arrays, or
+a mix of things, see the comments above hashlittle().  
+
+Why is this so big?  I read 12 bytes at a time into 3 4-byte integers, 
+then mix those integers.  This is fast (you can do a lot more thorough
+mixing with 12*3 instructions on 3 integers than you can with 3 instructions
+on 1 byte), but shoehorning those bytes into integers efficiently is messy.
+-------------------------------------------------------------------------------
+*/
+/*#define SELF_TEST 1*/
+
+#include "config.h"
+#include "util/storage/lookup3.h"
+#include <stdio.h>      /* defines printf for tests */
+#include <time.h>       /* defines time_t for timings in the test */
+/*#include <stdint.h>     defines uint32_t etc  (from config.h) */
+#include <sys/param.h>  /* attempt to define endianness */
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h> /* attempt to define endianness (solaris) */
+#endif
+#if defined(linux) || defined(__OpenBSD__)
+#  ifdef HAVE_ENDIAN_H
+#    include <endian.h>    /* attempt to define endianness */
+#  else
+#    include <machine/endian.h> /* on older OpenBSD */
+#  endif
+#endif
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
+#include <sys/endian.h> /* attempt to define endianness */
+#endif
+
+/* random initial value */
+static uint32_t raninit = (uint32_t)0xdeadbeef;
+
+void
+hash_set_raninit(uint32_t v)
+{
+	raninit = v;
+}
+
+/*
+ * My best guess at if you are big-endian or little-endian.  This may
+ * need adjustment.
+ */
+#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
+     __BYTE_ORDER == __LITTLE_ENDIAN) || \
+    (defined(i386) || defined(__i386__) || defined(__i486__) || \
+     defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL) || defined(__x86))
+# define HASH_LITTLE_ENDIAN 1
+# define HASH_BIG_ENDIAN 0
+#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
+       __BYTE_ORDER == __BIG_ENDIAN) || \
+      (defined(sparc) || defined(__sparc) || defined(__sparc__) || defined(POWERPC) || defined(mc68000) || defined(sel))
+# define HASH_LITTLE_ENDIAN 0
+# define HASH_BIG_ENDIAN 1
+#elif defined(_MACHINE_ENDIAN_H_)
+/* test for machine_endian_h protects failure if some are empty strings */
+# if defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && _BYTE_ORDER == _BIG_ENDIAN
+#  define HASH_LITTLE_ENDIAN 0
+#  define HASH_BIG_ENDIAN 1
+# endif
+# if defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && _BYTE_ORDER == _LITTLE_ENDIAN
+#  define HASH_LITTLE_ENDIAN 1
+#  define HASH_BIG_ENDIAN 0
+# endif /* _MACHINE_ENDIAN_H_ */
+#else
+# define HASH_LITTLE_ENDIAN 0
+# define HASH_BIG_ENDIAN 0
+#endif
+
+#define hashsize(n) ((uint32_t)1<<(n))
+#define hashmask(n) (hashsize(n)-1)
+#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
+
+/*
+-------------------------------------------------------------------------------
+mix -- mix 3 32-bit values reversibly.
+
+This is reversible, so any information in (a,b,c) before mix() is
+still in (a,b,c) after mix().
+
+If four pairs of (a,b,c) inputs are run through mix(), or through
+mix() in reverse, there are at least 32 bits of the output that
+are sometimes the same for one pair and different for another pair.
+This was tested for:
+* pairs that differed by one bit, by two bits, in any combination
+  of top bits of (a,b,c), or in any combination of bottom bits of
+  (a,b,c).
+* "differ" is defined as +, -, ^, or ~^.  For + and -, I transformed
+  the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
+  is commonly produced by subtraction) look like a single 1-bit
+  difference.
+* the base values were pseudorandom, all zero but one bit set, or 
+  all zero plus a counter that starts at zero.
+
+Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that
+satisfy this are
+    4  6  8 16 19  4
+    9 15  3 18 27 15
+   14  9  3  7 17  3
+Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing
+for "differ" defined as + with a one-bit base and a two-bit delta.  I
+used http://burtleburtle.net/bob/hash/avalanche.html to choose 
+the operations, constants, and arrangements of the variables.
+
+This does not achieve avalanche.  There are input bits of (a,b,c)
+that fail to affect some output bits of (a,b,c), especially of a.  The
+most thoroughly mixed value is c, but it doesn't really even achieve
+avalanche in c.
+
+This allows some parallelism.  Read-after-writes are good at doubling
+the number of bits affected, so the goal of mixing pulls in the opposite
+direction as the goal of parallelism.  I did what I could.  Rotates
+seem to cost as much as shifts on every machine I could lay my hands
+on, and rotates are much kinder to the top and bottom bits, so I used
+rotates.
+-------------------------------------------------------------------------------
+*/
+#define mix(a,b,c) \
+{ \
+  a -= c;  a ^= rot(c, 4);  c += b; \
+  b -= a;  b ^= rot(a, 6);  a += c; \
+  c -= b;  c ^= rot(b, 8);  b += a; \
+  a -= c;  a ^= rot(c,16);  c += b; \
+  b -= a;  b ^= rot(a,19);  a += c; \
+  c -= b;  c ^= rot(b, 4);  b += a; \
+}
+
+/*
+-------------------------------------------------------------------------------
+final -- final mixing of 3 32-bit values (a,b,c) into c
+
+Pairs of (a,b,c) values differing in only a few bits will usually
+produce values of c that look totally different.  This was tested for
+* pairs that differed by one bit, by two bits, in any combination
+  of top bits of (a,b,c), or in any combination of bottom bits of
+  (a,b,c).
+* "differ" is defined as +, -, ^, or ~^.  For + and -, I transformed
+  the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
+  is commonly produced by subtraction) look like a single 1-bit
+  difference.
+* the base values were pseudorandom, all zero but one bit set, or 
+  all zero plus a counter that starts at zero.
+
+These constants passed:
+ 14 11 25 16 4 14 24
+ 12 14 25 16 4 14 24
+and these came close:
+  4  8 15 26 3 22 24
+ 10  8 15 26 3 22 24
+ 11  8 15 26 3 22 24
+-------------------------------------------------------------------------------
+*/
+#define final(a,b,c) \
+{ \
+  c ^= b; c -= rot(b,14); \
+  a ^= c; a -= rot(c,11); \
+  b ^= a; b -= rot(a,25); \
+  c ^= b; c -= rot(b,16); \
+  a ^= c; a -= rot(c,4);  \
+  b ^= a; b -= rot(a,14); \
+  c ^= b; c -= rot(b,24); \
+}
+
+/*
+--------------------------------------------------------------------
+ This works on all machines.  To be useful, it requires
+ -- that the key be an array of uint32_t's, and
+ -- that the length be the number of uint32_t's in the key
+
+ The function hashword() is identical to hashlittle() on little-endian
+ machines, and identical to hashbig() on big-endian machines,
+ except that the length has to be measured in uint32_ts rather than in
+ bytes.  hashlittle() is more complicated than hashword() only because
+ hashlittle() has to dance around fitting the key bytes into registers.
+--------------------------------------------------------------------
+*/
+uint32_t hashword(
+const uint32_t *k,                   /* the key, an array of uint32_t values */
+size_t          length,               /* the length of the key, in uint32_ts */
+uint32_t        initval)         /* the previous hash, or an arbitrary value */
+{
+  uint32_t a,b,c;
+
+  /* Set up the internal state */
+  a = b = c = raninit + (((uint32_t)length)<<2) + initval;
+
+  /*------------------------------------------------- handle most of the key */
+  while (length > 3)
+  {
+    a += k[0];
+    b += k[1];
+    c += k[2];
+    mix(a,b,c);
+    length -= 3;
+    k += 3;
+  }
+
+  /*------------------------------------------- handle the last 3 uint32_t's */
+  switch(length)                     /* all the case statements fall through */
+  { 
+  case 3 : c+=k[2];
+  case 2 : b+=k[1];
+  case 1 : a+=k[0];
+    final(a,b,c);
+  case 0:     /* case 0: nothing left to add */
+    break;
+  }
+  /*------------------------------------------------------ report the result */
+  return c;
+}
+
+
+#ifdef SELF_TEST
+
+/*
+--------------------------------------------------------------------
+hashword2() -- same as hashword(), but take two seeds and return two
+32-bit values.  pc and pb must both be nonnull, and *pc and *pb must
+both be initialized with seeds.  If you pass in (*pb)==0, the output 
+(*pc) will be the same as the return value from hashword().
+--------------------------------------------------------------------
+*/
+void hashword2 (
+const uint32_t *k,                   /* the key, an array of uint32_t values */
+size_t          length,               /* the length of the key, in uint32_ts */
+uint32_t       *pc,                      /* IN: seed OUT: primary hash value */
+uint32_t       *pb)               /* IN: more seed OUT: secondary hash value */
+{
+  uint32_t a,b,c;
+
+  /* Set up the internal state */
+  a = b = c = raninit + ((uint32_t)(length<<2)) + *pc;
+  c += *pb;
+
+  /*------------------------------------------------- handle most of the key */
+  while (length > 3)
+  {
+    a += k[0];
+    b += k[1];
+    c += k[2];
+    mix(a,b,c);
+    length -= 3;
+    k += 3;
+  }
+
+  /*------------------------------------------- handle the last 3 uint32_t's */
+  switch(length)                     /* all the case statements fall through */
+  { 
+  case 3 : c+=k[2];
+  case 2 : b+=k[1];
+  case 1 : a+=k[0];
+    final(a,b,c);
+  case 0:     /* case 0: nothing left to add */
+    break;
+  }
+  /*------------------------------------------------------ report the result */
+  *pc=c; *pb=b;
+}
+
+#endif /* SELF_TEST */
+
+/*
+-------------------------------------------------------------------------------
+hashlittle() -- hash a variable-length key into a 32-bit value
+  k       : the key (the unaligned variable-length array of bytes)
+  length  : the length of the key, counting by bytes
+  initval : can be any 4-byte value
+Returns a 32-bit value.  Every bit of the key affects every bit of
+the return value.  Two keys differing by one or two bits will have
+totally different hash values.
+
+The best hash table sizes are powers of 2.  There is no need to do
+mod a prime (mod is sooo slow!).  If you need less than 32 bits,
+use a bitmask.  For example, if you need only 10 bits, do
+  h = (h & hashmask(10));
+In which case, the hash table should have hashsize(10) elements.
+
+If you are hashing n strings (uint8_t **)k, do it like this:
+  for (i=0, h=0; i<n; ++i) h = hashlittle( k[i], len[i], h);
+
+By Bob Jenkins, 2006.  bob_jenkins@burtleburtle.net.  You may use this
+code any way you wish, private, educational, or commercial.  It's free.
+
+Use for hash table lookup, or anything where one collision in 2^^32 is
+acceptable.  Do NOT use for cryptographic purposes.
+-------------------------------------------------------------------------------
+*/
+
+uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
+{
+  uint32_t a,b,c;                                          /* internal state */
+  union { const void *ptr; size_t i; } u;     /* needed for Mac Powerbook G4 */
+
+  /* Set up the internal state */
+  a = b = c = raninit + ((uint32_t)length) + initval;
+
+  u.ptr = key;
+  if (HASH_LITTLE_ENDIAN && ((u.i & 0x3) == 0)) {
+    const uint32_t *k = (const uint32_t *)key;         /* read 32-bit chunks */
+#ifdef VALGRIND
+    const uint8_t  *k8;
+#endif
+
+    /*------ all but last block: aligned reads and affect 32 bits of (a,b,c) */
+    while (length > 12)
+    {
+      a += k[0];
+      b += k[1];
+      c += k[2];
+      mix(a,b,c);
+      length -= 12;
+      k += 3;
+    }
+
+    /*----------------------------- handle the last (probably partial) block */
+    /* 
+     * "k[2]&0xffffff" actually reads beyond the end of the string, but
+     * then masks off the part it's not allowed to read.  Because the
+     * string is aligned, the masked-off tail is in the same word as the
+     * rest of the string.  Every machine with memory protection I've seen
+     * does it on word boundaries, so is OK with this.  But VALGRIND will
+     * still catch it and complain.  The masking trick does make the hash
+     * noticeably faster for short strings (like English words).
+     */
+#ifndef VALGRIND
+
+    switch(length)
+    {
+    case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
+    case 11: c+=k[2]&0xffffff; b+=k[1]; a+=k[0]; break;
+    case 10: c+=k[2]&0xffff; b+=k[1]; a+=k[0]; break;
+    case 9 : c+=k[2]&0xff; b+=k[1]; a+=k[0]; break;
+    case 8 : b+=k[1]; a+=k[0]; break;
+    case 7 : b+=k[1]&0xffffff; a+=k[0]; break;
+    case 6 : b+=k[1]&0xffff; a+=k[0]; break;
+    case 5 : b+=k[1]&0xff; a+=k[0]; break;
+    case 4 : a+=k[0]; break;
+    case 3 : a+=k[0]&0xffffff; break;
+    case 2 : a+=k[0]&0xffff; break;
+    case 1 : a+=k[0]&0xff; break;
+    case 0 : return c;              /* zero length strings require no mixing */
+    }
+
+#else /* make valgrind happy */
+
+    k8 = (const uint8_t *)k;
+    switch(length)
+    {
+    case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
+    case 11: c+=((uint32_t)k8[10])<<16;  /* fall through */
+    case 10: c+=((uint32_t)k8[9])<<8;    /* fall through */
+    case 9 : c+=k8[8];                   /* fall through */
+    case 8 : b+=k[1]; a+=k[0]; break;
+    case 7 : b+=((uint32_t)k8[6])<<16;   /* fall through */
+    case 6 : b+=((uint32_t)k8[5])<<8;    /* fall through */
+    case 5 : b+=k8[4];                   /* fall through */
+    case 4 : a+=k[0]; break;
+    case 3 : a+=((uint32_t)k8[2])<<16;   /* fall through */
+    case 2 : a+=((uint32_t)k8[1])<<8;    /* fall through */
+    case 1 : a+=k8[0]; break;
+    case 0 : return c;
+    }
+
+#endif /* !valgrind */
+
+  } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) {
+    const uint16_t *k = (const uint16_t *)key;         /* read 16-bit chunks */
+    const uint8_t  *k8;
+
+    /*--------------- all but last block: aligned reads and different mixing */
+    while (length > 12)
+    {
+      a += k[0] + (((uint32_t)k[1])<<16);
+      b += k[2] + (((uint32_t)k[3])<<16);
+      c += k[4] + (((uint32_t)k[5])<<16);
+      mix(a,b,c);
+      length -= 12;
+      k += 6;
+    }
+
+    /*----------------------------- handle the last (probably partial) block */
+    k8 = (const uint8_t *)k;
+    switch(length)
+    {
+    case 12: c+=k[4]+(((uint32_t)k[5])<<16);
+             b+=k[2]+(((uint32_t)k[3])<<16);
+             a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 11: c+=((uint32_t)k8[10])<<16;     /* fall through */
+    case 10: c+=k[4];
+             b+=k[2]+(((uint32_t)k[3])<<16);
+             a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 9 : c+=k8[8];                      /* fall through */
+    case 8 : b+=k[2]+(((uint32_t)k[3])<<16);
+             a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 7 : b+=((uint32_t)k8[6])<<16;      /* fall through */
+    case 6 : b+=k[2];
+             a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 5 : b+=k8[4];                      /* fall through */
+    case 4 : a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 3 : a+=((uint32_t)k8[2])<<16;      /* fall through */
+    case 2 : a+=k[0];
+             break;
+    case 1 : a+=k8[0];
+             break;
+    case 0 : return c;                     /* zero length requires no mixing */
+    }
+
+  } else {                        /* need to read the key one byte at a time */
+    const uint8_t *k = (const uint8_t *)key;
+
+    /*--------------- all but the last block: affect some 32 bits of (a,b,c) */
+    while (length > 12)
+    {
+      a += k[0];
+      a += ((uint32_t)k[1])<<8;
+      a += ((uint32_t)k[2])<<16;
+      a += ((uint32_t)k[3])<<24;
+      b += k[4];
+      b += ((uint32_t)k[5])<<8;
+      b += ((uint32_t)k[6])<<16;
+      b += ((uint32_t)k[7])<<24;
+      c += k[8];
+      c += ((uint32_t)k[9])<<8;
+      c += ((uint32_t)k[10])<<16;
+      c += ((uint32_t)k[11])<<24;
+      mix(a,b,c);
+      length -= 12;
+      k += 12;
+    }
+
+    /*-------------------------------- last block: affect all 32 bits of (c) */
+    switch(length)                   /* all the case statements fall through */
+    {
+    case 12: c+=((uint32_t)k[11])<<24;
+    case 11: c+=((uint32_t)k[10])<<16;
+    case 10: c+=((uint32_t)k[9])<<8;
+    case 9 : c+=k[8];
+    case 8 : b+=((uint32_t)k[7])<<24;
+    case 7 : b+=((uint32_t)k[6])<<16;
+    case 6 : b+=((uint32_t)k[5])<<8;
+    case 5 : b+=k[4];
+    case 4 : a+=((uint32_t)k[3])<<24;
+    case 3 : a+=((uint32_t)k[2])<<16;
+    case 2 : a+=((uint32_t)k[1])<<8;
+    case 1 : a+=k[0];
+             break;
+    case 0 : return c;
+    }
+  }
+
+  final(a,b,c);
+  return c;
+}
+
+#ifdef SELF_TEST
+
+/*
+ * hashlittle2: return 2 32-bit hash values
+ *
+ * This is identical to hashlittle(), except it returns two 32-bit hash
+ * values instead of just one.  This is good enough for hash table
+ * lookup with 2^^64 buckets, or if you want a second hash if you're not
+ * happy with the first, or if you want a probably-unique 64-bit ID for
+ * the key.  *pc is better mixed than *pb, so use *pc first.  If you want
+ * a 64-bit value do something like "*pc + (((uint64_t)*pb)<<32)".
+ */
+void hashlittle2( 
+  const void *key,       /* the key to hash */
+  size_t      length,    /* length of the key */
+  uint32_t   *pc,        /* IN: primary initval, OUT: primary hash */
+  uint32_t   *pb)        /* IN: secondary initval, OUT: secondary hash */
+{
+  uint32_t a,b,c;                                          /* internal state */
+  union { const void *ptr; size_t i; } u;     /* needed for Mac Powerbook G4 */
+
+  /* Set up the internal state */
+  a = b = c = raninit + ((uint32_t)length) + *pc;
+  c += *pb;
+
+  u.ptr = key;
+  if (HASH_LITTLE_ENDIAN && ((u.i & 0x3) == 0)) {
+    const uint32_t *k = (const uint32_t *)key;         /* read 32-bit chunks */
+#ifdef VALGRIND
+    const uint8_t  *k8;
+#endif
+
+    /*------ all but last block: aligned reads and affect 32 bits of (a,b,c) */
+    while (length > 12)
+    {
+      a += k[0];
+      b += k[1];
+      c += k[2];
+      mix(a,b,c);
+      length -= 12;
+      k += 3;
+    }
+
+    /*----------------------------- handle the last (probably partial) block */
+    /* 
+     * "k[2]&0xffffff" actually reads beyond the end of the string, but
+     * then masks off the part it's not allowed to read.  Because the
+     * string is aligned, the masked-off tail is in the same word as the
+     * rest of the string.  Every machine with memory protection I've seen
+     * does it on word boundaries, so is OK with this.  But VALGRIND will
+     * still catch it and complain.  The masking trick does make the hash
+     * noticeably faster for short strings (like English words).
+     */
+#ifndef VALGRIND
+
+    switch(length)
+    {
+    case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
+    case 11: c+=k[2]&0xffffff; b+=k[1]; a+=k[0]; break;
+    case 10: c+=k[2]&0xffff; b+=k[1]; a+=k[0]; break;
+    case 9 : c+=k[2]&0xff; b+=k[1]; a+=k[0]; break;
+    case 8 : b+=k[1]; a+=k[0]; break;
+    case 7 : b+=k[1]&0xffffff; a+=k[0]; break;
+    case 6 : b+=k[1]&0xffff; a+=k[0]; break;
+    case 5 : b+=k[1]&0xff; a+=k[0]; break;
+    case 4 : a+=k[0]; break;
+    case 3 : a+=k[0]&0xffffff; break;
+    case 2 : a+=k[0]&0xffff; break;
+    case 1 : a+=k[0]&0xff; break;
+    case 0 : *pc=c; *pb=b; return;  /* zero length strings require no mixing */
+    }
+
+#else /* make valgrind happy */
+
+    k8 = (const uint8_t *)k;
+    switch(length)
+    {
+    case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
+    case 11: c+=((uint32_t)k8[10])<<16;  /* fall through */
+    case 10: c+=((uint32_t)k8[9])<<8;    /* fall through */
+    case 9 : c+=k8[8];                   /* fall through */
+    case 8 : b+=k[1]; a+=k[0]; break;
+    case 7 : b+=((uint32_t)k8[6])<<16;   /* fall through */
+    case 6 : b+=((uint32_t)k8[5])<<8;    /* fall through */
+    case 5 : b+=k8[4];                   /* fall through */
+    case 4 : a+=k[0]; break;
+    case 3 : a+=((uint32_t)k8[2])<<16;   /* fall through */
+    case 2 : a+=((uint32_t)k8[1])<<8;    /* fall through */
+    case 1 : a+=k8[0]; break;
+    case 0 : *pc=c; *pb=b; return;  /* zero length strings require no mixing */
+    }
+
+#endif /* !valgrind */
+
+  } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) {
+    const uint16_t *k = (const uint16_t *)key;         /* read 16-bit chunks */
+    const uint8_t  *k8;
+
+    /*--------------- all but last block: aligned reads and different mixing */
+    while (length > 12)
+    {
+      a += k[0] + (((uint32_t)k[1])<<16);
+      b += k[2] + (((uint32_t)k[3])<<16);
+      c += k[4] + (((uint32_t)k[5])<<16);
+      mix(a,b,c);
+      length -= 12;
+      k += 6;
+    }
+
+    /*----------------------------- handle the last (probably partial) block */
+    k8 = (const uint8_t *)k;
+    switch(length)
+    {
+    case 12: c+=k[4]+(((uint32_t)k[5])<<16);
+             b+=k[2]+(((uint32_t)k[3])<<16);
+             a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 11: c+=((uint32_t)k8[10])<<16;     /* fall through */
+    case 10: c+=k[4];
+             b+=k[2]+(((uint32_t)k[3])<<16);
+             a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 9 : c+=k8[8];                      /* fall through */
+    case 8 : b+=k[2]+(((uint32_t)k[3])<<16);
+             a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 7 : b+=((uint32_t)k8[6])<<16;      /* fall through */
+    case 6 : b+=k[2];
+             a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 5 : b+=k8[4];                      /* fall through */
+    case 4 : a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 3 : a+=((uint32_t)k8[2])<<16;      /* fall through */
+    case 2 : a+=k[0];
+             break;
+    case 1 : a+=k8[0];
+             break;
+    case 0 : *pc=c; *pb=b; return;  /* zero length strings require no mixing */
+    }
+
+  } else {                        /* need to read the key one byte at a time */
+    const uint8_t *k = (const uint8_t *)key;
+
+    /*--------------- all but the last block: affect some 32 bits of (a,b,c) */
+    while (length > 12)
+    {
+      a += k[0];
+      a += ((uint32_t)k[1])<<8;
+      a += ((uint32_t)k[2])<<16;
+      a += ((uint32_t)k[3])<<24;
+      b += k[4];
+      b += ((uint32_t)k[5])<<8;
+      b += ((uint32_t)k[6])<<16;
+      b += ((uint32_t)k[7])<<24;
+      c += k[8];
+      c += ((uint32_t)k[9])<<8;
+      c += ((uint32_t)k[10])<<16;
+      c += ((uint32_t)k[11])<<24;
+      mix(a,b,c);
+      length -= 12;
+      k += 12;
+    }
+
+    /*-------------------------------- last block: affect all 32 bits of (c) */
+    switch(length)                   /* all the case statements fall through */
+    {
+    case 12: c+=((uint32_t)k[11])<<24;
+    case 11: c+=((uint32_t)k[10])<<16;
+    case 10: c+=((uint32_t)k[9])<<8;
+    case 9 : c+=k[8];
+    case 8 : b+=((uint32_t)k[7])<<24;
+    case 7 : b+=((uint32_t)k[6])<<16;
+    case 6 : b+=((uint32_t)k[5])<<8;
+    case 5 : b+=k[4];
+    case 4 : a+=((uint32_t)k[3])<<24;
+    case 3 : a+=((uint32_t)k[2])<<16;
+    case 2 : a+=((uint32_t)k[1])<<8;
+    case 1 : a+=k[0];
+             break;
+    case 0 : *pc=c; *pb=b; return;  /* zero length strings require no mixing */
+    }
+  }
+
+  final(a,b,c);
+  *pc=c; *pb=b;
+}
+
+#endif /* SELF_TEST */
+
+#if 0	/* currently not used */
+
+/*
+ * hashbig():
+ * This is the same as hashword() on big-endian machines.  It is different
+ * from hashlittle() on all machines.  hashbig() takes advantage of
+ * big-endian byte ordering. 
+ */
+uint32_t hashbig( const void *key, size_t length, uint32_t initval)
+{
+  uint32_t a,b,c;
+  union { const void *ptr; size_t i; } u; /* to cast key to (size_t) happily */
+
+  /* Set up the internal state */
+  a = b = c = raninit + ((uint32_t)length) + initval;
+
+  u.ptr = key;
+  if (HASH_BIG_ENDIAN && ((u.i & 0x3) == 0)) {
+    const uint32_t *k = (const uint32_t *)key;         /* read 32-bit chunks */
+#ifdef VALGRIND
+    const uint8_t  *k8;
+#endif
+
+    /*------ all but last block: aligned reads and affect 32 bits of (a,b,c) */
+    while (length > 12)
+    {
+      a += k[0];
+      b += k[1];
+      c += k[2];
+      mix(a,b,c);
+      length -= 12;
+      k += 3;
+    }
+
+    /*----------------------------- handle the last (probably partial) block */
+    /* 
+     * "k[2]<<8" actually reads beyond the end of the string, but
+     * then shifts out the part it's not allowed to read.  Because the
+     * string is aligned, the illegal read is in the same word as the
+     * rest of the string.  Every machine with memory protection I've seen
+     * does it on word boundaries, so is OK with this.  But VALGRIND will
+     * still catch it and complain.  The masking trick does make the hash
+     * noticeably faster for short strings (like English words).
+     */
+#ifndef VALGRIND
+
+    switch(length)
+    {
+    case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
+    case 11: c+=k[2]&0xffffff00; b+=k[1]; a+=k[0]; break;
+    case 10: c+=k[2]&0xffff0000; b+=k[1]; a+=k[0]; break;
+    case 9 : c+=k[2]&0xff000000; b+=k[1]; a+=k[0]; break;
+    case 8 : b+=k[1]; a+=k[0]; break;
+    case 7 : b+=k[1]&0xffffff00; a+=k[0]; break;
+    case 6 : b+=k[1]&0xffff0000; a+=k[0]; break;
+    case 5 : b+=k[1]&0xff000000; a+=k[0]; break;
+    case 4 : a+=k[0]; break;
+    case 3 : a+=k[0]&0xffffff00; break;
+    case 2 : a+=k[0]&0xffff0000; break;
+    case 1 : a+=k[0]&0xff000000; break;
+    case 0 : return c;              /* zero length strings require no mixing */
+    }
+
+#else  /* make valgrind happy */
+
+    k8 = (const uint8_t *)k;
+    switch(length)                   /* all the case statements fall through */
+    {
+    case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
+    case 11: c+=((uint32_t)k8[10])<<8;  /* fall through */
+    case 10: c+=((uint32_t)k8[9])<<16;  /* fall through */
+    case 9 : c+=((uint32_t)k8[8])<<24;  /* fall through */
+    case 8 : b+=k[1]; a+=k[0]; break;
+    case 7 : b+=((uint32_t)k8[6])<<8;   /* fall through */
+    case 6 : b+=((uint32_t)k8[5])<<16;  /* fall through */
+    case 5 : b+=((uint32_t)k8[4])<<24;  /* fall through */
+    case 4 : a+=k[0]; break;
+    case 3 : a+=((uint32_t)k8[2])<<8;   /* fall through */
+    case 2 : a+=((uint32_t)k8[1])<<16;  /* fall through */
+    case 1 : a+=((uint32_t)k8[0])<<24; break;
+    case 0 : return c;
+    }
+
+#endif /* !VALGRIND */
+
+  } else {                        /* need to read the key one byte at a time */
+    const uint8_t *k = (const uint8_t *)key;
+
+    /*--------------- all but the last block: affect some 32 bits of (a,b,c) */
+    while (length > 12)
+    {
+      a += ((uint32_t)k[0])<<24;
+      a += ((uint32_t)k[1])<<16;
+      a += ((uint32_t)k[2])<<8;
+      a += ((uint32_t)k[3]);
+      b += ((uint32_t)k[4])<<24;
+      b += ((uint32_t)k[5])<<16;
+      b += ((uint32_t)k[6])<<8;
+      b += ((uint32_t)k[7]);
+      c += ((uint32_t)k[8])<<24;
+      c += ((uint32_t)k[9])<<16;
+      c += ((uint32_t)k[10])<<8;
+      c += ((uint32_t)k[11]);
+      mix(a,b,c);
+      length -= 12;
+      k += 12;
+    }
+
+    /*-------------------------------- last block: affect all 32 bits of (c) */
+    switch(length)                   /* all the case statements fall through */
+    {
+    case 12: c+=k[11];
+    case 11: c+=((uint32_t)k[10])<<8;
+    case 10: c+=((uint32_t)k[9])<<16;
+    case 9 : c+=((uint32_t)k[8])<<24;
+    case 8 : b+=k[7];
+    case 7 : b+=((uint32_t)k[6])<<8;
+    case 6 : b+=((uint32_t)k[5])<<16;
+    case 5 : b+=((uint32_t)k[4])<<24;
+    case 4 : a+=k[3];
+    case 3 : a+=((uint32_t)k[2])<<8;
+    case 2 : a+=((uint32_t)k[1])<<16;
+    case 1 : a+=((uint32_t)k[0])<<24;
+             break;
+    case 0 : return c;
+    }
+  }
+
+  final(a,b,c);
+  return c;
+}
+
+#endif /* 0 == currently not used */
+
+#ifdef SELF_TEST
+
+/* used for timings */
+void driver1(void)
+{
+  uint8_t buf[256];
+  uint32_t i;
+  uint32_t h=0;
+  time_t a,z;
+
+  time(&a);
+  for (i=0; i<256; ++i) buf[i] = 'x';
+  for (i=0; i<1; ++i) 
+  {
+    h = hashlittle(&buf[0],1,h);
+  }
+  time(&z);
+  if (z-a > 0) printf("time %d %.8x\n", z-a, h);
+}
+
+/* check that every input bit changes every output bit half the time */
+#define HASHSTATE 1
+#define HASHLEN   1
+#define MAXPAIR 60
+#define MAXLEN  70
+void driver2(void)
+{
+  uint8_t qa[MAXLEN+1], qb[MAXLEN+2], *a = &qa[0], *b = &qb[1];
+  uint32_t c[HASHSTATE], d[HASHSTATE], i=0, j=0, k, l, m=0, z;
+  uint32_t e[HASHSTATE],f[HASHSTATE],g[HASHSTATE],h[HASHSTATE];
+  uint32_t x[HASHSTATE],y[HASHSTATE];
+  uint32_t hlen;
+
+  printf("No more than %d trials should ever be needed \n",MAXPAIR/2);
+  for (hlen=0; hlen < MAXLEN; ++hlen)
+  {
+    z=0;
+    for (i=0; i<hlen; ++i)  /*----------------------- for each input byte, */
+    {
+      for (j=0; j<8; ++j)   /*------------------------ for each input bit, */
+      {
+	for (m=1; m<8; ++m) /*------------ for several possible initvals, */
+	{
+	  for (l=0; l<HASHSTATE; ++l)
+	    e[l]=f[l]=g[l]=h[l]=x[l]=y[l]=~((uint32_t)0);
+
+      	  /*---- check that every output bit is affected by that input bit */
+	  for (k=0; k<MAXPAIR; k+=2)
+	  { 
+	    uint32_t finished=1;
+	    /* keys have one bit different */
+	    for (l=0; l<hlen+1; ++l) {a[l] = b[l] = (uint8_t)0;}
+	    /* have a and b be two keys differing in only one bit */
+	    a[i] ^= (k<<j);
+	    a[i] ^= (k>>(8-j));
+	     c[0] = hashlittle(a, hlen, m);
+	    b[i] ^= ((k+1)<<j);
+	    b[i] ^= ((k+1)>>(8-j));
+	     d[0] = hashlittle(b, hlen, m);
+	    /* check every bit is 1, 0, set, and not set at least once */
+	    for (l=0; l<HASHSTATE; ++l)
+	    {
+	      e[l] &= (c[l]^d[l]);
+	      f[l] &= ~(c[l]^d[l]);
+	      g[l] &= c[l];
+	      h[l] &= ~c[l];
+	      x[l] &= d[l];
+	      y[l] &= ~d[l];
+	      if (e[l]|f[l]|g[l]|h[l]|x[l]|y[l]) finished=0;
+	    }
+	    if (finished) break;
+	  }
+	  if (k>z) z=k;
+	  if (k==MAXPAIR) 
+	  {
+	     printf("Some bit didn't change: ");
+	     printf("%.8x %.8x %.8x %.8x %.8x %.8x  ",
+	            e[0],f[0],g[0],h[0],x[0],y[0]);
+	     printf("i %d j %d m %d len %d\n", i, j, m, hlen);
+	  }
+	  if (z==MAXPAIR) goto done;
+	}
+      }
+    }
+   done:
+    if (z < MAXPAIR)
+    {
+      printf("Mix success  %2d bytes  %2d initvals  ",i,m);
+      printf("required  %d  trials\n", z/2);
+    }
+  }
+  printf("\n");
+}
+
+/* Check for reading beyond the end of the buffer and alignment problems */
+void driver3(void)
+{
+  uint8_t buf[MAXLEN+20], *b;
+  uint32_t len;
+  uint8_t q[] = "This is the time for all good men to come to the aid of their country...";
+  uint32_t h;
+  uint8_t qq[] = "xThis is the time for all good men to come to the aid of their country...";
+  uint32_t i;
+  uint8_t qqq[] = "xxThis is the time for all good men to come to the aid of their country...";
+  uint32_t j;
+  uint8_t qqqq[] = "xxxThis is the time for all good men to come to the aid of their country...";
+  uint32_t ref,x,y;
+  uint8_t *p;
+
+  printf("Endianness.  These lines should all be the same (for values filled in):\n");
+  printf("%.8x                            %.8x                            %.8x\n",
+         hashword((const uint32_t *)q, (sizeof(q)-1)/4, 13),
+         hashword((const uint32_t *)q, (sizeof(q)-5)/4, 13),
+         hashword((const uint32_t *)q, (sizeof(q)-9)/4, 13));
+  p = q;
+  printf("%.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x\n",
+         hashlittle(p, sizeof(q)-1, 13), hashlittle(p, sizeof(q)-2, 13),
+         hashlittle(p, sizeof(q)-3, 13), hashlittle(p, sizeof(q)-4, 13),
+         hashlittle(p, sizeof(q)-5, 13), hashlittle(p, sizeof(q)-6, 13),
+         hashlittle(p, sizeof(q)-7, 13), hashlittle(p, sizeof(q)-8, 13),
+         hashlittle(p, sizeof(q)-9, 13), hashlittle(p, sizeof(q)-10, 13),
+         hashlittle(p, sizeof(q)-11, 13), hashlittle(p, sizeof(q)-12, 13));
+  p = &qq[1];
+  printf("%.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x\n",
+         hashlittle(p, sizeof(q)-1, 13), hashlittle(p, sizeof(q)-2, 13),
+         hashlittle(p, sizeof(q)-3, 13), hashlittle(p, sizeof(q)-4, 13),
+         hashlittle(p, sizeof(q)-5, 13), hashlittle(p, sizeof(q)-6, 13),
+         hashlittle(p, sizeof(q)-7, 13), hashlittle(p, sizeof(q)-8, 13),
+         hashlittle(p, sizeof(q)-9, 13), hashlittle(p, sizeof(q)-10, 13),
+         hashlittle(p, sizeof(q)-11, 13), hashlittle(p, sizeof(q)-12, 13));
+  p = &qqq[2];
+  printf("%.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x\n",
+         hashlittle(p, sizeof(q)-1, 13), hashlittle(p, sizeof(q)-2, 13),
+         hashlittle(p, sizeof(q)-3, 13), hashlittle(p, sizeof(q)-4, 13),
+         hashlittle(p, sizeof(q)-5, 13), hashlittle(p, sizeof(q)-6, 13),
+         hashlittle(p, sizeof(q)-7, 13), hashlittle(p, sizeof(q)-8, 13),
+         hashlittle(p, sizeof(q)-9, 13), hashlittle(p, sizeof(q)-10, 13),
+         hashlittle(p, sizeof(q)-11, 13), hashlittle(p, sizeof(q)-12, 13));
+  p = &qqqq[3];
+  printf("%.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x %.8x\n",
+         hashlittle(p, sizeof(q)-1, 13), hashlittle(p, sizeof(q)-2, 13),
+         hashlittle(p, sizeof(q)-3, 13), hashlittle(p, sizeof(q)-4, 13),
+         hashlittle(p, sizeof(q)-5, 13), hashlittle(p, sizeof(q)-6, 13),
+         hashlittle(p, sizeof(q)-7, 13), hashlittle(p, sizeof(q)-8, 13),
+         hashlittle(p, sizeof(q)-9, 13), hashlittle(p, sizeof(q)-10, 13),
+         hashlittle(p, sizeof(q)-11, 13), hashlittle(p, sizeof(q)-12, 13));
+  printf("\n");
+
+  /* check that hashlittle2 and hashlittle produce the same results */
+  i=47; j=0;
+  hashlittle2(q, sizeof(q), &i, &j);
+  if (hashlittle(q, sizeof(q), 47) != i)
+    printf("hashlittle2 and hashlittle mismatch\n");
+
+  /* check that hashword2 and hashword produce the same results */
+  len = raninit;
+  i=47, j=0;
+  hashword2(&len, 1, &i, &j);
+  if (hashword(&len, 1, 47) != i)
+    printf("hashword2 and hashword mismatch %x %x\n", 
+	   i, hashword(&len, 1, 47));
+
+  /* check hashlittle doesn't read before or after the ends of the string */
+  for (h=0, b=buf+1; h<8; ++h, ++b)
+  {
+    for (i=0; i<MAXLEN; ++i)
+    {
+      len = i;
+      for (j=0; j<i; ++j) *(b+j)=0;
+
+      /* these should all be equal */
+      ref = hashlittle(b, len, (uint32_t)1);
+      *(b+i)=(uint8_t)~0;
+      *(b-1)=(uint8_t)~0;
+      x = hashlittle(b, len, (uint32_t)1);
+      y = hashlittle(b, len, (uint32_t)1);
+      if ((ref != x) || (ref != y)) 
+      {
+	printf("alignment error: %.8x %.8x %.8x %d %d\n",ref,x,y,
+               h, i);
+      }
+    }
+  }
+}
+
+/* check for problems with nulls */
+ void driver4(void)
+{
+  uint8_t buf[1];
+  uint32_t h,i,state[HASHSTATE];
+
+
+  buf[0] = ~0;
+  for (i=0; i<HASHSTATE; ++i) state[i] = 1;
+  printf("These should all be different\n");
+  for (i=0, h=0; i<8; ++i)
+  {
+    h = hashlittle(buf, 0, h);
+    printf("%2ld  0-byte strings, hash is  %.8x\n", i, h);
+  }
+}
+
+
+int main(void)
+{
+  driver1();   /* test that the key is hashed: used for timings */
+  driver2();   /* test that whole key is hashed thoroughly */
+  driver3();   /* test that nothing but the key is hashed */
+  driver4();   /* test hashing multiple buffers (all buffers are null) */
+  return 1;
+}
+
+#endif  /* SELF_TEST */
diff --git a/src/util/lookup3.h b/src/util/lookup3.h
new file mode 100644
index 00000000..c45480e4
--- /dev/null
+++ b/src/util/lookup3.h
@@ -0,0 +1,41 @@
+/**
+ *
+ * \file lookup3.h
+ * /brief Alternative symbol names for unbound's lookup3.h
+ *
+ */
+/*
+ * Copyright (c) 2017, NLnet Labs, the getdns team
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef LOOKUP3_H_SYMBOLS
+#define LOOKUP3_H_SYMBOLS
+
+#define hashword		_getdns_hashword
+#define hashlittle		_getdns_hashlittle
+#define hash_set_raninit	_getdns_hash_set_raninit
+
+#include "util/orig-headers/lookup3.h"
+#endif
diff --git a/src/util/lruhash.c b/src/util/lruhash.c
new file mode 100644
index 00000000..97e99960
--- /dev/null
+++ b/src/util/lruhash.c
@@ -0,0 +1,545 @@
+/*
+ * util/storage/lruhash.c - hashtable, hash function, LRU keeping.
+ *
+ * Copyright (c) 2007, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This file contains a hashtable with LRU keeping of entries.
+ *
+ */
+
+#include "config.h"
+#include "util/storage/lruhash.h"
+#include "util/fptr_wlist.h"
+
+void
+bin_init(struct lruhash_bin* array, size_t size)
+{
+	size_t i;
+#ifdef THREADS_DISABLED
+	(void)array;
+#endif
+	for(i=0; i<size; i++) {
+		lock_quick_init(&array[i].lock);
+		lock_protect(&array[i].lock, &array[i], 
+			sizeof(struct lruhash_bin));
+	}
+}
+
+struct lruhash* 
+lruhash_create(size_t start_size, size_t maxmem,
+	lruhash_sizefunc_type sizefunc, lruhash_compfunc_type compfunc,
+	lruhash_delkeyfunc_type delkeyfunc,
+	lruhash_deldatafunc_type deldatafunc, void* arg)
+{
+	struct lruhash* table = (struct lruhash*)calloc(1, 
+		sizeof(struct lruhash));
+	if(!table)
+		return NULL;
+	lock_quick_init(&table->lock);
+	table->sizefunc = sizefunc;
+	table->compfunc = compfunc;
+	table->delkeyfunc = delkeyfunc;
+	table->deldatafunc = deldatafunc;
+	table->cb_arg = arg;
+	table->size = start_size;
+	table->size_mask = (int)(start_size-1);
+	table->lru_start = NULL;
+	table->lru_end = NULL;
+	table->num = 0;
+	table->space_used = 0;
+	table->space_max = maxmem;
+	table->array = calloc(table->size, sizeof(struct lruhash_bin));
+	if(!table->array) {
+		lock_quick_destroy(&table->lock);
+		free(table);
+		return NULL;
+	}
+	bin_init(table->array, table->size);
+	lock_protect(&table->lock, table, sizeof(*table));
+	lock_protect(&table->lock, table->array, 
+		table->size*sizeof(struct lruhash_bin));
+	return table;
+}
+
+void 
+bin_delete(struct lruhash* table, struct lruhash_bin* bin)
+{
+	struct lruhash_entry* p, *np;
+	void *d;
+	if(!bin)
+		return;
+	lock_quick_destroy(&bin->lock);
+	p = bin->overflow_list;
+	bin->overflow_list = NULL;
+	while(p) {
+		np = p->overflow_next;
+		d = p->data;
+		(*table->delkeyfunc)(p->key, table->cb_arg);
+		(*table->deldatafunc)(d, table->cb_arg);
+		p = np;
+	}
+}
+
+void 
+bin_split(struct lruhash* table, struct lruhash_bin* newa, 
+	int newmask)
+{
+	size_t i;
+	struct lruhash_entry *p, *np;
+	struct lruhash_bin* newbin;
+	/* move entries to new table. Notice that since hash x is mapped to
+	 * bin x & mask, and new mask uses one more bit, so all entries in
+	 * one bin will go into the old bin or bin | newbit */
+#ifndef THREADS_DISABLED
+	int newbit = newmask - table->size_mask;
+#endif
+	/* so, really, this task could also be threaded, per bin. */
+	/* LRU list is not changed */
+	for(i=0; i<table->size; i++)
+	{
+		lock_quick_lock(&table->array[i].lock);
+		p = table->array[i].overflow_list;
+		/* lock both destination bins */
+		lock_quick_lock(&newa[i].lock);
+		lock_quick_lock(&newa[newbit|i].lock);
+		while(p) {
+			np = p->overflow_next;
+			/* link into correct new bin */
+			newbin = &newa[p->hash & newmask];
+			p->overflow_next = newbin->overflow_list;
+			newbin->overflow_list = p;
+			p=np;
+		}
+		lock_quick_unlock(&newa[i].lock);
+		lock_quick_unlock(&newa[newbit|i].lock);
+		lock_quick_unlock(&table->array[i].lock);
+	}
+}
+
+void 
+lruhash_delete(struct lruhash* table)
+{
+	size_t i;
+	if(!table)
+		return;
+	/* delete lock on hashtable to force check its OK */
+	lock_quick_destroy(&table->lock);
+	for(i=0; i<table->size; i++)
+		bin_delete(table, &table->array[i]);
+	free(table->array);
+	free(table);
+}
+
+void 
+bin_overflow_remove(struct lruhash_bin* bin, struct lruhash_entry* entry)
+{
+	struct lruhash_entry* p = bin->overflow_list;
+	struct lruhash_entry** prevp = &bin->overflow_list;
+	while(p) {
+		if(p == entry) {
+			*prevp = p->overflow_next;
+			return;
+		}
+		prevp = &p->overflow_next;
+		p = p->overflow_next;
+	}
+}
+
+void 
+reclaim_space(struct lruhash* table, struct lruhash_entry** list)
+{
+	struct lruhash_entry* d;
+	struct lruhash_bin* bin;
+	log_assert(table);
+	/* does not delete MRU entry, so table will not be empty. */
+	while(table->num > 1 && table->space_used > table->space_max) {
+		/* notice that since we hold the hashtable lock, nobody
+		   can change the lru chain. So it cannot be deleted underneath
+		   us. We still need the hashbin and entry write lock to make 
+		   sure we flush all users away from the entry. 
+		   which is unlikely, since it is LRU, if someone got a rdlock
+		   it would be moved to front, but to be sure. */
+		d = table->lru_end;
+		/* specialised, delete from end of double linked list,
+		   and we know num>1, so there is a previous lru entry. */
+		log_assert(d && d->lru_prev);
+		table->lru_end = d->lru_prev;
+		d->lru_prev->lru_next = NULL;
+		/* schedule entry for deletion */
+		bin = &table->array[d->hash & table->size_mask];
+		table->num --;
+		lock_quick_lock(&bin->lock);
+		bin_overflow_remove(bin, d);
+		d->overflow_next = *list;
+		*list = d;
+		lock_rw_wrlock(&d->lock);
+		table->space_used -= table->sizefunc(d->key, d->data);
+		if(table->markdelfunc)
+			(*table->markdelfunc)(d->key);
+		lock_rw_unlock(&d->lock);
+		lock_quick_unlock(&bin->lock);
+	}
+}
+
+struct lruhash_entry* 
+bin_find_entry(struct lruhash* table, 
+	struct lruhash_bin* bin, hashvalue_type hash, void* key)
+{
+	struct lruhash_entry* p = bin->overflow_list;
+	while(p) {
+		if(p->hash == hash && table->compfunc(p->key, key) == 0)
+			return p;
+		p = p->overflow_next;
+	}
+	return NULL;
+}
+
+void 
+table_grow(struct lruhash* table)
+{
+	struct lruhash_bin* newa;
+	int newmask;
+	size_t i;
+	if(table->size_mask == (int)(((size_t)-1)>>1)) {
+		log_err("hash array malloc: size_t too small");
+		return;
+	}
+	/* try to allocate new array, if not fail */
+	newa = calloc(table->size*2, sizeof(struct lruhash_bin));
+	if(!newa) {
+		log_err("hash grow: malloc failed");
+		/* continue with smaller array. Though its slower. */
+		return;
+	}
+	bin_init(newa, table->size*2);
+	newmask = (table->size_mask << 1) | 1;
+	bin_split(table, newa, newmask);
+	/* delete the old bins */
+	lock_unprotect(&table->lock, table->array);
+	for(i=0; i<table->size; i++) {
+		lock_quick_destroy(&table->array[i].lock);
+	}
+	free(table->array);
+	
+	table->size *= 2;
+	table->size_mask = newmask;
+	table->array = newa;
+	lock_protect(&table->lock, table->array, 
+		table->size*sizeof(struct lruhash_bin));
+	return;
+}
+
+void 
+lru_front(struct lruhash* table, struct lruhash_entry* entry)
+{
+	entry->lru_prev = NULL;
+	entry->lru_next = table->lru_start;
+	if(!table->lru_start)
+		table->lru_end = entry;
+	else	table->lru_start->lru_prev = entry;
+	table->lru_start = entry;
+}
+
+void 
+lru_remove(struct lruhash* table, struct lruhash_entry* entry)
+{
+	if(entry->lru_prev)
+		entry->lru_prev->lru_next = entry->lru_next;
+	else	table->lru_start = entry->lru_next;
+	if(entry->lru_next)
+		entry->lru_next->lru_prev = entry->lru_prev;
+	else	table->lru_end = entry->lru_prev;
+}
+
+void 
+lru_touch(struct lruhash* table, struct lruhash_entry* entry)
+{
+	log_assert(table && entry);
+	if(entry == table->lru_start)
+		return; /* nothing to do */
+	/* remove from current lru position */
+	lru_remove(table, entry);
+	/* add at front */
+	lru_front(table, entry);
+}
+
+void 
+lruhash_insert(struct lruhash* table, hashvalue_type hash,
+        struct lruhash_entry* entry, void* data, void* cb_arg)
+{
+	struct lruhash_bin* bin;
+	struct lruhash_entry* found, *reclaimlist=NULL;
+	size_t need_size;
+	fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc));
+	fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
+	fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
+	fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc));
+	fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
+	need_size = table->sizefunc(entry->key, data);
+	if(cb_arg == NULL) cb_arg = table->cb_arg;
+
+	/* find bin */
+	lock_quick_lock(&table->lock);
+	bin = &table->array[hash & table->size_mask];
+	lock_quick_lock(&bin->lock);
+
+	/* see if entry exists already */
+	if(!(found=bin_find_entry(table, bin, hash, entry->key))) {
+		/* if not: add to bin */
+		entry->overflow_next = bin->overflow_list;
+		bin->overflow_list = entry;
+		lru_front(table, entry);
+		table->num++;
+		table->space_used += need_size;
+	} else {
+		/* if so: update data - needs a writelock */
+		table->space_used += need_size -
+			(*table->sizefunc)(found->key, found->data);
+		(*table->delkeyfunc)(entry->key, cb_arg);
+		lru_touch(table, found);
+		lock_rw_wrlock(&found->lock);
+		(*table->deldatafunc)(found->data, cb_arg);
+		found->data = data;
+		lock_rw_unlock(&found->lock);
+	}
+	lock_quick_unlock(&bin->lock);
+	if(table->space_used > table->space_max)
+		reclaim_space(table, &reclaimlist);
+	if(table->num >= table->size)
+		table_grow(table);
+	lock_quick_unlock(&table->lock);
+
+	/* finish reclaim if any (outside of critical region) */
+	while(reclaimlist) {
+		struct lruhash_entry* n = reclaimlist->overflow_next;
+		void* d = reclaimlist->data;
+		(*table->delkeyfunc)(reclaimlist->key, cb_arg);
+		(*table->deldatafunc)(d, cb_arg);
+		reclaimlist = n;
+	}
+}
+
+struct lruhash_entry* 
+lruhash_lookup(struct lruhash* table, hashvalue_type hash, void* key, int wr)
+{
+	struct lruhash_entry* entry;
+	struct lruhash_bin* bin;
+	fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc));
+
+	lock_quick_lock(&table->lock);
+	bin = &table->array[hash & table->size_mask];
+	lock_quick_lock(&bin->lock);
+	if((entry=bin_find_entry(table, bin, hash, key)))
+		lru_touch(table, entry);
+	lock_quick_unlock(&table->lock);
+
+	if(entry) {
+		if(wr)	{ lock_rw_wrlock(&entry->lock); }
+		else	{ lock_rw_rdlock(&entry->lock); }
+	}
+	lock_quick_unlock(&bin->lock);
+	return entry;
+}
+
+void 
+lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key)
+{
+	struct lruhash_entry* entry;
+	struct lruhash_bin* bin;
+	void *d;
+	fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc));
+	fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
+	fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
+	fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc));
+	fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
+
+	lock_quick_lock(&table->lock);
+	bin = &table->array[hash & table->size_mask];
+	lock_quick_lock(&bin->lock);
+	if((entry=bin_find_entry(table, bin, hash, key))) {
+		bin_overflow_remove(bin, entry);
+		lru_remove(table, entry);
+	} else {
+		lock_quick_unlock(&table->lock);
+		lock_quick_unlock(&bin->lock);
+		return;
+	}
+	table->num--;
+	table->space_used -= (*table->sizefunc)(entry->key, entry->data);
+	lock_quick_unlock(&table->lock);
+	lock_rw_wrlock(&entry->lock);
+	if(table->markdelfunc)
+		(*table->markdelfunc)(entry->key);
+	lock_rw_unlock(&entry->lock);
+	lock_quick_unlock(&bin->lock);
+	/* finish removal */
+	d = entry->data;
+	(*table->delkeyfunc)(entry->key, table->cb_arg);
+	(*table->deldatafunc)(d, table->cb_arg);
+}
+
+/** clear bin, respecting locks, does not do space, LRU */
+static void
+bin_clear(struct lruhash* table, struct lruhash_bin* bin)
+{
+	struct lruhash_entry* p, *np;
+	void *d;
+	lock_quick_lock(&bin->lock);
+	p = bin->overflow_list; 
+	while(p) {
+		lock_rw_wrlock(&p->lock);
+		np = p->overflow_next;
+		d = p->data;
+		if(table->markdelfunc)
+			(*table->markdelfunc)(p->key);
+		lock_rw_unlock(&p->lock);
+		(*table->delkeyfunc)(p->key, table->cb_arg);
+		(*table->deldatafunc)(d, table->cb_arg);
+		p = np;
+	}
+	bin->overflow_list = NULL;
+	lock_quick_unlock(&bin->lock);
+}
+
+void
+lruhash_clear(struct lruhash* table)
+{
+	size_t i;
+	if(!table)
+		return;
+	fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
+	fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
+	fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
+
+	lock_quick_lock(&table->lock);
+	for(i=0; i<table->size; i++) {
+		bin_clear(table, &table->array[i]);
+	}
+	table->lru_start = NULL;
+	table->lru_end = NULL;
+	table->num = 0;
+	table->space_used = 0;
+	lock_quick_unlock(&table->lock);
+}
+
+void 
+lruhash_status(struct lruhash* table, const char* id, int extended)
+{
+	lock_quick_lock(&table->lock);
+	log_info("%s: %u entries, memory %u / %u",
+		id, (unsigned)table->num, (unsigned)table->space_used,
+		(unsigned)table->space_max);
+	log_info("  itemsize %u, array %u, mask %d",
+		(unsigned)(table->num? table->space_used/table->num : 0),
+		(unsigned)table->size, table->size_mask);
+	if(extended) {
+		size_t i;
+		int min=(int)table->size*2, max=-2;
+		for(i=0; i<table->size; i++) {
+			int here = 0;
+			struct lruhash_entry *en;
+			lock_quick_lock(&table->array[i].lock);
+			en = table->array[i].overflow_list;
+			while(en) {
+				here ++;
+				en = en->overflow_next;
+			}
+			lock_quick_unlock(&table->array[i].lock);
+			if(extended >= 2)
+				log_info("bin[%d] %d", (int)i, here);
+			if(here > max) max = here;
+			if(here < min) min = here;
+		}
+		log_info("  bin min %d, avg %.2lf, max %d", min, 
+			(double)table->num/(double)table->size, max);
+	}
+	lock_quick_unlock(&table->lock);
+}
+
+size_t
+lruhash_get_mem(struct lruhash* table)
+{
+	size_t s;
+	lock_quick_lock(&table->lock);
+	s = sizeof(struct lruhash) + table->space_used;
+#ifdef USE_THREAD_DEBUG
+	if(table->size != 0) {
+		size_t i;
+		for(i=0; i<table->size; i++)
+			s += sizeof(struct lruhash_bin) + 
+				lock_get_mem(&table->array[i].lock);
+	}
+#else /* no THREAD_DEBUG */
+	if(table->size != 0)
+		s += (table->size)*(sizeof(struct lruhash_bin) + 
+			lock_get_mem(&table->array[0].lock));
+#endif
+	lock_quick_unlock(&table->lock);
+	s += lock_get_mem(&table->lock);
+	return s;
+}
+
+void 
+lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_type md)
+{
+	lock_quick_lock(&table->lock);
+	table->markdelfunc = md;
+	lock_quick_unlock(&table->lock);
+}
+
+void 
+lruhash_traverse(struct lruhash* h, int wr, 
+	void (*func)(struct lruhash_entry*, void*), void* arg)
+{
+	size_t i;
+	struct lruhash_entry* e;
+
+	lock_quick_lock(&h->lock);
+	for(i=0; i<h->size; i++) {
+		lock_quick_lock(&h->array[i].lock);
+		for(e = h->array[i].overflow_list; e; e = e->overflow_next) {
+			if(wr) {
+				lock_rw_wrlock(&e->lock);
+			} else {
+				lock_rw_rdlock(&e->lock);
+			}
+			(*func)(e, arg);
+			lock_rw_unlock(&e->lock);
+		}
+		lock_quick_unlock(&h->array[i].lock);
+	}
+	lock_quick_unlock(&h->lock);
+}
diff --git a/src/util/lruhash.h b/src/util/lruhash.h
new file mode 100644
index 00000000..17c8b551
--- /dev/null
+++ b/src/util/lruhash.h
@@ -0,0 +1,68 @@
+/**
+ *
+ * \file lruhash.h
+ * /brief Alternative symbol names for unbound's lruhash.h
+ *
+ */
+/*
+ * Copyright (c) 2017, NLnet Labs, the getdns team
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef LRUHASH_H_SYMBOLS
+#define LRUHASH_H_SYMBOLS
+
+#define lruhash				_getdns_lruhash
+#define lruhash_bin			_getdns_lruhash_bin
+#define lruhash_entry			_getdns_lruhash_entry
+#define hashvalue_type			_getdns_hashvalue_type
+#define lruhash_sizefunc_type		_getdns_lruhash_sizefunc_type
+#define lruhash_compfunc_type		_getdns_lruhash_compfunc_type
+#define lruhash_delkeyfunc_type		_getdns_lruhash_delkeyfunc_type
+#define lruhash_deldatafunc_type	_getdns_lruhash_deldatafunc_type
+#define lruhash_markdelfunc_type	_getdns_lruhash_markdelfunc_type
+#define lruhash_create			_getdns_lruhash_create
+#define lruhash_delete			_getdns_lruhash_delete
+#define lruhash_clear			_getdns_lruhash_clear
+#define lruhash_insert			_getdns_lruhash_insert
+#define lruhash_lookup			_getdns_lruhash_lookup
+#define lru_touch			_getdns_lru_touch
+#define lruhash_setmarkdel		_getdns_lruhash_setmarkdel
+
+#define lruhash_remove			_getdns_lruhash_remove
+#define bin_init			_getdns_bin_init
+#define bin_delete			_getdns_bin_delete
+#define bin_find_entry			_getdns_bin_find_entry
+#define bin_overflow_remove		_getdns_bin_overflow_remove
+#define bin_split			_getdns_bin_split
+#define reclaim_space			_getdns_reclaim_space
+#define table_grow			_getdns_table_grow
+#define lru_front			_getdns_lru_front
+#define lru_remove			_getdns_lru_remove
+#define lruhash_status			_getdns_lruhash_status
+#define lruhash_get_mem			_getdns_lruhash_get_mem
+#define lruhash_traverse		_getdns_lruhash_traverse
+
+#include "util/orig-headers/lruhash.h"
+#endif
diff --git a/src/util/orig-headers/locks.h b/src/util/orig-headers/locks.h
new file mode 100644
index 00000000..d86ee492
--- /dev/null
+++ b/src/util/orig-headers/locks.h
@@ -0,0 +1,313 @@
+/**
+ * util/locks.h - unbound locking primitives
+ *
+ * Copyright (c) 2007, NLnet Labs. All rights reserved.
+ * 
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef UTIL_LOCKS_H
+#define UTIL_LOCKS_H
+
+/**
+ * \file
+ * Locking primitives.
+ * If pthreads is available, these are used.
+ * If no locking exists, they do nothing.
+ *
+ * The idea is to have different sorts of locks for different tasks.
+ * This allows the locking code to be ported more easily.
+ *
+ * Types of locks that are supported.
+ *   o lock_rw: lock that has many readers and one writer (to a data entry).
+ *   o lock_basic: simple mutex. Blocking, one person has access only.
+ *     This lock is meant for non performance sensitive uses.
+ *   o lock_quick: speed lock. For performance sensitive locking of critical
+ *     sections. Could be implemented by a mutex or a spinlock.
+ * 
+ * Also thread creation and deletion functions are defined here.
+ */
+
+/* if you define your own LOCKRET before including locks.h, you can get most
+ * locking functions without the dependency on log_err. */
+#ifndef LOCKRET
+#include "util/log.h"
+/**
+ * The following macro is used to check the return value of the
+ * pthread calls. They return 0 on success and an errno on error.
+ * The errno is logged to the logfile with a descriptive comment.
+ */
+#define LOCKRET(func) do {\
+	int lockret_err;		\
+	if( (lockret_err=(func)) != 0)		\
+		log_err("%s at %d could not " #func ": %s", \
+		__FILE__, __LINE__, strerror(lockret_err));	\
+ 	} while(0)
+#endif
+
+/** DEBUG: use thread debug whenever possible */
+#if defined(HAVE_PTHREAD) && defined(HAVE_PTHREAD_SPINLOCK_T) && defined(ENABLE_LOCK_CHECKS)
+#  define USE_THREAD_DEBUG
+#endif
+
+#ifdef USE_THREAD_DEBUG
+/******************* THREAD DEBUG ************************/
+/* (some) checking; to detect races and deadlocks. */
+#include "testcode/checklocks.h"
+
+#else /* USE_THREAD_DEBUG */
+#define lock_protect(lock, area, size) /* nop */
+#define lock_unprotect(lock, area) /* nop */
+#define lock_get_mem(lock) (0) /* nothing */
+#define checklock_start() /* nop */
+#define checklock_stop() /* nop */
+
+#ifdef HAVE_PTHREAD
+#include <pthread.h>
+
+/******************* PTHREAD ************************/
+
+/** use pthread mutex for basic lock */
+typedef pthread_mutex_t lock_basic_type;
+/** small front for pthread init func, NULL is default attrs. */
+#define lock_basic_init(lock) LOCKRET(pthread_mutex_init(lock, NULL))
+#define lock_basic_destroy(lock) LOCKRET(pthread_mutex_destroy(lock))
+#define lock_basic_lock(lock) LOCKRET(pthread_mutex_lock(lock))
+#define lock_basic_unlock(lock) LOCKRET(pthread_mutex_unlock(lock))
+
+#ifndef HAVE_PTHREAD_RWLOCK_T
+/** in case rwlocks are not supported, use a mutex. */
+typedef pthread_mutex_t lock_rw_type;
+#define lock_rw_init(lock) LOCKRET(pthread_mutex_init(lock, NULL))
+#define lock_rw_destroy(lock) LOCKRET(pthread_mutex_destroy(lock))
+#define lock_rw_rdlock(lock) LOCKRET(pthread_mutex_lock(lock))
+#define lock_rw_wrlock(lock) LOCKRET(pthread_mutex_lock(lock))
+#define lock_rw_unlock(lock) LOCKRET(pthread_mutex_unlock(lock))
+#else /* HAVE_PTHREAD_RWLOCK_T */
+/** we use the pthread rwlock */
+typedef pthread_rwlock_t lock_rw_type;
+/** small front for pthread init func, NULL is default attrs. */
+#define lock_rw_init(lock) LOCKRET(pthread_rwlock_init(lock, NULL))
+#define lock_rw_destroy(lock) LOCKRET(pthread_rwlock_destroy(lock))
+#define lock_rw_rdlock(lock) LOCKRET(pthread_rwlock_rdlock(lock))
+#define lock_rw_wrlock(lock) LOCKRET(pthread_rwlock_wrlock(lock))
+#define lock_rw_unlock(lock) LOCKRET(pthread_rwlock_unlock(lock))
+#endif /* HAVE_PTHREAD_RWLOCK_T */
+
+#ifndef HAVE_PTHREAD_SPINLOCK_T
+/** in case spinlocks are not supported, use a mutex. */
+typedef pthread_mutex_t lock_quick_type;
+/** small front for pthread init func, NULL is default attrs. */
+#define lock_quick_init(lock) LOCKRET(pthread_mutex_init(lock, NULL))
+#define lock_quick_destroy(lock) LOCKRET(pthread_mutex_destroy(lock))
+#define lock_quick_lock(lock) LOCKRET(pthread_mutex_lock(lock))
+#define lock_quick_unlock(lock) LOCKRET(pthread_mutex_unlock(lock))
+
+#else /* HAVE_PTHREAD_SPINLOCK_T */
+/** use pthread spinlock for the quick lock */
+typedef pthread_spinlock_t lock_quick_type;
+/** 
+ * allocate process private since this is available whether
+ * Thread Process-Shared Synchronization is supported or not.
+ * This means only threads inside this process may access the lock.
+ * (not threads from another process that shares memory).
+ * spinlocks are not supported on all pthread platforms. 
+ */
+#define lock_quick_init(lock) LOCKRET(pthread_spin_init(lock, PTHREAD_PROCESS_PRIVATE))
+#define lock_quick_destroy(lock) LOCKRET(pthread_spin_destroy(lock))
+#define lock_quick_lock(lock) LOCKRET(pthread_spin_lock(lock))
+#define lock_quick_unlock(lock) LOCKRET(pthread_spin_unlock(lock))
+
+#endif /* HAVE SPINLOCK */
+
+/** Thread creation */
+typedef pthread_t ub_thread_type;
+/** On alpine linux default thread stack size is 80 Kb. See
+http://wiki.musl-libc.org/wiki/Functional_differences_from_glibc#Thread_stack_size
+This is not enough and cause segfault. Other linux distros have 2 Mb at least.
+Wrapper for set up thread stack size */
+#define PTHREADSTACKSIZE 2*1024*1024
+#define PTHREADCREATE(thr, stackrequired, func, arg) do {\
+	pthread_attr_t attr; \
+	size_t stacksize; \
+	LOCKRET(pthread_attr_init(&attr)); \
+	LOCKRET(pthread_attr_getstacksize(&attr, &stacksize)); \
+	if (stacksize < stackrequired) { \
+		LOCKRET(pthread_attr_setstacksize(&attr, stackrequired)); \
+		LOCKRET(pthread_create(thr, &attr, func, arg)); \
+		LOCKRET(pthread_attr_getstacksize(&attr, &stacksize)); \
+		verbose(VERB_ALGO, "Thread stack size set to %u", (unsigned)stacksize); \
+	} else {LOCKRET(pthread_create(thr, NULL, func, arg));} \
+	} while(0)
+/** Use wrapper for set thread stack size on attributes. */
+#define ub_thread_create(thr, func, arg) PTHREADCREATE(thr, PTHREADSTACKSIZE, func, arg)
+/** get self id. */
+#define ub_thread_self() pthread_self()
+/** wait for another thread to terminate */
+#define ub_thread_join(thread) LOCKRET(pthread_join(thread, NULL))
+typedef pthread_key_t ub_thread_key_type;
+#define ub_thread_key_create(key, f) LOCKRET(pthread_key_create(key, f))
+#define ub_thread_key_set(key, v) LOCKRET(pthread_setspecific(key, v))
+#define ub_thread_key_get(key) pthread_getspecific(key)
+
+#else /* we do not HAVE_PTHREAD */
+#ifdef HAVE_SOLARIS_THREADS
+
+/******************* SOLARIS THREADS ************************/
+#include <synch.h>
+#include <thread.h>
+
+typedef rwlock_t lock_rw_type;
+#define lock_rw_init(lock) LOCKRET(rwlock_init(lock, USYNC_THREAD, NULL))
+#define lock_rw_destroy(lock) LOCKRET(rwlock_destroy(lock))
+#define lock_rw_rdlock(lock) LOCKRET(rw_rdlock(lock))
+#define lock_rw_wrlock(lock) LOCKRET(rw_wrlock(lock))
+#define lock_rw_unlock(lock) LOCKRET(rw_unlock(lock))
+
+/** use basic mutex */
+typedef mutex_t lock_basic_type;
+#define lock_basic_init(lock) LOCKRET(mutex_init(lock, USYNC_THREAD, NULL))
+#define lock_basic_destroy(lock) LOCKRET(mutex_destroy(lock))
+#define lock_basic_lock(lock) LOCKRET(mutex_lock(lock))
+#define lock_basic_unlock(lock) LOCKRET(mutex_unlock(lock))
+
+/** No spinlocks in solaris threads API. Use a mutex. */
+typedef mutex_t lock_quick_type;
+#define lock_quick_init(lock) LOCKRET(mutex_init(lock, USYNC_THREAD, NULL))
+#define lock_quick_destroy(lock) LOCKRET(mutex_destroy(lock))
+#define lock_quick_lock(lock) LOCKRET(mutex_lock(lock))
+#define lock_quick_unlock(lock) LOCKRET(mutex_unlock(lock))
+
+/** Thread creation, create a default thread. */
+typedef thread_t ub_thread_type;
+#define ub_thread_create(thr, func, arg) LOCKRET(thr_create(NULL, NULL, func, arg, NULL, thr))
+#define ub_thread_self() thr_self()
+#define ub_thread_join(thread) LOCKRET(thr_join(thread, NULL, NULL))
+typedef thread_key_t ub_thread_key_type;
+#define ub_thread_key_create(key, f) LOCKRET(thr_keycreate(key, f))
+#define ub_thread_key_set(key, v) LOCKRET(thr_setspecific(key, v))
+void* ub_thread_key_get(ub_thread_key_type key);
+
+
+#else /* we do not HAVE_SOLARIS_THREADS and no PTHREADS */
+/******************* WINDOWS THREADS ************************/
+#ifdef HAVE_WINDOWS_THREADS
+#include <windows.h>
+
+/* Use a mutex */
+typedef LONG lock_rw_type;
+#define lock_rw_init(lock) lock_basic_init(lock)
+#define lock_rw_destroy(lock) lock_basic_destroy(lock)
+#define lock_rw_rdlock(lock) lock_basic_lock(lock)
+#define lock_rw_wrlock(lock) lock_basic_lock(lock)
+#define lock_rw_unlock(lock) lock_basic_unlock(lock)
+
+/** the basic lock is a mutex, implemented opaquely, for error handling. */
+typedef LONG lock_basic_type;
+void lock_basic_init(lock_basic_type* lock);
+void lock_basic_destroy(lock_basic_type* lock);
+void lock_basic_lock(lock_basic_type* lock);
+void lock_basic_unlock(lock_basic_type* lock);
+
+/** on windows no spinlock, use mutex too. */
+typedef LONG lock_quick_type;
+#define lock_quick_init(lock) lock_basic_init(lock)
+#define lock_quick_destroy(lock) lock_basic_destroy(lock)
+#define lock_quick_lock(lock) lock_basic_lock(lock)
+#define lock_quick_unlock(lock) lock_basic_unlock(lock)
+
+/** Thread creation, create a default thread. */
+typedef HANDLE ub_thread_type;
+void ub_thread_create(ub_thread_type* thr, void* (*func)(void*), void* arg);
+ub_thread_type ub_thread_self(void);
+void ub_thread_join(ub_thread_type thr);
+typedef DWORD ub_thread_key_type;
+void ub_thread_key_create(ub_thread_key_type* key, void* f);
+void ub_thread_key_set(ub_thread_key_type key, void* v);
+void* ub_thread_key_get(ub_thread_key_type key);
+
+#else /* we do not HAVE_SOLARIS_THREADS, PTHREADS or WINDOWS_THREADS */
+
+/******************* NO THREADS ************************/
+#define THREADS_DISABLED 1
+/** In case there is no thread support, define locks to do nothing */
+typedef int lock_rw_type;
+#define lock_rw_init(lock) /* nop */
+#define lock_rw_destroy(lock) /* nop */
+#define lock_rw_rdlock(lock) /* nop */
+#define lock_rw_wrlock(lock) /* nop */
+#define lock_rw_unlock(lock) /* nop */
+
+/** define locks to do nothing */
+typedef int lock_basic_type;
+#define lock_basic_init(lock) /* nop */
+#define lock_basic_destroy(lock) /* nop */
+#define lock_basic_lock(lock) /* nop */
+#define lock_basic_unlock(lock) /* nop */
+
+/** define locks to do nothing */
+typedef int lock_quick_type;
+#define lock_quick_init(lock) /* nop */
+#define lock_quick_destroy(lock) /* nop */
+#define lock_quick_lock(lock) /* nop */
+#define lock_quick_unlock(lock) /* nop */
+
+/** Thread creation, threads do not exist */
+typedef pid_t ub_thread_type;
+/** ub_thread_create is simulated with fork (extremely heavy threads,
+  * with no shared memory). */
+#define ub_thread_create(thr, func, arg) \
+	ub_thr_fork_create(thr, func, arg)
+#define ub_thread_self() getpid()
+#define ub_thread_join(thread) ub_thr_fork_wait(thread)
+void ub_thr_fork_wait(ub_thread_type thread);
+void ub_thr_fork_create(ub_thread_type* thr, void* (*func)(void*), void* arg);
+typedef void* ub_thread_key_type;
+#define ub_thread_key_create(key, f) (*(key)) = NULL
+#define ub_thread_key_set(key, v) (key) = (v)
+#define ub_thread_key_get(key) (key)
+
+#endif /* HAVE_WINDOWS_THREADS */
+#endif /* HAVE_SOLARIS_THREADS */
+#endif /* HAVE_PTHREAD */
+#endif /* USE_THREAD_DEBUG */
+
+/**
+ * Block all signals for this thread.
+ * fatal exit on error.
+ */
+void ub_thread_blocksigs(void);
+
+/**
+ * unblock one signal for this thread.
+ */
+void ub_thread_sig_unblock(int sig);
+
+#endif /* UTIL_LOCKS_H */
diff --git a/src/util/orig-headers/lookup3.h b/src/util/orig-headers/lookup3.h
new file mode 100644
index 00000000..59dad7c4
--- /dev/null
+++ b/src/util/orig-headers/lookup3.h
@@ -0,0 +1,71 @@
+/*
+ * util/storage/lookup3.h - header file for hashing functions.
+ *
+ * Copyright (c) 2007, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This file contains header definitions for the hash functions we use.
+ * The hash functions are public domain (see lookup3.c).
+ */
+
+#ifndef UTIL_STORAGE_LOOKUP3_H
+#define UTIL_STORAGE_LOOKUP3_H
+
+/**
+ * Hash key made of 4byte chunks.
+ * @param k: the key, an array of uint32_t values
+ * @param length: the length of the key, in uint32_ts
+ * @param initval: the previous hash, or an arbitrary value
+ * @return: hash value.
+ */
+uint32_t hashword(const uint32_t *k, size_t length, uint32_t initval);
+
+/**
+ * Hash key data.
+ * @param k: the key, array of uint8_t
+ * @param length: the length of the key, in uint8_ts
+ * @param initval: the previous hash, or an arbitrary value
+ * @return: hash value.
+ */
+uint32_t hashlittle(const void *k, size_t length, uint32_t initval);
+
+/**
+ * Set the randomisation initial value, set this before threads start,
+ * and before hashing stuff (because it changes subsequent results).
+ * @param v: value
+ */
+void hash_set_raninit(uint32_t v);
+
+#endif /* UTIL_STORAGE_LOOKUP3_H */
diff --git a/src/util/orig-headers/lruhash.h b/src/util/orig-headers/lruhash.h
new file mode 100644
index 00000000..c3937408
--- /dev/null
+++ b/src/util/orig-headers/lruhash.h
@@ -0,0 +1,414 @@
+/*
+ * util/storage/lruhash.h - hashtable, hash function, LRU keeping.
+ *
+ * Copyright (c) 2007, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This file contains a hashtable with LRU keeping of entries.
+ *
+ * The hash table keeps a maximum memory size. Old entries are removed
+ * to make space for new entries.
+ *
+ * The locking strategy is as follows:
+ * 	o since (almost) every read also implies a LRU update, the
+ *	  hashtable lock is a spinlock, not rwlock.
+ *	o the idea is to move every thread through the hash lock quickly,
+ *	  so that the next thread can access the lookup table.
+ *	o User performs hash function.
+ *
+ * For read:
+ *	o lock hashtable.
+ *		o lookup hash bin.
+ *		o lock hash bin.
+ *			o find entry (if failed, unlock hash, unl bin, exit).
+ *			o swizzle pointers for LRU update.
+ *		o unlock hashtable.
+ *		o lock entry (rwlock).
+ *		o unlock hash bin.
+ *		o work on entry.
+ *	o unlock entry.
+ *
+ * To update an entry, gain writelock and change the entry.
+ * (the entry must keep the same hashvalue, so a data update.)
+ * (you cannot upgrade a readlock to a writelock, because the item may
+ *  be deleted, it would cause race conditions. So instead, unlock and
+ *  relookup it in the hashtable.)
+ *
+ * To delete an entry:
+ *	o unlock the entry if you hold the lock already.
+ *	o lock hashtable.
+ *		o lookup hash bin.
+ *		o lock hash bin.
+ *			o find entry (if failed, unlock hash, unl bin, exit).
+ *			o remove entry from hashtable bin overflow chain.
+ *		o unlock hashtable.
+ *		o lock entry (writelock).
+ *		o unlock hash bin.
+ *	o unlock entry (nobody else should be waiting for this lock,
+ *	  since you removed it from hashtable, and you got writelock while
+ *	  holding the hashbinlock so you are the only one.)
+ * 	  Note you are only allowed to obtain a lock while holding hashbinlock.
+ *	o delete entry.
+ *
+ * The above sequence is:
+ *	o race free, works with read, write and delete.
+ *	o but has a queue, imagine someone needing a writelock on an item.
+ *	  but there are still readlocks. The writelocker waits, but holds
+ *	  the hashbinlock. The next thread that comes in and needs the same
+ * 	  hashbin will wait for the lock while holding the hashtable lock.
+ *	  thus halting the entire system on hashtable.
+ *	  This is because of the delete protection. 
+ *	  Readlocks will be easier on the rwlock on entries.
+ *	  While the writer is holding writelock, similar problems happen with
+ *	  a reader or writer needing the same item.
+ *	  the scenario requires more than three threads.
+ * 	o so the queue length is 3 threads in a bad situation. The fourth is
+ *	  unable to use the hashtable.
+ *
+ * If you need to acquire locks on multiple items from the hashtable.
+ *	o you MUST release all locks on items from the hashtable before
+ *	  doing the next lookup/insert/delete/whatever.
+ *	o To acquire multiple items you should use a special routine that
+ *	  obtains the locks on those multiple items in one go.
+ */
+
+#ifndef UTIL_STORAGE_LRUHASH_H
+#define UTIL_STORAGE_LRUHASH_H
+#include "util/locks.h"
+struct lruhash_bin;
+struct lruhash_entry;
+
+/** default start size for hash arrays */
+#define HASH_DEFAULT_STARTARRAY		1024 /* entries in array */
+/** default max memory for hash arrays */
+#define HASH_DEFAULT_MAXMEM		4*1024*1024 /* bytes */
+
+/** the type of a hash value */
+typedef uint32_t hashvalue_type;
+
+/** 
+ * Type of function that calculates the size of an entry.
+ * Result must include the size of struct lruhash_entry. 
+ * Keys that are identical must also calculate to the same size.
+ * size = func(key, data).
+ */
+typedef size_t (*lruhash_sizefunc_type)(void*, void*);
+
+/** type of function that compares two keys. return 0 if equal. */
+typedef int (*lruhash_compfunc_type)(void*, void*);
+
+/** old keys are deleted. 
+ * The RRset type has to revoke its ID number, markdel() is used first.
+ * This function is called: func(key, userarg) */
+typedef void (*lruhash_delkeyfunc_type)(void*, void*);
+
+/** old data is deleted. This function is called: func(data, userarg). */
+typedef void (*lruhash_deldatafunc_type)(void*, void*);
+
+/** mark a key as pending to be deleted (and not to be used by anyone). 
+ * called: func(key) */
+typedef void (*lruhash_markdelfunc_type)(void*);
+
+/**
+ * Hash table that keeps LRU list of entries.
+ */
+struct lruhash {
+	/** lock for exclusive access, to the lookup array */
+	lock_quick_type lock;
+	/** the size function for entries in this table */
+	lruhash_sizefunc_type sizefunc;
+	/** the compare function for entries in this table. */
+	lruhash_compfunc_type compfunc;
+	/** how to delete keys. */
+	lruhash_delkeyfunc_type delkeyfunc;
+	/** how to delete data. */
+	lruhash_deldatafunc_type deldatafunc;
+	/** how to mark a key pending deletion */
+	lruhash_markdelfunc_type markdelfunc;
+	/** user argument for user functions */
+	void* cb_arg;
+
+	/** the size of the lookup array */
+	size_t size;
+	/** size bitmask - since size is a power of 2 */
+	int size_mask;
+	/** lookup array of bins */
+	struct lruhash_bin* array;
+
+	/** the lru list, start and end, noncyclical double linked list. */
+	struct lruhash_entry* lru_start;
+	/** lru list end item (least recently used) */
+	struct lruhash_entry* lru_end;
+
+	/** the number of entries in the hash table. */
+	size_t num;
+	/** the amount of space used, roughly the number of bytes in use. */
+	size_t space_used;
+	/** the amount of space the hash table is maximally allowed to use. */
+	size_t space_max;
+};
+
+/**
+ * A single bin with a linked list of entries in it.
+ */
+struct lruhash_bin {
+	/** 
+	 * Lock for exclusive access to the linked list
+	 * This lock makes deletion of items safe in this overflow list.
+	 */
+	lock_quick_type lock;
+	/** linked list of overflow entries */
+	struct lruhash_entry* overflow_list;
+};
+
+/**
+ * An entry into the hash table.
+ * To change overflow_next you need to hold the bin lock.
+ * To change the lru items you need to hold the hashtable lock.
+ * This structure is designed as part of key struct. And key pointer helps
+ * to get the surrounding structure. Data should be allocated on its own.
+ */
+struct lruhash_entry {
+	/** 
+	 * rwlock for access to the contents of the entry
+	 * Note that it does _not_ cover the lru_ and overflow_ ptrs.
+	 * Even with a writelock, you cannot change hash and key.
+	 * You need to delete it to change hash or key.
+	 */
+	lock_rw_type lock;
+	/** next entry in overflow chain. Covered by hashlock and binlock. */
+	struct lruhash_entry* overflow_next;
+	/** next entry in lru chain. covered by hashlock. */
+	struct lruhash_entry* lru_next;
+	/** prev entry in lru chain. covered by hashlock. */
+	struct lruhash_entry* lru_prev;
+	/** hash value of the key. It may not change, until entry deleted. */
+	hashvalue_type hash;
+	/** key */
+	void* key;
+	/** data */
+	void* data;
+};
+
+/**
+ * Create new hash table.
+ * @param start_size: size of hashtable array at start, must be power of 2.
+ * @param maxmem: maximum amount of memory this table is allowed to use.
+ * @param sizefunc: calculates memory usage of entries.
+ * @param compfunc: compares entries, 0 on equality.
+ * @param delkeyfunc: deletes key.
+ *   Calling both delkey and deldata will also free the struct lruhash_entry.
+ *   Make it part of the key structure and delete it in delkeyfunc.
+ * @param deldatafunc: deletes data. 
+ * @param arg: user argument that is passed to user function calls.
+ * @return: new hash table or NULL on malloc failure.
+ */
+struct lruhash* lruhash_create(size_t start_size, size_t maxmem,
+	lruhash_sizefunc_type sizefunc, lruhash_compfunc_type compfunc,
+	lruhash_delkeyfunc_type delkeyfunc,
+	lruhash_deldatafunc_type deldatafunc, void* arg);
+
+/**
+ * Delete hash table. Entries are all deleted.
+ * @param table: to delete.
+ */
+void lruhash_delete(struct lruhash* table);
+
+/**
+ * Clear hash table. Entries are all deleted, while locking them before 
+ * doing so. At end the table is empty.
+ * @param table: to make empty.
+ */
+void lruhash_clear(struct lruhash* table);
+
+/**
+ * Insert a new element into the hashtable. 
+ * If key is already present data pointer in that entry is updated.
+ * The space calculation function is called with the key, data.
+ * If necessary the least recently used entries are deleted to make space.
+ * If necessary the hash array is grown up.
+ *
+ * @param table: hash table.
+ * @param hash: hash value. User calculates the hash.
+ * @param entry: identifies the entry.
+ * 	If key already present, this entry->key is deleted immediately.
+ *	But entry->data is set to NULL before deletion, and put into
+ * 	the existing entry. The data is then freed.
+ * @param data: the data.
+ * @param cb_override: if not null overrides the cb_arg for the deletefunc.
+ */
+void lruhash_insert(struct lruhash* table, hashvalue_type hash, 
+	struct lruhash_entry* entry, void* data, void* cb_override);
+
+/**
+ * Lookup an entry in the hashtable.
+ * At the end of the function you hold a (read/write)lock on the entry.
+ * The LRU is updated for the entry (if found).
+ * @param table: hash table.
+ * @param hash: hash of key.
+ * @param key: what to look for, compared against entries in overflow chain.
+ *    the hash value must be set, and must work with compare function.
+ * @param wr: set to true if you desire a writelock on the entry.
+ *    with a writelock you can update the data part.
+ * @return: pointer to the entry or NULL. The entry is locked.
+ *    The user must unlock the entry when done.
+ */
+struct lruhash_entry* lruhash_lookup(struct lruhash* table,
+	hashvalue_type hash, void* key, int wr);
+
+/**
+ * Touch entry, so it becomes the most recently used in the LRU list.
+ * Caller must hold hash table lock. The entry must be inserted already.
+ * @param table: hash table.
+ * @param entry: entry to make first in LRU.
+ */
+void lru_touch(struct lruhash* table, struct lruhash_entry* entry);
+
+/**
+ * Set the markdelfunction (or NULL)
+ */
+void lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_type md);
+
+/************************* Internal functions ************************/
+/*** these are only exposed for unit tests. ***/
+
+/**
+ * Remove entry from hashtable. Does nothing if not found in hashtable.
+ * Delfunc is called for the entry.
+ * @param table: hash table.
+ * @param hash: hash of key.
+ * @param key: what to look for. 
+ */
+void lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key);
+
+/** init the hash bins for the table */
+void bin_init(struct lruhash_bin* array, size_t size);
+
+/** delete the hash bin and entries inside it */
+void bin_delete(struct lruhash* table, struct lruhash_bin* bin);
+
+/** 
+ * Find entry in hash bin. You must have locked the bin.
+ * @param table: hash table with function pointers.
+ * @param bin: hash bin to look into.
+ * @param hash: hash value to look for.
+ * @param key: key to look for.
+ * @return: the entry or NULL if not found.
+ */
+struct lruhash_entry* bin_find_entry(struct lruhash* table, 
+	struct lruhash_bin* bin, hashvalue_type hash, void* key);
+
+/**
+ * Remove entry from bin overflow chain.
+ * You must have locked the bin.
+ * @param bin: hash bin to look into.
+ * @param entry: entry ptr that needs removal.
+ */
+void bin_overflow_remove(struct lruhash_bin* bin, 
+	struct lruhash_entry* entry);
+
+/**
+ * Split hash bin into two new ones. Based on increased size_mask.
+ * Caller must hold hash table lock.
+ * At the end the routine acquires all hashbin locks (in the old array).
+ * This makes it wait for other threads to finish with the bins.
+ * So the bins are ready to be deleted after this function.
+ * @param table: hash table with function pointers.
+ * @param newa: new increased array.
+ * @param newmask: new lookup mask.
+ */
+void bin_split(struct lruhash* table, struct lruhash_bin* newa, 
+	int newmask);
+
+/** 
+ * Try to make space available by deleting old entries.
+ * Assumes that the lock on the hashtable is being held by caller.
+ * Caller must not hold bin locks.
+ * @param table: hash table.
+ * @param list: list of entries that are to be deleted later.
+ *	Entries have been removed from the hash table and writelock is held.
+ */
+void reclaim_space(struct lruhash* table, struct lruhash_entry** list);
+
+/**
+ * Grow the table lookup array. Becomes twice as large.
+ * Caller must hold the hash table lock. Must not hold any bin locks.
+ * Tries to grow, on malloc failure, nothing happened.
+ * @param table: hash table.
+ */
+void table_grow(struct lruhash* table);
+
+/**
+ * Put entry at front of lru. entry must be unlinked from lru.
+ * Caller must hold hash table lock.
+ * @param table: hash table with lru head and tail.
+ * @param entry: entry to make most recently used.
+ */
+void lru_front(struct lruhash* table, struct lruhash_entry* entry);
+
+/**
+ * Remove entry from lru list.
+ * Caller must hold hash table lock.
+ * @param table: hash table with lru head and tail.
+ * @param entry: entry to remove from lru.
+ */
+void lru_remove(struct lruhash* table, struct lruhash_entry* entry);
+
+/**
+ * Output debug info to the log as to state of the hash table.
+ * @param table: hash table.
+ * @param id: string printed with table to identify the hash table.
+ * @param extended: set to true to print statistics on overflow bin lengths.
+ */
+void lruhash_status(struct lruhash* table, const char* id, int extended);
+
+/**
+ * Get memory in use now by the lruhash table.
+ * @param table: hash table. Will be locked before use. And unlocked after.
+ * @return size in bytes.
+ */
+size_t lruhash_get_mem(struct lruhash* table);
+
+/**
+ * Traverse a lruhash. Call back for every element in the table.
+ * @param h: hash table.  Locked before use.
+ * @param wr: if true writelock is obtained on element, otherwise readlock.
+ * @param func: function for every element. Do not lock or unlock elements.
+ * @param arg: user argument to func.
+ */
+void lruhash_traverse(struct lruhash* h, int wr,
+        void (*func)(struct lruhash_entry*, void*), void* arg);
+
+#endif /* UTIL_STORAGE_LRUHASH_H */

From 82c92f8dc7c8e11776c47b696f3b9863c6915ddc Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 9 Mar 2017 13:02:05 +0100
Subject: [PATCH 171/249] Better dependency rewriting

---
 src/Makefile.in | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index abbb076e..6497cc6a 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -193,11 +193,12 @@ depend:
 	(cd $(srcdir) ; awk 'BEGIN{P=1}{if(P)print}/^# Dependencies/{P=0}' Makefile.in > Makefile.in.new )
 	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" -Iutil/auxiliary *.c gldns/*.c compat/*.c util/*.c jsmn/*.c extension/*.c| \
 		sed -e "s? $$blddir/? ?g" \
-		    -e 's?gldns/?$$(srcdir)/gldns/?g' \
-		    -e 's?compat/?$$(srcdir)/compat/?g' \
-		    -e 's?util/?$$(srcdir)/util/?g' \
-		    -e 's?jsmn/?$$(srcdir)/jsmn/?g' \
-		    -e 's?extension/?$$(srcdir)/extension/?g' \
+		    -e 's? gldns/? $$(srcdir)/gldns/?g' \
+		    -e 's? compat/? $$(srcdir)/compat/?g' \
+		    -e 's? util/auxiliary/util/? $$(srcdir)/util/auxiliary/util/?g' \
+		    -e 's? util/? $$(srcdir)/util/?g' \
+		    -e 's? jsmn/? $$(srcdir)/jsmn/?g' \
+		    -e 's? extension/? $$(srcdir)/extension/?g' \
 		    -e 's? \([a-z_-]*\)\.\([ch]\)? $$(srcdir)/\1.\2?g' \
 		    -e 's? \$$(srcdir)/config\.h? config.h?g' \
 		    -e 's? \$$(srcdir)/getdns/getdns_extra\.h? getdns/getdns_extra.h?g' \
@@ -342,22 +343,22 @@ inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
 sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
 strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
 locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/$(srcdir)/util/log.h $(srcdir)/debug.h config.h
-lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c config.h $(srcdir)/util/auxiliary/$(srcdir)/util/storage/lookup3.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h
+lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c config.h $(srcdir)/util/auxiliary/util/storage/lookup3.h \
  $(srcdir)/util/lookup3.h $(srcdir)/util/orig-headers/lookup3.h
-lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c config.h $(srcdir)/util/auxiliary/$(srcdir)/util/storage/lruhash.h \
+lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c config.h $(srcdir)/util/auxiliary/util/storage/lruhash.h \
  $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/$(srcdir)/util/log.h $(srcdir)/debug.h config.h \
- $(srcdir)/util/auxiliary/$(srcdir)/util/fptr_wlist.h
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h \
+ $(srcdir)/util/auxiliary/util/fptr_wlist.h
 rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/auxiliary/log.h \
- $(srcdir)/util/auxiliary/$(srcdir)/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/fptr_wlist.h \
- $(srcdir)/util/auxiliary/$(srcdir)/util/fptr_wlist.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/fptr_wlist.h \
+ $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/orig-headers/rbtree.h
 val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h \
- $(srcdir)/util/auxiliary/$(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/auxiliary/util/data/packed_rrset.h \
  $(srcdir)/util/auxiliary/validator/val_secalgo.h $(srcdir)/util/val_secalgo.h \
  $(srcdir)/util/orig-headers/val_secalgo.h $(srcdir)/util/auxiliary/validator/val_nsec3.h \
- $(srcdir)/util/auxiliary/$(srcdir)/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
  $(srcdir)/gldns/rrdef.h $(srcdir)/util/auxiliary/sldns/keyraw.h $(srcdir)/gldns/keyraw.h \
  $(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h

From 79ce0cff85ab22fcd1808acb4e0c8714416efc13 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 9 Mar 2017 14:36:20 +0100
Subject: [PATCH 172/249] Make mdns compile on Linux

---
 configure.ac  |  4 ++--
 src/context.h |  3 +++
 src/mdns.c    | 55 +++++++++++++++++++++++----------------------------
 src/mdns.h    |  7 ++++++-
 4 files changed, 36 insertions(+), 33 deletions(-)

diff --git a/configure.ac b/configure.ac
index 011760ef..bb2fa22f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -667,7 +667,7 @@ AC_TYPE_UINT16_T
 AC_TYPE_UINT32_T
 AC_TYPE_UINT64_T
 AC_TYPE_UINT8_T
-AC_CHECK_TYPE([u_char])
+AC_CHECK_TYPES([u_char])
 
 AC_CHECK_FUNCS([fcntl])
 # check ioctlsocket
@@ -752,7 +752,7 @@ AS_IF([test x_$withval = x_no],
                     [AC_MSG_ERROR([event2/event.h and event.h missing, try without libevent])]
                     [have_libevent=0],
                     [AC_INCLUDES_DEFAULT]
-                    [#if HAVE_U_CHAR == 0
+                    [#ifndef HAVE_U_CHAR
                      typedef unsigned char u_char;
                      #endif])],
                 [AC_INCLUDES_DEFAULT])],
diff --git a/src/context.h b/src/context.h
index 5745fcee..8fde6178 100644
--- a/src/context.h
+++ b/src/context.h
@@ -45,6 +45,9 @@
 #include "util/rbtree.h"
 #include "ub_loop.h"
 #include "server.h"
+#ifdef HAVE_MDNS_SUPPORT
+#include "util/lruhash.h"
+#endif
 
 struct getdns_dns_req;
 struct ub_ctx;
diff --git a/src/mdns.c b/src/mdns.c
index 414b3586..e55a3916 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -38,17 +38,20 @@ typedef u_short sa_family_t;
 #else
 #define _getdns_EWOULDBLOCK (errno == EAGAIN || errno == EWOULDBLOCK)
 #define _getdns_EINPROGRESS (errno == EINPROGRESS)
+#define SOCKADDR struct sockaddr
+#define SOCKADDR_IN struct sockaddr_in
+#define SOCKADDR_IN6 struct sockaddr_in6
+#define SOCKET int
+#define IP_MREQ struct ip_mreq
+#define IPV6_MREQ struct ipv6_mreq
+#define BOOL int
+#define TRUE 1
 #endif
 
 uint64_t _getdns_get_time_as_uintt64();
 
-#include "util/storage/lruhash.h"
-#include "util/storage/lookup3.h"
-
-#ifndef HAVE_LIBUNBOUND
-#include "util/storage/lruhash.c"
-#include "util/storage/lookup3.c"
-#endif
+#include "util/fptr_wlist.h"
+#include "util/lookup3.h"
 
 /*
  * Constants defined in RFC 6762
@@ -352,8 +355,6 @@ mdns_util_canonical_record(uint8_t *message, int message_length,
 {
 	int ret = 0;
 	int current_index = record_index;
-	int buffer_index = 0;
-	int name_len = 0;
 	/* Check whether the record needs canonization */
 	*actual_record = message + record_index;
 	*actual_length = record_length;
@@ -781,7 +782,6 @@ mdns_update_cache_ttl_and_prune(struct getdns_context *context,
 	int current_record_data_len;
 	uint32_t current_record_ttl;
 	int not_matched_yet = (record_data == NULL) ? 0 : 1;
-	int current_record_match;
 	int last_copied_index;
 	int current_hole_index = 0;
 	int record_name_length = 0;
@@ -819,15 +819,12 @@ mdns_update_cache_ttl_and_prune(struct getdns_context *context,
 		    current_record_data_len == record_data_len &&
 			memcmp(old_record + record_ttl_index + 4 + 2, record_data, record_data_len) == 0)
 		{
-			current_record_match = 1;
 			not_matched_yet = 0;
 			current_record_ttl = ttl;
 		}
 		else
 		{
 			/* Not a match */
-			current_record_match = 0;
-
 			if (current_record_ttl > delta_t_sec)
 			{
 				current_record_ttl -= delta_t_sec;
@@ -945,7 +942,6 @@ mdns_propose_entry_to_cache(
 	uint64_t current_time)
 {
 	int ret = 0;
-	size_t required_memory = 0;
 	uint8_t temp_key[256 + sizeof(getdns_mdns_cached_key_header)];
 	hashvalue_type hash;
 	struct lruhash_entry *entry, *new_entry;
@@ -988,7 +984,7 @@ mdns_propose_entry_to_cache(
 			new_entry = &((getdns_mdns_cached_key_header*)key)->entry;
 
 			memset(new_entry, 0, sizeof(struct lruhash_entry));
-			lock_rw_init(new_entry->lock);
+			lock_rw_init(&new_entry->lock);
 			new_entry->hash = hash;
 			new_entry->key = key;
 			new_entry->data = data;
@@ -1036,7 +1032,7 @@ mdns_propose_entry_to_cache(
 		}
 
 		/* then, unlock the entry */
-		lock_rw_unlock(entry->lock);
+		lock_rw_unlock(&entry->lock);
 	} 
 
 	return ret;
@@ -1139,7 +1135,6 @@ mdns_cache_complete_queries(
 	int record_type, int record_class)
 {
 	int ret = 0;
-	size_t required_memory = 0;
 	struct lruhash_entry *entry;
 	getdns_mdns_cached_record_header * header;
 	getdns_network_req * netreq;
@@ -1157,7 +1152,7 @@ mdns_cache_complete_queries(
 				mdns_complete_query_from_cache_entry(netreq, entry);
 			}
 		}
-		lock_rw_unlock(entry->lock);
+		lock_rw_unlock(&entry->lock);
 	}
 
 	return ret;
@@ -1173,8 +1168,6 @@ mdns_mcast_timeout_cb(void *userarg)
 	getdns_dns_req *dnsreq = netreq->owner;
 	getdns_context *context = dnsreq->context;
 
-	int ret = 0;
-	size_t required_memory = 0;
 	uint8_t temp_key[256 + sizeof(getdns_mdns_cached_key_header)];
 	hashvalue_type hash;
 	struct lruhash_entry *entry;
@@ -1201,7 +1194,7 @@ mdns_mcast_timeout_cb(void *userarg)
 			found = 1;
 			mdns_complete_query_from_cache_entry(netreq, entry);
 		}
-		lock_rw_unlock(entry->lock);
+		lock_rw_unlock(&entry->lock);
 	}
 
 	if (!found)
@@ -1251,7 +1244,7 @@ mdns_udp_multicast_read_cb(void *userarg)
 		}
 		else
 		{
-			size_t current_index = 12;
+			ssize_t current_index = 12;
 			uint8_t name[256];
 			int name_len;
 			int record_type;
@@ -1388,7 +1381,8 @@ static int mdns_open_ipv4_multicast(SOCKADDR_STORAGE* mcast_dest, int* mcast_des
 	SOCKET fd4 = -1;
 	SOCKADDR_IN ipv4_dest;
 	SOCKADDR_IN ipv4_port;
-	uint8_t so_reuse_bool = 1;
+	BOOL so_reuse_bool = TRUE;
+	int so_reuse_bool_OptLen = sizeof(BOOL);
 	uint8_t ttl = 255;
 	IP_MREQ mreq4;
 
@@ -1398,9 +1392,11 @@ static int mdns_open_ipv4_multicast(SOCKADDR_STORAGE* mcast_dest, int* mcast_des
 	memset(&ipv4_port, 0, sizeof(ipv4_dest));
 	ipv4_dest.sin_family = AF_INET;
 	ipv4_dest.sin_port = htons(MDNS_MCAST_PORT);
-	ipv4_dest.sin_addr.S_un.S_addr = htonl(MDNS_MCAST_IPV4_LONG);
+	ipv4_dest.sin_addr.s_addr = htonl(MDNS_MCAST_IPV4_LONG);
 	ipv4_port.sin_family = AF_INET;
 	ipv4_port.sin_port = htons(MDNS_MCAST_PORT);
+	/* memcpy(&ipv4_dest.sin_addr, mdns_mcast_ipv4, sizeof(mdns_mcast_ipv4)); */
+
 
 
 	fd4 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
@@ -1412,7 +1408,7 @@ static int mdns_open_ipv4_multicast(SOCKADDR_STORAGE* mcast_dest, int* mcast_des
 		 * since the only result that matters is that of bind.
 		 */
 		(void)setsockopt(fd4, SOL_SOCKET, SO_REUSEADDR
-			, (const char*)&so_reuse_bool, (int) sizeof(BOOL));
+			, (const char*)&so_reuse_bool, so_reuse_bool_OptLen);
 
 		if (bind(fd4, (SOCKADDR*)&ipv4_port, sizeof(ipv4_port)) != 0)
 		{
@@ -1633,7 +1629,6 @@ static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *ne
 	getdns_dns_req *dnsreq = netreq->owner;
 	struct getdns_context *context = dnsreq->context;
 
-	size_t required_memory = 0;
 	uint8_t temp_key[256 + sizeof(getdns_mdns_cached_key_header)];
 	hashvalue_type hash;
 	struct lruhash_entry *entry;
@@ -1697,7 +1692,7 @@ static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *ne
 				, (SOCKADDR*)&context->mdns_connection[fd_index].addr_mcast
 				, context->mdns_connection[fd_index].addr_mcast_len);
 
-			if (pkt_len != sent)
+			if (sent < 0 || pkt_len != (size_t)sent)
 			{
 				ret = GETDNS_RETURN_GENERIC_ERROR;
 			}
@@ -1887,7 +1882,7 @@ mdns_udp_write_cb(void *userarg)
 	mdns_mcast_v4.sin_family = AF_INET;
 	mdns_mcast_v4.sin_port = htons(MDNS_MCAST_PORT);
 	mdns_mcast_v4.sin_addr.s_addr = htonl(MDNS_MCAST_IPV4_LONG);
-
+	/* memcpy(&mdns_mcast_v4.sin_addr.s_addr, mdns_mcast_ipv4, sizeof(mdns_mcast_ipv4)); */
 
 	/* Set TTL=255 for compliance with RFC 6762 */
 	r = setsockopt(netreq->fd, IPPROTO_IP, IP_TTL, (const char *)&ttl, sizeof(ttl));
@@ -2143,7 +2138,7 @@ int mdns_finalize_lru_test(struct getdns_context* context,
 			}
 		}
 
-		lock_rw_unlock(entry->lock);
+		lock_rw_unlock(&entry->lock);
 	}
 
 	return ret;
@@ -2244,4 +2239,4 @@ int mdns_test_prepare(struct getdns_context* context)
 	return mdns_delayed_network_init(context);
 }
 
-#endif
\ No newline at end of file
+#endif
diff --git a/src/mdns.h b/src/mdns.h
index 91f3c2a3..b7c7d20c 100644
--- a/src/mdns.h
+++ b/src/mdns.h
@@ -24,7 +24,12 @@
 #ifdef HAVE_MDNS_SUPPORT
 #include "getdns/getdns.h"
 #include "types-internal.h"
-#include "util/storage/lruhash.h"
+#include "util/lruhash.h"
+#include "config.h"
+
+#ifndef USE_WINSOCK
+#define SOCKADDR_STORAGE struct sockaddr_storage
+#endif
 
 getdns_return_t
 _getdns_submit_mdns_request(getdns_network_req *netreq);

From c4a93b2c5394bfcd44c5e58369605d3aaaad4a1b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 9 Mar 2017 15:19:57 +0100
Subject: [PATCH 173/249] Newline at end of mdns.c

---
 src/mdns.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mdns.c b/src/mdns.c
index 414b3586..9fa872ac 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -2244,4 +2244,4 @@ int mdns_test_prepare(struct getdns_context* context)
 	return mdns_delayed_network_init(context);
 }
 
-#endif
\ No newline at end of file
+#endif

From 639239f45cb44c4fed0853320d9cbd7d0c63af0a Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 13 Mar 2017 14:20:47 +0100
Subject: [PATCH 174/249] Schedule dnsreqs with absolute timeout/expiry time

---
 src/dnssec.c           |  3 ++-
 src/general.c          | 19 +++++++++++--------
 src/general.h          |  2 +-
 src/request-internal.c |  8 +++++++-
 src/stub.c             | 23 ++++++++++++-----------
 src/stub.h             |  3 ++-
 src/types-internal.h   |  7 ++++++-
 src/util-internal.h    | 20 ++++++++++++++++++++
 8 files changed, 61 insertions(+), 24 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index 0396f045..b689aba5 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -3032,6 +3032,7 @@ static void check_chain_complete(chain_head *chain)
 
 		int r = GETDNS_RETURN_GOOD;
 		getdns_network_req **netreq_p, *netreq;
+		uint64_t now_ms = 0;
 
 		dnsreq->avoid_dnssec_roadblocks = 1;
 
@@ -3041,7 +3042,7 @@ static void check_chain_complete(chain_head *chain)
 
 			netreq->state = NET_REQ_NOT_SENT;
 			netreq->owner = dnsreq;
-			r = _getdns_submit_netreq(netreq);
+			r = _getdns_submit_netreq(netreq, &now_ms);
 		}
 		return;
 	}
diff --git a/src/general.c b/src/general.c
index 69dc7462..c71a4944 100644
--- a/src/general.c
+++ b/src/general.c
@@ -91,6 +91,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 {
 	getdns_network_req **netreq_p, *netreq;
 	int results_found = 0, r;
+	uint64_t now_ms  = 0;
 	
 	for (netreq_p = dns_req->netreqs; (netreq = *netreq_p); netreq_p++)
 		if (!_getdns_netreq_finished(netreq))
@@ -126,7 +127,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 			    ; (netreq = *netreq_p)
 			    ; netreq_p++ ) {
 				_getdns_netreq_reinit(netreq);
-				if ((r = _getdns_submit_netreq(netreq))) {
+				if ((r = _getdns_submit_netreq(netreq, &now_ms))) {
 					if (r == DNS_REQ_FINISHED)
 						return;
 					netreq->state = NET_REQ_FINISHED;
@@ -164,7 +165,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 			    ; (netreq = *netreq_p)
 			    ; netreq_p++ ) {
 				_getdns_netreq_reinit(netreq);
-				if ((r = _getdns_submit_netreq(netreq))) {
+				if ((r = _getdns_submit_netreq(netreq, &now_ms))) {
 					if (r == DNS_REQ_FINISHED)
 						return;
 					netreq->state = NET_REQ_FINISHED;
@@ -248,7 +249,7 @@ ub_resolve_callback(void* arg, int err, struct ub_result* ub_res)
 
 
 int
-_getdns_submit_netreq(getdns_network_req *netreq)
+_getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms)
 {
 	getdns_return_t r;
 	getdns_dns_req *dns_req = netreq->owner;
@@ -284,7 +285,8 @@ _getdns_submit_netreq(getdns_network_req *netreq)
 			    _getdns_context_request_timed_out;
 			dns_req->timeout.ev         = NULL;
 			if ((r = dns_req->loop->vmt->schedule(dns_req->loop, -1,
-			    dns_req->context->timeout, &dns_req->timeout)))
+			    _getdns_ms_until_expiry2(dns_req->expires, now_ms),
+			    &dns_req->timeout)))
 				return r;
 		}
 		(void) gldns_wire2str_dname_buf(dns_req->name,
@@ -314,7 +316,7 @@ _getdns_submit_netreq(getdns_network_req *netreq)
 	}
 	/* Submit with stub resolver */
 	dns_req->freed = &dnsreq_freed;
-	r = _getdns_submit_stub_request(netreq);
+	r = _getdns_submit_stub_request(netreq, now_ms);
 	if (dnsreq_freed)
 		return DNS_REQ_FINISHED;
 	dns_req->freed = NULL;
@@ -413,6 +415,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 	getdns_dns_req *req;
 	getdns_dict *localnames_response;
 	size_t i;
+	uint64_t now_ms = 0;
 
 	if (!context || !name || (!callbackfn && !internal_cb))
 		return GETDNS_RETURN_INVALID_PARAMETER;
@@ -430,7 +433,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 
 	/* create the request */
 	if (!(req = _getdns_dns_req_new(
-	    context, loop, name, request_type, extensions)))
+	    context, loop, name, request_type, extensions, &now_ms)))
 		return GETDNS_RETURN_MEMORY_ERROR;
 
 	req->user_pointer = userarg;
@@ -448,7 +451,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 		for ( netreq_p = req->netreqs
 		    ; !r && (netreq = *netreq_p)
 		    ; netreq_p++) {
-			if ((r = _getdns_submit_netreq(netreq))) {
+			if ((r = _getdns_submit_netreq(netreq, &now_ms))) {
 				if (r == DNS_REQ_FINISHED) {
 					if (return_netreq_p)
 						*return_netreq_p = NULL;
@@ -500,7 +503,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			for ( netreq_p = req->netreqs
 			    ; !r && (netreq = *netreq_p)
 			    ; netreq_p++) {
-				if ((r = _getdns_submit_netreq(netreq))) {
+				if ((r = _getdns_submit_netreq(netreq, &now_ms))) {
 					if (r == DNS_REQ_FINISHED) {
 						if (return_netreq_p)
 							*return_netreq_p = NULL;
diff --git a/src/general.h b/src/general.h
index 29b52f47..dcd9b9be 100644
--- a/src/general.h
+++ b/src/general.h
@@ -46,7 +46,7 @@
 
 void _getdns_call_user_callback(getdns_dns_req *, getdns_dict *);
 void _getdns_check_dns_req_complete(getdns_dns_req *dns_req);
-int _getdns_submit_netreq(getdns_network_req *netreq);
+int _getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms);
 
 
 getdns_return_t
diff --git a/src/request-internal.c b/src/request-internal.c
index eae467e9..6c9cd9ec 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -658,7 +658,8 @@ static const uint8_t no_suffixes[] = { 1, 0 };
 /* create a new dns req to be submitted */
 getdns_dns_req *
 _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
-    const char *name, uint16_t request_type, getdns_dict *extensions)
+    const char *name, uint16_t request_type, getdns_dict *extensions,
+    uint64_t *now_ms)
 {
 	int dnssec_return_status                 = is_extension_set(
 	    extensions, "dnssec_return_status",
@@ -953,5 +954,10 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 		    netreq_sz - sizeof(getdns_network_req), max_query_sz,
 		    extensions);
 
+	if (*now_ms == 0 && (*now_ms = _getdns_get_now_ms()) == 0)
+		result->expires = 0;
+	else
+		result->expires = *now_ms + context->timeout;
+
 	return result;
 }
diff --git a/src/stub.c b/src/stub.c
index e905f600..f7f1fddb 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1358,8 +1358,8 @@ stub_udp_read_cb(void *userarg)
 		                                   dnsreq)) == -1)
 			break;
 		upstream_schedule_netreq(netreq->upstream, netreq);
-		GETDNS_SCHEDULE_EVENT(
-		    dnsreq->loop, -1, dnsreq->context->timeout,
+		GETDNS_SCHEDULE_EVENT(dnsreq->loop, -1,
+		    _getdns_ms_until_expiry(dnsreq->expires),
 		    getdns_eventloop_event_init(&netreq->event,
 		    netreq, NULL, NULL, stub_timeout_cb));
 
@@ -1421,8 +1421,8 @@ stub_udp_write_cb(void *userarg)
 #endif
 		return;
 	}
-	GETDNS_SCHEDULE_EVENT(
-	    dnsreq->loop, netreq->fd, dnsreq->context->timeout,
+	GETDNS_SCHEDULE_EVENT(dnsreq->loop, netreq->fd,
+	    _getdns_ms_until_expiry(dnsreq->expires),
 	    getdns_eventloop_event_init(&netreq->event, netreq,
 	    stub_udp_read_cb, NULL, stub_timeout_cb));
 }
@@ -1928,12 +1928,13 @@ upstream_find_for_netreq(getdns_network_req *netreq)
 static int
 fallback_on_write(getdns_network_req *netreq) 
 {
+	uint64_t now_ms = 0;
 
 	/* Deal with UDP one day*/
 	DEBUG_STUB("%s %-35s: MSG: %p FALLING BACK \n", STUB_DEBUG_SCHEDULE, __FUNC__, (void*)netreq);
 
 	/* Try to find a fallback transport*/
-	getdns_return_t result = _getdns_submit_stub_request(netreq);
+	getdns_return_t result = _getdns_submit_stub_request(netreq, &now_ms);
 
 	if (result != GETDNS_RETURN_GOOD)
 		return STUB_TCP_ERROR;
@@ -1997,8 +1998,8 @@ upstream_schedule_netreq(getdns_upstream *upstream, getdns_network_req *netreq)
 		if (upstream->queries_sent == 0) {
 			/* Set a timeout on the upstream so we can catch failed setup*/
 			upstream->event.timeout_cb = upstream_setup_timeout_cb;
-			GETDNS_SCHEDULE_EVENT(upstream->loop,
-			    upstream->fd, netreq->owner->context->timeout / 2, 
+			GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd,
+			    _getdns_ms_until_expiry(netreq->owner->expires)/2,
 			    &upstream->event);
 		} else {
 			GETDNS_SCHEDULE_EVENT(upstream->loop,
@@ -2027,7 +2028,7 @@ upstream_schedule_netreq(getdns_upstream *upstream, getdns_network_req *netreq)
 }
 
 getdns_return_t
-_getdns_submit_stub_request(getdns_network_req *netreq)
+_getdns_submit_stub_request(getdns_network_req *netreq, uint64_t *now_ms)
 {
 	DEBUG_STUB("%s %-35s: MSG: %p TYPE: %d\n", STUB_DEBUG_ENTRY, __FUNC__,
 	           (void*)netreq, netreq->request_type);
@@ -2046,8 +2047,8 @@ _getdns_submit_stub_request(getdns_network_req *netreq)
 	case GETDNS_TRANSPORT_UDP:
 		netreq->fd = fd;
 		GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
-		GETDNS_SCHEDULE_EVENT(
-		    dnsreq->loop, netreq->fd, dnsreq->context->timeout,
+		GETDNS_SCHEDULE_EVENT(dnsreq->loop, netreq->fd,
+		    _getdns_ms_until_expiry2(dnsreq->expires, now_ms),
 		    getdns_eventloop_event_init(&netreq->event, netreq,
 		    NULL, stub_udp_write_cb, stub_timeout_cb));
 		return GETDNS_RETURN_GOOD;
@@ -2121,7 +2122,7 @@ _getdns_submit_stub_request(getdns_network_req *netreq)
 		 */
 		GETDNS_SCHEDULE_EVENT(
 		    dnsreq->loop, -1,
-		    dnsreq->context->timeout,
+		    _getdns_ms_until_expiry2(dnsreq->expires, now_ms),
 		    getdns_eventloop_event_init(
 		    &netreq->event, netreq, NULL, NULL,
 		    stub_timeout_cb));
diff --git a/src/stub.h b/src/stub.h
index 41aa629a..da45eded 100644
--- a/src/stub.h
+++ b/src/stub.h
@@ -37,7 +37,8 @@
 #include "getdns/getdns.h"
 #include "types-internal.h"
 
-getdns_return_t _getdns_submit_stub_request(getdns_network_req *netreq);
+getdns_return_t _getdns_submit_stub_request(
+    getdns_network_req *netreq, uint64_t *now_ms);
 
 void _getdns_cancel_stub_request(getdns_network_req *netreq);
 
diff --git a/src/types-internal.h b/src/types-internal.h
index 78f1935a..9afb105d 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -338,6 +338,11 @@ typedef struct getdns_dns_req {
 	/* the transaction id */
 	getdns_transaction_t trans_id;
 
+	/* Absolute time (in miliseconds since epoch),
+	 * after which this dns request is expired; i.e. timed out
+	 */
+	uint64_t expires;
+
 	/* for scheduling timeouts when using libunbound */
 	getdns_eventloop_event timeout;
 
@@ -408,7 +413,7 @@ extern getdns_dict *dnssec_ok_checking_disabled_avoid_roadblocks;
 
 /* dns request utils */
 getdns_dns_req *_getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
-    const char *name, uint16_t request_type, getdns_dict *extensions);
+    const char *name, uint16_t request_type, getdns_dict *extensions, uint64_t *now_ms);
 
 void _getdns_dns_req_free(getdns_dns_req * req);
 
diff --git a/src/util-internal.h b/src/util-internal.h
index 54c81d9d..6f8de235 100644
--- a/src/util-internal.h
+++ b/src/util-internal.h
@@ -198,5 +198,25 @@ INLINE void _dname_canonicalize2(uint8_t *dname)
 	_dname_canonicalize(dname, dname);
 }
 
+INLINE uint64_t _getdns_get_now_ms()
+{
+	struct timeval tv;
+
+	(void) gettimeofday(&tv, NULL);
+	return tv.tv_sec * 1000 + tv.tv_usec / 1000;
+}
+
+INLINE uint64_t _getdns_ms_until_expiry(uint64_t expires)
+{
+	uint64_t now_ms = _getdns_get_now_ms();
+	return now_ms >= expires ? 0 : expires - now_ms;
+}
+
+INLINE uint64_t _getdns_ms_until_expiry2(uint64_t expires, uint64_t *now_ms)
+{
+	if (*now_ms == 0) *now_ms = _getdns_get_now_ms();
+	return *now_ms >= expires ? 0 : expires - *now_ms;
+}
+
 #endif
 /* util-internal.h */

From 0655a08fa7a1b050151ba73a2669adf3ec488899 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 14 Mar 2017 15:03:43 +0100
Subject: [PATCH 175/249] Unit test for set_limit_outstanding_queries

---
 .../280-limit_outstanding_queries.Makefile    |   15 +
 .../280-limit_outstanding_queries.c           |  136 +++
 .../280-limit_outstanding_queries.dsc         |   16 +
 .../280-limit_outstanding_queries.pre         |   14 +
 .../280-limit_outstanding_queries.queries     | 1000 +++++++++++++++++
 .../280-limit_outstanding_queries.test        |   21 +
 6 files changed, 1202 insertions(+)
 create mode 100644 src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.Makefile
 create mode 100644 src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.c
 create mode 100644 src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.dsc
 create mode 100644 src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.pre
 create mode 100644 src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.queries
 create mode 100644 src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test

diff --git a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.Makefile b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.Makefile
new file mode 100644
index 00000000..c297df6d
--- /dev/null
+++ b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.Makefile
@@ -0,0 +1,15 @@
+builddir = @BUILDDIR@
+testname = @TPKG_NAME@
+LIBTOOL  = $(builddir)/libtool
+
+CFLAGS=-I$(builddir)/src
+LDLIBS=$(builddir)/src/libgetdns.la
+
+.SUFFIXES: .c .o .a .lo .h
+
+.c.lo:
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< -o $@
+
+$(testname): $(testname).lo
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(LDLIBS) $(LDFLAGS) -o $(testname) $(testname).lo
+
diff --git a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.c b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.c
new file mode 100644
index 00000000..78107b57
--- /dev/null
+++ b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.c
@@ -0,0 +1,136 @@
+/*
+ * delaydns.c - A DNS proxy that adds delay to replies
+ *
+ * Copyright (c) 2016, NLnet Labs. All rights reserved.
+ * 
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <getdns/getdns_extra.h>
+#include <stdio.h>
+#include <string.h>
+
+
+static int n_requests = 0;
+
+typedef struct transaction_t {
+	getdns_transaction_t    request_id;
+	getdns_dict            *request;
+
+	getdns_context         *context;
+	getdns_eventloop       *loop;
+	getdns_eventloop_event  ev;
+} transaction_t;
+
+
+void delay_cb(void *userarg)
+{
+	transaction_t *trans = userarg;
+
+	trans->loop->vmt->clear(trans->loop, &trans->ev);
+	(void) getdns_reply(trans->context, trans->request, trans->request_id);
+	getdns_dict_destroy(trans->request);
+	free(trans);
+	n_requests -= 1;
+}
+
+void handler(getdns_context *context, getdns_callback_type_t callback_type,
+    getdns_dict *request, void *userarg, getdns_transaction_t request_id)
+{
+	transaction_t  *trans;
+	getdns_bindata *qname;
+	char           nreq_str[255];
+	getdns_bindata nreq_bd = { 0, nreq_str };
+
+	(void) userarg;
+	nreq_bd.size = snprintf(nreq_str, sizeof(nreq_str), "n_requests: %d", ++n_requests);
+
+	if (getdns_dict_get_bindata(request, "/question/qname", &qname) ||
+	    getdns_dict_set_bindata(request, "/answer/0/name", qname) ||
+	    getdns_dict_set_int(request, "/answer/0/type", GETDNS_RRTYPE_TXT) ||
+	    getdns_dict_set_bindata(request, "/answer/0/rdata/txt_strings/-", &nreq_bd))
+		fprintf(stderr, "Request init error\n");
+
+	else if (qname->size >= 6 && qname->data[0] == 4 &&
+	    qname->data[1] == 'q' && qname->data[2] == 'u' &&
+	    qname->data[3] == 'i' && qname->data[4] == 't') {
+
+		(void) getdns_reply(context, request, request_id);
+		(void) getdns_context_set_listen_addresses(trans->context, NULL, NULL, NULL);
+		n_requests -= 1;
+		return;
+
+	} else if (!(trans = malloc(sizeof(transaction_t))))
+		perror("memerror");
+	else {
+		(void) memset(trans, 0, sizeof(transaction_t));
+		trans->request_id = request_id;
+		trans->request = request;
+		trans->context = context;
+		trans->ev.userarg = trans;
+		trans->ev.timeout_cb = delay_cb;
+
+		if (getdns_context_get_eventloop(context, &trans->loop)
+		||  trans->loop->vmt->schedule(trans->loop, -1, 300, &trans->ev))
+			fprintf(stderr, "Could not schedule delay\n");
+		else	return;
+	}
+	exit(EXIT_FAILURE);
+}
+
+int main()
+{
+	getdns_context   *context   = NULL;
+	getdns_list      *listeners = NULL;
+	getdns_dict      *address   = NULL;
+	uint32_t          port      = 18000;
+	getdns_return_t   r;
+
+	if ((r = getdns_str2list("[ 127.0.0.1:18000 ]", &listeners)) ||
+	    (r = getdns_list_get_dict(listeners, 0, &address)) ||
+	    (r = getdns_context_create(&context, 0)))
+		fprintf(stderr, "Error initializing: ");
+
+	else while (++port < 18200 &&
+	    !(r = getdns_dict_set_int(address, "port", port)) &&
+	     (r = getdns_context_set_listen_addresses(
+			    context, listeners, NULL, handler)))
+		; /* pass */
+
+	if (r)	fprintf(stderr, "%s\n", getdns_get_errorstr_by_id(r));
+	else {
+		fprintf(stdout, "%d\n", (int)port);
+		fflush(stdout);
+		getdns_context_run(context);
+	}
+	getdns_list_destroy(listeners);
+	getdns_context_destroy(context);
+	return r;
+}
diff --git a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.dsc b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.dsc
new file mode 100644
index 00000000..f1f0aa4b
--- /dev/null
+++ b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.dsc
@@ -0,0 +1,16 @@
+BaseName: 280-limit_outstanding_queries
+Version: 1.0
+Description: Test if outstanding queries setting is obeyed
+CreationDate: Tue Mar 14 10:43:45 CET 2017
+Maintainer: Willem Toorop
+Category: 
+Component:
+CmdDepends: 
+Depends: 210-stub-only-link.tpkg
+Help:
+Pre: 280-limit_outstanding_queries.pre
+Post: 
+Test: 280-limit_outstanding_queries.test
+AuxFiles: 
+Passed:
+Failure:
diff --git a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.pre b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.pre
new file mode 100644
index 00000000..b4ee91ac
--- /dev/null
+++ b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.pre
@@ -0,0 +1,14 @@
+# #-- 280-limit_outstanding_queries.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+(
+	grep '^CC=' "${BUILDDIR}/build-stub-only/src/Makefile"
+	grep '^LDFLAGS=' "${BUILDDIR}/build-stub-only/src/Makefile"
+
+	BUILDDIR4SED=`echo "${BUILDDIR}/build-stub-only" | sed  's/\//\\\\\//g'`
+	sed -e "s/@BUILDDIR@/${BUILDDIR4SED}/g" \
+	    -e "s/@TPKG_NAME@/${TPKG_NAME}/g" "${TPKG_NAME}.Makefile"
+) > Makefile
diff --git a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.queries b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.queries
new file mode 100644
index 00000000..0cc2103d
--- /dev/null
+++ b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.queries
@@ -0,0 +1,1000 @@
+q1.
+q2.
+q3.
+q4.
+q5.
+q6.
+q7.
+q8.
+q9.
+q10.
+q11.
+q12.
+q13.
+q14.
+q15.
+q16.
+q17.
+q18.
+q19.
+q20.
+q21.
+q22.
+q23.
+q24.
+q25.
+q26.
+q27.
+q28.
+q29.
+q30.
+q31.
+q32.
+q33.
+q34.
+q35.
+q36.
+q37.
+q38.
+q39.
+q40.
+q41.
+q42.
+q43.
+q44.
+q45.
+q46.
+q47.
+q48.
+q49.
+q50.
+q51.
+q52.
+q53.
+q54.
+q55.
+q56.
+q57.
+q58.
+q59.
+q60.
+q61.
+q62.
+q63.
+q64.
+q65.
+q66.
+q67.
+q68.
+q69.
+q70.
+q71.
+q72.
+q73.
+q74.
+q75.
+q76.
+q77.
+q78.
+q79.
+q80.
+q81.
+q82.
+q83.
+q84.
+q85.
+q86.
+q87.
+q88.
+q89.
+q90.
+q91.
+q92.
+q93.
+q94.
+q95.
+q96.
+q97.
+q98.
+q99.
+q100.
+q101.
+q102.
+q103.
+q104.
+q105.
+q106.
+q107.
+q108.
+q109.
+q110.
+q111.
+q112.
+q113.
+q114.
+q115.
+q116.
+q117.
+q118.
+q119.
+q120.
+q121.
+q122.
+q123.
+q124.
+q125.
+q126.
+q127.
+q128.
+q129.
+q130.
+q131.
+q132.
+q133.
+q134.
+q135.
+q136.
+q137.
+q138.
+q139.
+q140.
+q141.
+q142.
+q143.
+q144.
+q145.
+q146.
+q147.
+q148.
+q149.
+q150.
+q151.
+q152.
+q153.
+q154.
+q155.
+q156.
+q157.
+q158.
+q159.
+q160.
+q161.
+q162.
+q163.
+q164.
+q165.
+q166.
+q167.
+q168.
+q169.
+q170.
+q171.
+q172.
+q173.
+q174.
+q175.
+q176.
+q177.
+q178.
+q179.
+q180.
+q181.
+q182.
+q183.
+q184.
+q185.
+q186.
+q187.
+q188.
+q189.
+q190.
+q191.
+q192.
+q193.
+q194.
+q195.
+q196.
+q197.
+q198.
+q199.
+q200.
+q201.
+q202.
+q203.
+q204.
+q205.
+q206.
+q207.
+q208.
+q209.
+q210.
+q211.
+q212.
+q213.
+q214.
+q215.
+q216.
+q217.
+q218.
+q219.
+q220.
+q221.
+q222.
+q223.
+q224.
+q225.
+q226.
+q227.
+q228.
+q229.
+q230.
+q231.
+q232.
+q233.
+q234.
+q235.
+q236.
+q237.
+q238.
+q239.
+q240.
+q241.
+q242.
+q243.
+q244.
+q245.
+q246.
+q247.
+q248.
+q249.
+q250.
+q251.
+q252.
+q253.
+q254.
+q255.
+q256.
+q257.
+q258.
+q259.
+q260.
+q261.
+q262.
+q263.
+q264.
+q265.
+q266.
+q267.
+q268.
+q269.
+q270.
+q271.
+q272.
+q273.
+q274.
+q275.
+q276.
+q277.
+q278.
+q279.
+q280.
+q281.
+q282.
+q283.
+q284.
+q285.
+q286.
+q287.
+q288.
+q289.
+q290.
+q291.
+q292.
+q293.
+q294.
+q295.
+q296.
+q297.
+q298.
+q299.
+q300.
+q301.
+q302.
+q303.
+q304.
+q305.
+q306.
+q307.
+q308.
+q309.
+q310.
+q311.
+q312.
+q313.
+q314.
+q315.
+q316.
+q317.
+q318.
+q319.
+q320.
+q321.
+q322.
+q323.
+q324.
+q325.
+q326.
+q327.
+q328.
+q329.
+q330.
+q331.
+q332.
+q333.
+q334.
+q335.
+q336.
+q337.
+q338.
+q339.
+q340.
+q341.
+q342.
+q343.
+q344.
+q345.
+q346.
+q347.
+q348.
+q349.
+q350.
+q351.
+q352.
+q353.
+q354.
+q355.
+q356.
+q357.
+q358.
+q359.
+q360.
+q361.
+q362.
+q363.
+q364.
+q365.
+q366.
+q367.
+q368.
+q369.
+q370.
+q371.
+q372.
+q373.
+q374.
+q375.
+q376.
+q377.
+q378.
+q379.
+q380.
+q381.
+q382.
+q383.
+q384.
+q385.
+q386.
+q387.
+q388.
+q389.
+q390.
+q391.
+q392.
+q393.
+q394.
+q395.
+q396.
+q397.
+q398.
+q399.
+q400.
+q401.
+q402.
+q403.
+q404.
+q405.
+q406.
+q407.
+q408.
+q409.
+q410.
+q411.
+q412.
+q413.
+q414.
+q415.
+q416.
+q417.
+q418.
+q419.
+q420.
+q421.
+q422.
+q423.
+q424.
+q425.
+q426.
+q427.
+q428.
+q429.
+q430.
+q431.
+q432.
+q433.
+q434.
+q435.
+q436.
+q437.
+q438.
+q439.
+q440.
+q441.
+q442.
+q443.
+q444.
+q445.
+q446.
+q447.
+q448.
+q449.
+q450.
+q451.
+q452.
+q453.
+q454.
+q455.
+q456.
+q457.
+q458.
+q459.
+q460.
+q461.
+q462.
+q463.
+q464.
+q465.
+q466.
+q467.
+q468.
+q469.
+q470.
+q471.
+q472.
+q473.
+q474.
+q475.
+q476.
+q477.
+q478.
+q479.
+q480.
+q481.
+q482.
+q483.
+q484.
+q485.
+q486.
+q487.
+q488.
+q489.
+q490.
+q491.
+q492.
+q493.
+q494.
+q495.
+q496.
+q497.
+q498.
+q499.
+q500.
+q501.
+q502.
+q503.
+q504.
+q505.
+q506.
+q507.
+q508.
+q509.
+q510.
+q511.
+q512.
+q513.
+q514.
+q515.
+q516.
+q517.
+q518.
+q519.
+q520.
+q521.
+q522.
+q523.
+q524.
+q525.
+q526.
+q527.
+q528.
+q529.
+q530.
+q531.
+q532.
+q533.
+q534.
+q535.
+q536.
+q537.
+q538.
+q539.
+q540.
+q541.
+q542.
+q543.
+q544.
+q545.
+q546.
+q547.
+q548.
+q549.
+q550.
+q551.
+q552.
+q553.
+q554.
+q555.
+q556.
+q557.
+q558.
+q559.
+q560.
+q561.
+q562.
+q563.
+q564.
+q565.
+q566.
+q567.
+q568.
+q569.
+q570.
+q571.
+q572.
+q573.
+q574.
+q575.
+q576.
+q577.
+q578.
+q579.
+q580.
+q581.
+q582.
+q583.
+q584.
+q585.
+q586.
+q587.
+q588.
+q589.
+q590.
+q591.
+q592.
+q593.
+q594.
+q595.
+q596.
+q597.
+q598.
+q599.
+q600.
+q601.
+q602.
+q603.
+q604.
+q605.
+q606.
+q607.
+q608.
+q609.
+q610.
+q611.
+q612.
+q613.
+q614.
+q615.
+q616.
+q617.
+q618.
+q619.
+q620.
+q621.
+q622.
+q623.
+q624.
+q625.
+q626.
+q627.
+q628.
+q629.
+q630.
+q631.
+q632.
+q633.
+q634.
+q635.
+q636.
+q637.
+q638.
+q639.
+q640.
+q641.
+q642.
+q643.
+q644.
+q645.
+q646.
+q647.
+q648.
+q649.
+q650.
+q651.
+q652.
+q653.
+q654.
+q655.
+q656.
+q657.
+q658.
+q659.
+q660.
+q661.
+q662.
+q663.
+q664.
+q665.
+q666.
+q667.
+q668.
+q669.
+q670.
+q671.
+q672.
+q673.
+q674.
+q675.
+q676.
+q677.
+q678.
+q679.
+q680.
+q681.
+q682.
+q683.
+q684.
+q685.
+q686.
+q687.
+q688.
+q689.
+q690.
+q691.
+q692.
+q693.
+q694.
+q695.
+q696.
+q697.
+q698.
+q699.
+q700.
+q701.
+q702.
+q703.
+q704.
+q705.
+q706.
+q707.
+q708.
+q709.
+q710.
+q711.
+q712.
+q713.
+q714.
+q715.
+q716.
+q717.
+q718.
+q719.
+q720.
+q721.
+q722.
+q723.
+q724.
+q725.
+q726.
+q727.
+q728.
+q729.
+q730.
+q731.
+q732.
+q733.
+q734.
+q735.
+q736.
+q737.
+q738.
+q739.
+q740.
+q741.
+q742.
+q743.
+q744.
+q745.
+q746.
+q747.
+q748.
+q749.
+q750.
+q751.
+q752.
+q753.
+q754.
+q755.
+q756.
+q757.
+q758.
+q759.
+q760.
+q761.
+q762.
+q763.
+q764.
+q765.
+q766.
+q767.
+q768.
+q769.
+q770.
+q771.
+q772.
+q773.
+q774.
+q775.
+q776.
+q777.
+q778.
+q779.
+q780.
+q781.
+q782.
+q783.
+q784.
+q785.
+q786.
+q787.
+q788.
+q789.
+q790.
+q791.
+q792.
+q793.
+q794.
+q795.
+q796.
+q797.
+q798.
+q799.
+q800.
+q801.
+q802.
+q803.
+q804.
+q805.
+q806.
+q807.
+q808.
+q809.
+q810.
+q811.
+q812.
+q813.
+q814.
+q815.
+q816.
+q817.
+q818.
+q819.
+q820.
+q821.
+q822.
+q823.
+q824.
+q825.
+q826.
+q827.
+q828.
+q829.
+q830.
+q831.
+q832.
+q833.
+q834.
+q835.
+q836.
+q837.
+q838.
+q839.
+q840.
+q841.
+q842.
+q843.
+q844.
+q845.
+q846.
+q847.
+q848.
+q849.
+q850.
+q851.
+q852.
+q853.
+q854.
+q855.
+q856.
+q857.
+q858.
+q859.
+q860.
+q861.
+q862.
+q863.
+q864.
+q865.
+q866.
+q867.
+q868.
+q869.
+q870.
+q871.
+q872.
+q873.
+q874.
+q875.
+q876.
+q877.
+q878.
+q879.
+q880.
+q881.
+q882.
+q883.
+q884.
+q885.
+q886.
+q887.
+q888.
+q889.
+q890.
+q891.
+q892.
+q893.
+q894.
+q895.
+q896.
+q897.
+q898.
+q899.
+q900.
+q901.
+q902.
+q903.
+q904.
+q905.
+q906.
+q907.
+q908.
+q909.
+q910.
+q911.
+q912.
+q913.
+q914.
+q915.
+q916.
+q917.
+q918.
+q919.
+q920.
+q921.
+q922.
+q923.
+q924.
+q925.
+q926.
+q927.
+q928.
+q929.
+q930.
+q931.
+q932.
+q933.
+q934.
+q935.
+q936.
+q937.
+q938.
+q939.
+q940.
+q941.
+q942.
+q943.
+q944.
+q945.
+q946.
+q947.
+q948.
+q949.
+q950.
+q951.
+q952.
+q953.
+q954.
+q955.
+q956.
+q957.
+q958.
+q959.
+q960.
+q961.
+q962.
+q963.
+q964.
+q965.
+q966.
+q967.
+q968.
+q969.
+q970.
+q971.
+q972.
+q973.
+q974.
+q975.
+q976.
+q977.
+q978.
+q979.
+q980.
+q981.
+q982.
+q983.
+q984.
+q985.
+q986.
+q987.
+q988.
+q989.
+q990.
+q991.
+q992.
+q993.
+q994.
+q995.
+q996.
+q997.
+q998.
+q999.
+q1000.
diff --git a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test
new file mode 100644
index 00000000..828d0a96
--- /dev/null
+++ b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test
@@ -0,0 +1,21 @@
+# #-- 280-limit_outstanding_queries.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+QLIMIT=10
+make && "./${TPKG_NAME}" | (
+	read PORT
+	${GETDNS_STUB_QUERY} @127.0.0.1:$PORT TXT \
+	    -a -F "./${TPKG_NAME}.queries" \
+	          "{limit_outstanding_queries:$QLIMIT}" 2>&1 > out
+
+	${GETDNS_STUB_QUERY} -q @127.0.0.1:$PORT TXT quit.
+) && grep '"n_requests: [0-9][0-9]*"' out | sed -e 's/^.*n_requests: //g' -e 's/".*$//g' \
+    | awk -vQLIMIT=$QLIMIT '{
+	if ($1 > QLIMIT) {
+		print "ERROR: More than "QLIMIT" outstanding queries!";
+		exit(-1);
+	}
+}' && echo "SUCCESS: No more than ${QLIMIT} outstanding queries"

From b8f43c8acd81f4b61c4e584a83341740d3a6f2f0 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 14 Mar 2017 15:20:56 +0100
Subject: [PATCH 176/249] Mention the number of simultaneous queries in error
 (and success)

---
 .../280-limit_outstanding_queries.test        | 20 ++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test
index 828d0a96..d033f6ee 100644
--- a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test
+++ b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test
@@ -13,9 +13,19 @@ make && "./${TPKG_NAME}" | (
 
 	${GETDNS_STUB_QUERY} -q @127.0.0.1:$PORT TXT quit.
 ) && grep '"n_requests: [0-9][0-9]*"' out | sed -e 's/^.*n_requests: //g' -e 's/".*$//g' \
-    | awk -vQLIMIT=$QLIMIT '{
-	if ($1 > QLIMIT) {
-		print "ERROR: More than "QLIMIT" outstanding queries!";
+    | awk -vQLIMIT=$QLIMIT '
+
+BEGIN{
+	max_outstanding = 0;
+}
+{
+	if ($1 > max_outstanding)
+		max_outstanding = $1;
+}
+END{
+	if (max_outstanding > QLIMIT) {
+		print "ERROR: More than "QLIMIT" outstanding queries: "max_outstanding;
 		exit(-1);
-	}
-}' && echo "SUCCESS: No more than ${QLIMIT} outstanding queries"
+	} else
+		print "SUCCESS: No more than "QLIMIT" outstanding queries: "max_outstanding;
+}'

From 14c9f3aafcf9c41778d1224060ae7b9bb0ee9eaf Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 14 Mar 2017 17:17:56 +0100
Subject: [PATCH 177/249] Track netreqs "in flight"

---
 src/context.c                                 | 23 +++++++++++++++++++
 src/context.h                                 | 17 +++++++++++++-
 src/dnssec.c                                  |  2 +-
 src/general.c                                 | 16 +++++++------
 src/mdns.c                                    |  4 ++--
 src/request-internal.c                        |  6 ++++-
 src/stub.c                                    | 10 ++++----
 .../280-limit_outstanding_queries.test        |  4 +++-
 8 files changed, 64 insertions(+), 18 deletions(-)

diff --git a/src/context.c b/src/context.c
index 5421fd81..1f739fff 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1330,6 +1330,8 @@ getdns_context_create_with_extended_memory_functions(
 
 	_getdns_rbtree_init(&result->outbound_requests, transaction_id_cmp);
 	_getdns_rbtree_init(&result->local_hosts, local_host_cmp);
+	/* TODO: Initialize pending_netreqs */
+	result->netreqs_in_flight = 0;
 
 	result->server = NULL;
 
@@ -2980,6 +2982,27 @@ _getdns_context_request_timed_out(getdns_dns_req *dnsreq)
 	_getdns_context_cancel_request(dnsreq);
 }
 
+
+void
+_getdns_netreq_change_state(getdns_network_req *netreq, network_req_state new_state)
+{
+	if (!netreq)
+		return;
+
+	if (netreq->state != NET_REQ_IN_FLIGHT) {
+		if (new_state == NET_REQ_IN_FLIGHT)
+			netreq->owner->context->netreqs_in_flight += 1;
+		netreq->state = new_state;
+		return;
+	}
+	if (new_state == NET_REQ_IN_FLIGHT) /* No change */
+		return;
+	netreq->state = new_state;
+	netreq->owner->context->netreqs_in_flight -= 1;
+	/* TODO: Schedule pending netreqs
+	 *       when netreqs_in_flight < oustanding_queries */
+}
+
 static void
 accumulate_outstanding_transactions(_getdns_rbnode_t *node, void* arg)
 {
diff --git a/src/context.h b/src/context.h
index e6ed49fb..6fe02d23 100644
--- a/src/context.h
+++ b/src/context.h
@@ -291,6 +291,11 @@ struct getdns_context {
 	 */
 	_getdns_rbtree_t outbound_requests;
 
+	/* network requests
+	 */
+	size_t netreqs_in_flight;
+	_getdns_rbtree_t pending_netreqs;
+
 	struct listen_set *server;
 
 	/* Event loop extension.  */
@@ -372,12 +377,22 @@ void _getdns_context_clear_outbound_request(getdns_dns_req *dnsreq);
  */
 void _getdns_context_cancel_request(getdns_dns_req *dnsreq);
 
-
 /* Calls user callback (with GETDNS_CALLBACK_TIMEOUT + response dict), then
  * cancels and frees the getdns_dns_req with _getdns_context_cancel_request()
  */
 void _getdns_context_request_timed_out(getdns_dns_req *dnsreq);
 
+/* Change state of the netreq req.
+ * - Increments context->netreqs_in_flight
+ *   when state changes from NOT_SENT to IN_FLIGHT
+ * - Decrements context->netreqs_in_flight
+ *   when state changes from IN_FLIGHT to FINISHED, TIMED_OUT or ERRORED
+ * - Resubmits NOT_SENT netreqs from context->pending_netreqs,
+ *   when # pending_netreqs < limit_outstanding_queries
+ */
+void _getdns_netreq_change_state(
+    getdns_network_req *req, network_req_state new_state);
+
 char *_getdns_strdup(const struct mem_funcs *mfs, const char *str);
 
 struct getdns_bindata *_getdns_bindata_copy(
diff --git a/src/dnssec.c b/src/dnssec.c
index b689aba5..b3e86bae 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -3040,7 +3040,7 @@ static void check_chain_complete(chain_head *chain)
 		    ; !r && (netreq = *netreq_p)
 		    ; netreq_p++) {
 
-			netreq->state = NET_REQ_NOT_SENT;
+			_getdns_netreq_change_state(netreq, NET_REQ_NOT_SENT);
 			netreq->owner = dnsreq;
 			r = _getdns_submit_netreq(netreq, &now_ms);
 		}
diff --git a/src/general.c b/src/general.c
index c71a4944..3781e1da 100644
--- a/src/general.c
+++ b/src/general.c
@@ -130,7 +130,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 				if ((r = _getdns_submit_netreq(netreq, &now_ms))) {
 					if (r == DNS_REQ_FINISHED)
 						return;
-					netreq->state = NET_REQ_FINISHED;
+					_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 				}
 			}
 			_getdns_check_dns_req_complete(dns_req);
@@ -168,7 +168,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 				if ((r = _getdns_submit_netreq(netreq, &now_ms))) {
 					if (r == DNS_REQ_FINISHED)
 						return;
-					netreq->state = NET_REQ_FINISHED;
+					_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 				}
 			}
 			_getdns_check_dns_req_complete(dns_req);
@@ -209,7 +209,7 @@ ub_resolve_event_callback(void* arg, int rcode, void *pkt, int pkt_len,
 	getdns_network_req *netreq = (getdns_network_req *) arg;
 	getdns_dns_req *dns_req = netreq->owner;
 
-	netreq->state = NET_REQ_FINISHED;
+	_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
 	/* parse */
 	if (getdns_apply_network_result(
 	    netreq, rcode, pkt, pkt_len, sec, why_bogus)) {
@@ -227,7 +227,7 @@ ub_resolve_callback(void* arg, int err, struct ub_result* ub_res)
 	getdns_network_req *netreq = (getdns_network_req *) arg;
 	getdns_dns_req *dns_req = netreq->owner;
 
-	netreq->state = NET_REQ_FINISHED;
+	_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
 	if (err != 0) {
 		_getdns_call_user_callback(dns_req, NULL);
 		return;
@@ -259,6 +259,8 @@ _getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms)
 	int ub_resolve_r;
 #endif
 
+	_getdns_netreq_change_state(netreq, NET_REQ_IN_FLIGHT);
+
 #ifdef STUB_NATIVE_DNSSEC
 # ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 
@@ -457,7 +459,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 						*return_netreq_p = NULL;
 					return GETDNS_RETURN_GOOD;
 				}
-				netreq->state = NET_REQ_FINISHED;
+				_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 			}
 		}
 
@@ -486,7 +488,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 								*return_netreq_p = NULL;
 							return GETDNS_RETURN_GOOD;
 						}
-						netreq->state = NET_REQ_FINISHED;
+						_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 					}
 				}
 				/* Stop processing more namespaces, since there was a match */
@@ -509,7 +511,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 							*return_netreq_p = NULL;
 						return GETDNS_RETURN_GOOD;
 					}
-					netreq->state = NET_REQ_FINISHED;
+					_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 				}
 			}
 			break;
diff --git a/src/mdns.c b/src/mdns.c
index 253bf972..441701c0 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -121,7 +121,7 @@ mdns_timeout_cb(void *userarg)
 #else
 		close(netreq->fd);
 #endif
-	netreq->state = NET_REQ_TIMED_OUT;
+	_getdns_netreq_change_state(netreq, NET_REQ_TIMED_OUT);
 	if (netreq->owner->user_callback) {
 		netreq->debug_end_time = _getdns_get_time_as_uintt64();
 		(void)_getdns_context_request_timed_out(netreq->owner);
@@ -182,7 +182,7 @@ mdns_udp_read_cb(void *userarg)
 	
 	netreq->response_len = read;
 	netreq->debug_end_time = _getdns_get_time_as_uintt64();
-	netreq->state = NET_REQ_FINISHED;
+	_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
 	_getdns_check_dns_req_complete(dnsreq);
 }
 
diff --git a/src/request-internal.c b/src/request-internal.c
index 6c9cd9ec..8eec6b7a 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -118,7 +118,7 @@ netreq_reset(getdns_network_req *net_req)
 	/* variables that need to be reset on reinit 
 	 */
 	net_req->unbound_id = -1;
-	net_req->state = NET_REQ_NOT_SENT;
+	_getdns_netreq_change_state(net_req, NET_REQ_NOT_SENT);
 	net_req->dnssec_status = GETDNS_DNSSEC_INDETERMINATE;
 	net_req->tsig_status = GETDNS_DNSSEC_INDETERMINATE;
 	net_req->query_id = 0;
@@ -183,6 +183,10 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
 	net_req->debug_tls_auth_status = GETDNS_AUTH_NONE;
 	net_req->debug_udp = 0;
 
+	/* Scheduling, touch only via _getdns_netreq_change_state!
+	 */
+	net_req->state = NET_REQ_NOT_SENT;
+
 	if (max_query_sz == 0) {
 		net_req->query    = NULL;
 		net_req->opt      = NULL;
diff --git a/src/stub.c b/src/stub.c
index f7f1fddb..1fefaa8c 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -550,7 +550,7 @@ upstream_failed(getdns_upstream *upstream, int during_setup)
 			netreq = (getdns_network_req *)
 			    _getdns_rbtree_first(&upstream->netreq_by_query_id);
 			stub_cleanup(netreq);
-			netreq->state = NET_REQ_FINISHED;
+			_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
 			_getdns_check_dns_req_complete(netreq->owner);
 		}
 	}
@@ -580,7 +580,7 @@ stub_timeout_cb(void *userarg)
 	DEBUG_STUB("%s %-35s: MSG:  %p\n",
 	           STUB_DEBUG_CLEANUP, __FUNC__, (void*)netreq);
 	stub_cleanup(netreq);
-	netreq->state = NET_REQ_TIMED_OUT;
+	_getdns_netreq_change_state(netreq, NET_REQ_TIMED_OUT);
 	/* Handle upstream*/
 	if (netreq->fd >= 0) {
 #ifdef USE_WINSOCK
@@ -1368,7 +1368,7 @@ stub_udp_read_cb(void *userarg)
 	netreq->response_len = read;
 	dnsreq->upstreams->current_udp = 0;
 	netreq->debug_end_time = _getdns_get_time_as_uintt64();
-	netreq->state = NET_REQ_FINISHED;
+	_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
 	upstream->udp_responses++;
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 	if (upstream->udp_responses == 1 || 
@@ -1495,7 +1495,7 @@ upstream_read_cb(void *userarg)
 
 		DEBUG_STUB("%s %-35s: MSG: %p (read)\n",
 		    STUB_DEBUG_READ, __FUNC__, (void*)netreq);
-		netreq->state = NET_REQ_FINISHED;
+		_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
 		netreq->response = upstream->tcp.read_buf;
 		netreq->response_len =
 		    upstream->tcp.read_pos - upstream->tcp.read_buf;
@@ -1614,7 +1614,7 @@ upstream_write_cb(void *userarg)
 #endif
 		if (fallback_on_write(netreq) == STUB_TCP_ERROR) {
 			/* TODO: Need new state to report transport unavailable*/
-			netreq->state = NET_REQ_FINISHED;
+			_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
 			_getdns_check_dns_req_complete(netreq->owner);
 		}
 		return;
diff --git a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test
index d033f6ee..37915e43 100644
--- a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test
+++ b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test
@@ -4,7 +4,9 @@
 # use .tpkg.var.test for in test variable passing
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
-QLIMIT=10
+# TODO: Change QLIMIT to 10 once implement pending netreq resubmission
+#
+QLIMIT=1000
 make && "./${TPKG_NAME}" | (
 	read PORT
 	${GETDNS_STUB_QUERY} @127.0.0.1:$PORT TXT \

From 5ea181172a6325ecb6996295948f7e1b2ff33694 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 15 Mar 2017 15:16:42 +0100
Subject: [PATCH 178/249] Reschedule pending netreqs

---
 src/context.c                                 |  50 ++++----
 src/context.h                                 |  16 +--
 src/general.c                                 | 114 ++++++++++++++++--
 src/general.h                                 |  12 ++
 src/request-internal.c                        |   1 +
 .../280-limit_outstanding_queries.test        |  15 ++-
 6 files changed, 159 insertions(+), 49 deletions(-)

diff --git a/src/context.c b/src/context.c
index 1f739fff..aabe13f5 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1267,6 +1267,26 @@ NULL_update_callback(
     getdns_context *context, getdns_context_code_t code, void *userarg)
 { (void)context; (void)code; (void)userarg; }
 
+static int
+netreq_expiry_cmp(const void *id1, const void *id2)
+{
+	getdns_network_req *req1 = (getdns_network_req *)id1;
+	getdns_network_req *req2 = (getdns_network_req *)id2;
+
+	return req1->owner->expires < req2->owner->expires ? -1 :
+	       req1->owner->expires > req2->owner->expires ?  1 :
+	       req1 < req2 ? -1 :
+	       req1 > req2 ?  1 : 0;
+}
+
+void _getdns_check_expired_pending_netreqs(
+    getdns_context *context, uint64_t *now_ms);
+static void _getdns_check_expired_pending_netreqs_cb(void *arg)
+{
+	uint64_t now_ms = 0;
+	_getdns_check_expired_pending_netreqs((getdns_context *)arg, &now_ms);
+}
+
 /*
  * getdns_context_create
  *
@@ -1330,8 +1350,15 @@ getdns_context_create_with_extended_memory_functions(
 
 	_getdns_rbtree_init(&result->outbound_requests, transaction_id_cmp);
 	_getdns_rbtree_init(&result->local_hosts, local_host_cmp);
-	/* TODO: Initialize pending_netreqs */
+	_getdns_rbtree_init(&result->pending_netreqs, netreq_expiry_cmp);
+	result->first_pending_netreq = NULL;
 	result->netreqs_in_flight = 0;
+	result->pending_timeout_event.userarg    = result;
+	result->pending_timeout_event.read_cb    = NULL;
+	result->pending_timeout_event.write_cb   = NULL;
+	result->pending_timeout_event.timeout_cb =
+	    _getdns_check_expired_pending_netreqs_cb;
+	result->pending_timeout_event.ev         = NULL;
 
 	result->server = NULL;
 
@@ -2982,27 +3009,6 @@ _getdns_context_request_timed_out(getdns_dns_req *dnsreq)
 	_getdns_context_cancel_request(dnsreq);
 }
 
-
-void
-_getdns_netreq_change_state(getdns_network_req *netreq, network_req_state new_state)
-{
-	if (!netreq)
-		return;
-
-	if (netreq->state != NET_REQ_IN_FLIGHT) {
-		if (new_state == NET_REQ_IN_FLIGHT)
-			netreq->owner->context->netreqs_in_flight += 1;
-		netreq->state = new_state;
-		return;
-	}
-	if (new_state == NET_REQ_IN_FLIGHT) /* No change */
-		return;
-	netreq->state = new_state;
-	netreq->owner->context->netreqs_in_flight -= 1;
-	/* TODO: Schedule pending netreqs
-	 *       when netreqs_in_flight < oustanding_queries */
-}
-
 static void
 accumulate_outstanding_transactions(_getdns_rbnode_t *node, void* arg)
 {
diff --git a/src/context.h b/src/context.h
index 6fe02d23..e1c838f6 100644
--- a/src/context.h
+++ b/src/context.h
@@ -294,7 +294,10 @@ struct getdns_context {
 	/* network requests
 	 */
 	size_t netreqs_in_flight;
-	_getdns_rbtree_t pending_netreqs;
+
+	_getdns_rbtree_t       pending_netreqs;
+	getdns_network_req    *first_pending_netreq;
+	getdns_eventloop_event pending_timeout_event;
 
 	struct listen_set *server;
 
@@ -382,17 +385,6 @@ void _getdns_context_cancel_request(getdns_dns_req *dnsreq);
  */
 void _getdns_context_request_timed_out(getdns_dns_req *dnsreq);
 
-/* Change state of the netreq req.
- * - Increments context->netreqs_in_flight
- *   when state changes from NOT_SENT to IN_FLIGHT
- * - Decrements context->netreqs_in_flight
- *   when state changes from IN_FLIGHT to FINISHED, TIMED_OUT or ERRORED
- * - Resubmits NOT_SENT netreqs from context->pending_netreqs,
- *   when # pending_netreqs < limit_outstanding_queries
- */
-void _getdns_netreq_change_state(
-    getdns_network_req *req, network_req_state new_state);
-
 char *_getdns_strdup(const struct mem_funcs *mfs, const char *str);
 
 struct getdns_bindata *_getdns_bindata_copy(
diff --git a/src/general.c b/src/general.c
index 3781e1da..14b7ee40 100644
--- a/src/general.c
+++ b/src/general.c
@@ -90,14 +90,23 @@ void
 _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 {
 	getdns_network_req **netreq_p, *netreq;
-	int results_found = 0, r;
+	int results_found = 0, timed_out = 1, r;
 	uint64_t now_ms  = 0;
 	
 	for (netreq_p = dns_req->netreqs; (netreq = *netreq_p); netreq_p++)
 		if (!_getdns_netreq_finished(netreq))
 			return;
-		else if (netreq->response_len > 0)
-			results_found = 1;
+		else {
+			if (netreq->state != NET_REQ_TIMED_OUT)
+				timed_out = 0;
+			if (netreq->response_len > 0)
+				results_found = 1;
+		}
+
+	if (timed_out) {
+		_getdns_context_request_timed_out(dns_req);
+		return;
+	}
 
 	/* Do we have to check more suffixes on nxdomain/nodata?
 	 */
@@ -248,30 +257,113 @@ ub_resolve_callback(void* arg, int err, struct ub_result* ub_res)
 #endif
 
 
+void _getdns_check_expired_pending_netreqs(
+    getdns_context *context, uint64_t *now_ms)
+{
+	getdns_network_req *first;
+
+	assert(context);
+
+	while (context->pending_netreqs.count) {
+		first = (getdns_network_req *)
+		    _getdns_rbtree_first(&context->pending_netreqs);
+
+		if (_getdns_ms_until_expiry2(first->owner->expires, now_ms) > 0)
+			break;
+
+		(void) _getdns_rbtree_delete(&context->pending_netreqs, first);
+		_getdns_netreq_change_state(first, NET_REQ_TIMED_OUT);
+		_getdns_check_dns_req_complete(first->owner);
+	}
+	first = context->pending_netreqs.count ? (getdns_network_req *)
+	    _getdns_rbtree_first(&context->pending_netreqs) : NULL;
+
+	if (first == context->first_pending_netreq ||
+	    (first && context->first_pending_netreq &&
+	     first->owner->expires == context->first_pending_netreq->owner->expires))
+		return; /* Nothing changed */
+
+	if (context->first_pending_netreq)
+		GETDNS_CLEAR_EVENT(  context->extension
+		                  , &context->pending_timeout_event);
+
+	if ((context->first_pending_netreq = first))
+		GETDNS_SCHEDULE_EVENT( context->extension, -1,
+		    _getdns_ms_until_expiry2(first->owner->expires, now_ms),
+		    &context->pending_timeout_event);
+}
+
+void
+_getdns_netreq_change_state(
+    getdns_network_req *netreq, network_req_state new_state)
+{
+	getdns_context *context;
+	uint64_t now_ms;
+
+	if (!netreq)
+		return;
+
+	context = netreq->owner->context;
+
+	if (netreq->state != NET_REQ_IN_FLIGHT) {
+		if (new_state == NET_REQ_IN_FLIGHT)
+			context->netreqs_in_flight += 1;
+		netreq->state = new_state;
+		return;
+	}
+	if (new_state == NET_REQ_IN_FLIGHT) /* No change */
+		return;
+	netreq->state = new_state;
+	context->netreqs_in_flight -= 1;
+
+	now_ms = 0;
+	while (context->limit_outstanding_queries > 0 &&
+	    context->pending_netreqs.count > 0 &&
+	    context->netreqs_in_flight < context->limit_outstanding_queries)  {
+
+		getdns_network_req *first = (getdns_network_req *)
+		    _getdns_rbtree_first(&context->pending_netreqs);
+		(void) _getdns_rbtree_delete(&context->pending_netreqs, first);
+		(void) _getdns_submit_netreq(first, &now_ms);
+	}
+}
+
 int
 _getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms)
 {
 	getdns_return_t r;
 	getdns_dns_req *dns_req = netreq->owner;
+	getdns_context *context = dns_req->context;
 	char name[1024];
 	int dnsreq_freed = 0;
 #ifdef HAVE_LIBUNBOUND
 	int ub_resolve_r;
 #endif
 
+	if (context->limit_outstanding_queries > 0 &&
+	    context->netreqs_in_flight >= context->limit_outstanding_queries) {
+
+		netreq->node.key = netreq;
+		if (_getdns_rbtree_insert(
+		    &context->pending_netreqs, &netreq->node)) {
+			
+			_getdns_check_expired_pending_netreqs(context, now_ms);
+			return GETDNS_RETURN_GOOD;
+		}
+	}
 	_getdns_netreq_change_state(netreq, NET_REQ_IN_FLIGHT);
 
 #ifdef STUB_NATIVE_DNSSEC
 # ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 
-	if ((dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
+	if ((context->resolution_type == GETDNS_RESOLUTION_RECURSING
 	    && !dns_req->dnssec_roadblock_avoidance)
 	    ||  dns_req->avoid_dnssec_roadblocks) {
 # else
-	if ( dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING) {
+	if ( context->resolution_type == GETDNS_RESOLUTION_RECURSING) {
 # endif
 #else
-	if ( dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
+	if ( context->resolution_type == GETDNS_RESOLUTION_RECURSING
 	    || dns_req->dnssec_return_status
 	    || dns_req->dnssec_return_only_secure
 	    || dns_req->dnssec_return_all_statuses
@@ -297,15 +389,15 @@ _getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms)
 #ifdef HAVE_LIBUNBOUND
 		dns_req->freed = &dnsreq_freed;
 #ifdef HAVE_UNBOUND_EVENT_API
-		if (_getdns_ub_loop_enabled(&dns_req->context->ub_loop))
-			ub_resolve_r = ub_resolve_event(dns_req->context->unbound_ctx,
-			    name, netreq->request_type, netreq->owner->request_class,
+		if (_getdns_ub_loop_enabled(&context->ub_loop))
+			ub_resolve_r = ub_resolve_event(context->unbound_ctx,
+			    name, netreq->request_type, dns_req->request_class,
 			    netreq, ub_resolve_event_callback, &(netreq->unbound_id)) ?
 			    GETDNS_RETURN_GENERIC_ERROR : GETDNS_RETURN_GOOD;
 		else
 #endif
-			ub_resolve_r = ub_resolve_async(dns_req->context->unbound_ctx,
-			    name, netreq->request_type, netreq->owner->request_class,
+			ub_resolve_r = ub_resolve_async(context->unbound_ctx,
+			    name, netreq->request_type, dns_req->request_class,
 			    netreq, ub_resolve_callback, &(netreq->unbound_id)) ?
 			    GETDNS_RETURN_GENERIC_ERROR : GETDNS_RETURN_GOOD;
 		if (dnsreq_freed)
diff --git a/src/general.h b/src/general.h
index dcd9b9be..e0860c78 100644
--- a/src/general.h
+++ b/src/general.h
@@ -45,6 +45,18 @@
 #define DNS_REQ_FINISHED -1
 
 void _getdns_call_user_callback(getdns_dns_req *, getdns_dict *);
+
+/* Change state of the netreq req.
+ * - Increments context->netreqs_in_flight
+ *   when state changes from NOT_SENT to IN_FLIGHT
+ * - Decrements context->netreqs_in_flight
+ *   when state changes from IN_FLIGHT to FINISHED, TIMED_OUT or ERRORED
+ * - Resubmits NOT_SENT netreqs from context->pending_netreqs,
+ *   when # pending_netreqs < limit_outstanding_queries
+ */
+void _getdns_netreq_change_state(
+    getdns_network_req *netreq, network_req_state new_state);
+
 void _getdns_check_dns_req_complete(getdns_dns_req *dns_req);
 int _getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms);
 
diff --git a/src/request-internal.c b/src/request-internal.c
index 8eec6b7a..2259286e 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -43,6 +43,7 @@
 #include "dict.h"
 #include "debug.h"
 #include "convert.h"
+#include "general.h"
 
 /* MAXIMUM_TSIG_SPACE = TSIG name      (dname)    : 256
  *                      TSIG type      (uint16_t) :   2
diff --git a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test
index 37915e43..177cc1c7 100644
--- a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test
+++ b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.test
@@ -4,9 +4,15 @@
 # use .tpkg.var.test for in test variable passing
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
-# TODO: Change QLIMIT to 10 once implement pending netreq resubmission
-#
-QLIMIT=1000
+
+QLIMIT=64
+NQUERIES=`wc "./${TPKG_NAME}.queries"|sed 's/ .*$//g'`
+
+# Test will take NQUERIES / QLIMIT * answer delay
+# For current parameters this is 1000 / 64 * 0.3 = 4.6875
+# which is smaller than 5 seconds default query timeout value,
+# so the test should succeed.
+
 make && "./${TPKG_NAME}" | (
 	read PORT
 	${GETDNS_STUB_QUERY} @127.0.0.1:$PORT TXT \
@@ -15,7 +21,7 @@ make && "./${TPKG_NAME}" | (
 
 	${GETDNS_STUB_QUERY} -q @127.0.0.1:$PORT TXT quit.
 ) && grep '"n_requests: [0-9][0-9]*"' out | sed -e 's/^.*n_requests: //g' -e 's/".*$//g' \
-    | awk -vQLIMIT=$QLIMIT '
+    | awk -vQLIMIT=$QLIMIT -vNQUERIES=$NQUERIES '
 
 BEGIN{
 	max_outstanding = 0;
@@ -25,6 +31,7 @@ BEGIN{
 		max_outstanding = $1;
 }
 END{
+	printf("%d of %d queries answered (%.1f%%)\n", NR, NQUERIES, (NR / NQUERIES * 100));
 	if (max_outstanding > QLIMIT) {
 		print "ERROR: More than "QLIMIT" outstanding queries: "max_outstanding;
 		exit(-1);

From f0f3c43552936a8bd40d59d388cac2c4d7ac09b2 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Thu, 16 Mar 2017 14:51:46 +0000
Subject: [PATCH 179/249] - Add a new mode where for TLS (and infact TCP too)
 the upstream selection simply cycles over all the upstreams rather than
 treating them as an ordered list and always using the first open one. - Make
 IP field in debug output fixed width - Collect all the one line config
 options at the top of the stubby.conf file to make it easier to read

---
 src/const-info.c             |  2 +
 src/context.c                | 45 +++++++++++++++++++---
 src/context.h                |  2 +
 src/getdns/getdns_extra.h.in |  9 +++++
 src/libgetdns.symbols        |  2 +
 src/stub.c                   | 75 ++++++++++++++++++++++++++----------
 src/tools/stubby.conf        | 11 +++---
 7 files changed, 116 insertions(+), 30 deletions(-)

diff --git a/src/const-info.c b/src/const-info.c
index 4556634a..b539094a 100644
--- a/src/const-info.c
+++ b/src/const-info.c
@@ -73,6 +73,7 @@ static struct const_info consts_info[] = {
 	{  619, "GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE", GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE_TEXT },
 	{  620, "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE_TEXT },
 	{  621, "GETDNS_CONTEXT_CODE_PUBKEY_PINSET", GETDNS_CONTEXT_CODE_PUBKEY_PINSET_TEXT },
+	{  622, "GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS", GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS_TEXT },
 	{  700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
 	{  701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
 	{  702, "GETDNS_CALLBACK_TIMEOUT", GETDNS_CALLBACK_TIMEOUT_TEXT },
@@ -161,6 +162,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_CONTEXT_CODE_TIMEOUT", 616 },
 	{ "GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION", 618 },
 	{ "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 },
+	{ "GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS", 622 },
 	{ "GETDNS_CONTEXT_CODE_UPSTREAM_RECURSIVE_SERVERS", 603 },
 	{ "GETDNS_DNSSEC_BOGUS", 401 },
 	{ "GETDNS_DNSSEC_INDETERMINATE", 402 },
diff --git a/src/context.c b/src/context.c
index 5421fd81..e5b183d6 100644
--- a/src/context.c
+++ b/src/context.c
@@ -647,6 +647,7 @@ upstreams_create(getdns_context *context, size_t size)
 	r->referenced = 1;
 	r->count = 0;
 	r->current_udp = 0;
+	r->current_stateful = 0;
 	return r;
 }
 
@@ -721,17 +722,17 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	if (upstream->tls_auth_state > upstream->best_tls_auth_state)
 		upstream->best_tls_auth_state = upstream->tls_auth_state;
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-	DEBUG_DAEMON("%s %s : Conn closed   : Transport=%s - Resp=%d,Timeouts=%d,Auth=%s,Keepalive(ms)=%d\n",
+	DEBUG_DAEMON("%s %-40s : Conn closed   : Transport=%s - Resp=%d,Timeouts=%d,Auth=%s,Keepalive(ms)=%d\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->responses_received, (int)upstream->responses_timeouts,
 	             _getdns_auth_str(upstream->tls_auth_state), (int)upstream->keepalive_timeout);
-	DEBUG_DAEMON("%s %s : Upstream stats: Transport=%s - Resp=%d,Timeouts=%d,Best_auth=%s\n",
+	DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=%s - Resp=%d,Timeouts=%d,Best_auth=%s\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->total_responses, (int)upstream->total_timeouts,
 	             _getdns_auth_str(upstream->best_tls_auth_state));
-	DEBUG_DAEMON("%s %s : Upstream stats: Transport=%s - Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
+	DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=%s - Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
 	             STUB_DEBUG_DAEMON, upstream->addr_str,
 	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->conn_completed, (int)upstream->conn_setup_failed,
@@ -760,7 +761,7 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 		upstream->conn_shutdowns = 0;
 		upstream->conn_backoffs++;
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-		DEBUG_DAEMON("%s %s : !Backing off this upstream    - Will retry as new upstream at %s",
+		DEBUG_DAEMON("%s %-40s : !Backing off this upstream    - Will retry as new upstream at %s",
 		            STUB_DEBUG_DAEMON, upstream->addr_str,
 		            asctime(gmtime(&upstream->conn_retry_time)));
 #endif
@@ -1428,6 +1429,7 @@ getdns_context_create_with_extended_memory_functions(
 		goto error;
 	result->tls_auth = GETDNS_AUTHENTICATION_NONE; 
 	result->tls_auth_min = GETDNS_AUTHENTICATION_NONE;
+	result->tls_use_all_upstreams = 0;
 	result->limit_outstanding_queries = 0;
 
 	/* unbound context is initialized here */
@@ -2031,6 +2033,27 @@ getdns_context_set_tls_authentication(getdns_context *context,
     return GETDNS_RETURN_GOOD;
 }               /* getdns_context_set_tls_authentication_list */
 
+/*
+ * getdns_context_set_tls_use_all_upstreams
+ *
+ */
+getdns_return_t
+getdns_context_set_tls_use_all_upstreams(getdns_context *context, uint8_t value)
+{
+    RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
+    /* only allow 0 or 1 */
+    if (value != 0 && value != 1) {
+        return GETDNS_RETURN_CONTEXT_UPDATE_FAIL;
+    }
+
+    context->tls_use_all_upstreams = value;
+
+    dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS);
+
+    return GETDNS_RETURN_GOOD;
+}               /* getdns_context_set_tls_use_all_upstreams */
+
+
 #ifdef HAVE_LIBUNBOUND
 static void
 set_ub_limit_outstanding_queries(getdns_context* context, uint16_t value) {
@@ -3467,7 +3490,9 @@ _get_context_settings(getdns_context* context)
 	    || getdns_dict_set_int(result, "append_name",
 	                           context->append_name)
 	    || getdns_dict_set_int(result, "tls_authentication",
-	                           context->tls_auth))
+	                           context->tls_auth)
+	    || getdns_dict_set_int(result, "tls_use_all_upstreams",
+	                           context->tls_use_all_upstreams))
 		goto error;
 	
 	/* list fields */
@@ -3763,6 +3788,15 @@ getdns_context_get_tls_authentication(getdns_context *context,
     return GETDNS_RETURN_GOOD;
 }
 
+getdns_return_t
+getdns_context_get_tls_use_all_upstreams(getdns_context *context,
+    uint8_t* value) {
+    RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
+    RETURN_IF_NULL(value, GETDNS_RETURN_INVALID_PARAMETER);
+    *value = context->tls_use_all_upstreams;
+    return GETDNS_RETURN_GOOD;
+}
+
 getdns_return_t
 getdns_context_get_limit_outstanding_queries(getdns_context *context,
     uint16_t* value) {
@@ -4158,6 +4192,7 @@ _getdns_context_config_setting(getdns_context *context,
 
 	CONTEXT_SETTING_INT(edns_client_subnet_private)
 	CONTEXT_SETTING_INT(tls_authentication)
+	CONTEXT_SETTING_INT(tls_use_all_upstreams)
 	CONTEXT_SETTING_INT(tls_query_padding_blocksize)
 
 	/**************************************/
diff --git a/src/context.h b/src/context.h
index e6ed49fb..df9eb88f 100644
--- a/src/context.h
+++ b/src/context.h
@@ -217,6 +217,7 @@ typedef struct getdns_upstreams {
 	size_t referenced;
 	size_t count;
 	size_t current_udp;
+	size_t current_stateful;
 	getdns_upstream upstreams[];
 } getdns_upstreams;
 
@@ -248,6 +249,7 @@ struct getdns_context {
 	uint32_t             dnssec_allowed_skew;
 	getdns_tls_authentication_t  tls_auth;  /* What user requested for TLS*/
 	getdns_tls_authentication_t  tls_auth_min; /* Derived minimum auth allowed*/
+	uint8_t              tls_use_all_upstreams;
 
 	getdns_transport_list_t   *dns_transports;
 	size_t                     dns_transport_count;
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index a76564eb..90c33c44 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -76,6 +76,8 @@ extern "C" {
 #define GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE_TEXT "Change related to getdns_context_set_tls_query_padding_blocksize"
 #define GETDNS_CONTEXT_CODE_PUBKEY_PINSET 621
 #define GETDNS_CONTEXT_CODE_PUBKEY_PINSET_TEXT "Change related to getdns_context_set_pubkey_pinset"
+#define GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS 622
+#define GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS_TEXT "Change related to getdns_context_set_pubkey_pinset"
 /** @}
   */
 
@@ -265,6 +267,9 @@ getdns_return_t
 getdns_context_set_tls_authentication(
     getdns_context *context, getdns_tls_authentication_t value);
 
+getdns_return_t
+getdns_context_set_tls_use_all_upstreams(getdns_context *context, uint8_t value);
+
 getdns_return_t
 getdns_context_set_edns_client_subnet_private(getdns_context *context, uint8_t value);
 
@@ -356,6 +361,10 @@ getdns_return_t
 getdns_context_get_tls_authentication(getdns_context *context,
     getdns_tls_authentication_t* value);
 
+getdns_return_t
+getdns_context_get_tls_use_all_upstreams(getdns_context *context,
+    uint8_t* value);
+
 /**
  * Get the currently registered callback function and user defined argument
  * for context changes.
diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index 6e3cb128..6890dc85 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -30,6 +30,7 @@ getdns_context_get_suffix
 getdns_context_get_timeout
 getdns_context_get_tls_authentication
 getdns_context_get_tls_query_padding_blocksize
+getdns_context_get_tls_use_all_upstreams
 getdns_context_get_update_callback
 getdns_context_get_upstream_recursive_servers
 getdns_context_process_async
@@ -60,6 +61,7 @@ getdns_context_set_suffix
 getdns_context_set_timeout
 getdns_context_set_tls_authentication
 getdns_context_set_tls_query_padding_blocksize
+getdns_context_get_tls_use_all_upstreams
 getdns_context_set_update_callback
 getdns_context_set_upstream_recursive_servers
 getdns_context_set_use_threads
diff --git a/src/stub.c b/src/stub.c
index e905f600..fe4c52c2 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -591,7 +591,7 @@ stub_timeout_cb(void *userarg)
 		netreq->upstream->udp_timeouts++;
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 	if (netreq->upstream->udp_timeouts % 100 == 0)
-		DEBUG_DAEMON("%s %s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
+		DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
 		             STUB_DEBUG_DAEMON, netreq->upstream->addr_str,
 		             (int)netreq->upstream->udp_responses, (int)netreq->upstream->udp_timeouts);
 #endif
@@ -907,7 +907,7 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 			            STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 		else
-			DEBUG_DAEMON("%s %s : Conn failed   : Transport=TLS - *Failure* - Pinset validation failure\n",
+			DEBUG_DAEMON("%s %-40s : Conn failed   : Transport=TLS - *Failure* - Pinset validation failure\n",
 		                  STUB_DEBUG_DAEMON, upstream->addr_str);
 #endif
 	} else {
@@ -1373,7 +1373,7 @@ stub_udp_read_cb(void *userarg)
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 	if (upstream->udp_responses == 1 || 
 	    upstream->udp_responses % 100 == 0)
-		DEBUG_DAEMON("%s %s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
+		DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
 		             STUB_DEBUG_DAEMON, upstream->addr_str,
 		             (int)upstream->udp_responses, (int)upstream->udp_timeouts);
 #endif
@@ -1608,7 +1608,7 @@ upstream_write_cb(void *userarg)
 		/* Cleaning up after connection or auth check failure. Need to fallback. */
 		stub_cleanup(netreq);
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-		DEBUG_DAEMON("%s %s : Conn closed   : Transport=%s - *Failure*\n",
+		DEBUG_DAEMON("%s %-40s : Conn closed   : Transport=%s - *Failure*\n",
 		             STUB_DEBUG_DAEMON, upstream->addr_str,
 		             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"));
 #endif
@@ -1672,6 +1672,17 @@ upstream_active(getdns_upstream *upstream)
 	return 0;
 }
 
+static int
+upstream_usable(getdns_upstream *upstream) 
+{
+	if ((upstream->conn_state == GETDNS_CONN_CLOSED || 
+	     upstream->conn_state == GETDNS_CONN_SETUP || 
+	     upstream->conn_state == GETDNS_CONN_OPEN) &&
+	     upstream->keepalive_shutdown == 0)
+		return 1;
+	return 0;
+}
+
 static int
 upstream_auth_status_ok(getdns_upstream *upstream, getdns_network_req *netreq) {
 	if (netreq->tls_auth_min != GETDNS_AUTHENTICATION_REQUIRED)
@@ -1692,10 +1703,16 @@ upstream_valid(getdns_upstream *upstream,
                           getdns_transport_list_t transport,
                           getdns_network_req *netreq)
 {
-	if (upstream->transport != transport || upstream->conn_state != GETDNS_CONN_CLOSED)
+	if (upstream->transport != transport && upstream_usable(upstream))
 		return 0;
 	if (transport == GETDNS_TRANSPORT_TCP)
 		return 1;
+	if (upstream->conn_state == GETDNS_CONN_OPEN) {
+		if (!upstream_auth_status_ok(upstream, netreq))
+			return 0;
+		else
+			return 1;
+	}
 	/* We need to check past authentication history to see if this is usable for TLS.*/
 	if (netreq->tls_auth_min != GETDNS_AUTHENTICATION_REQUIRED)
 		return 1;
@@ -1728,7 +1745,7 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 	getdns_upstreams *upstreams = netreq->owner->upstreams;
 	size_t i;
 	time_t now = time(NULL);
-	
+
 	if (!upstreams->count)
 		return NULL;
 
@@ -1738,37 +1755,55 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 		    upstreams->upstreams[i].conn_retry_time < now) {
 			upstreams->upstreams[i].conn_state = GETDNS_CONN_CLOSED;
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-			DEBUG_DAEMON("%s %s : Re-instating upstream\n",
+			DEBUG_DAEMON("%s %-40s : Re-instating upstream\n",
 		            STUB_DEBUG_DAEMON, upstreams->upstreams[i].addr_str);
 #endif
 		}
 	}
 
-	/* First find if an open upstream has the correct properties and use that*/
-	for (i = 0; i < upstreams->count; i++) {
-		if (upstream_valid_and_open(&upstreams->upstreams[i], transport, netreq)) 
-			return &upstreams->upstreams[i];
+	if (netreq->owner->context->tls_use_all_upstreams == 0) {
+		/* First find if an open upstream has the correct properties and use that*/
+		for (i = 0; i < upstreams->count; i++) {
+			if (upstream_valid_and_open(&upstreams->upstreams[i], transport, netreq)) 
+				return &upstreams->upstreams[i];
+		}
 	}
 
-	/* OK - we will have to open one. Choose the first one that has the best stats
-	   and the right properties, but because we completely back off failed 
+	/* OK - Find the next one to use. First check we have at least one valid
+	   upstream because we completely back off failed 
 	   upstreams we may have no valid upstream at all (in contrast to UDP). This
 	   will be better communicated to the user when we have better error codes*/
-	for (i = 0; i < upstreams->count; i++) {
+	i = upstreams->current_stateful;
+	do {
 		DEBUG_STUB("%s %-35s: Testing upstreams  %d %d\n", STUB_DEBUG_SETUP, 
 	           __FUNC__, (int)i, (int)upstreams->upstreams[i].conn_state);
 		if (upstream_valid(&upstreams->upstreams[i], transport, netreq)) {
 			upstream = &upstreams->upstreams[i];
 			break;
 		}
-	}
+		i++;
+		if (i >= upstreams->count)
+			i = 0;
+	} while (i != upstreams->current_stateful);
 	if (!upstream)
 		return NULL;
-	for (i++; i < upstreams->count; i++) {
-		if (upstream_valid(&upstreams->upstreams[i], transport, netreq) &&
-		    upstream_stats(&upstreams->upstreams[i]) > upstream_stats(upstream))
-			upstream = &upstreams->upstreams[i];
+
+	/* Now select the specific upstream */
+	if (netreq->owner->context->tls_use_all_upstreams == 0) {
+		/* Base the decision on the stats, noting we will have started from 0*/
+		for (i++; i < upstreams->count; i++) {
+			if (upstream_valid(&upstreams->upstreams[i], transport, netreq) &&
+			    upstream_stats(&upstreams->upstreams[i]) > upstream_stats(upstream))
+				upstream = &upstreams->upstreams[i];
+		}
+	} else {
+		/* Simplistic, but always just pick the first one, incrementing the current.
+		   Note we are not distinguishing TCP/TLS here....*/
+		upstreams->current_stateful+=GETDNS_UPSTREAM_TRANSPORTS;
+		if (upstreams->current_stateful >= upstreams->count)
+			upstreams->current_stateful = 0;
 	}
+
 	return upstream;
 }
 
@@ -1853,7 +1888,7 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 		}
 		upstream->conn_state = GETDNS_CONN_SETUP;
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-	DEBUG_DAEMON("%s %s : Conn init     : Transport=%s - Profile=%s\n", STUB_DEBUG_DAEMON, 
+	DEBUG_DAEMON("%s %-40s : Conn init     : Transport=%s - Profile=%s\n", STUB_DEBUG_DAEMON, 
 	             upstream->addr_str, transport == GETDNS_TRANSPORT_TLS ? "TLS":"TCP",
 	             dnsreq->context->tls_auth_min == GETDNS_AUTHENTICATION_NONE ? "Opportunistic":"Strict");
 #endif
diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf
index 1055e277..0bda0e7c 100644
--- a/src/tools/stubby.conf
+++ b/src/tools/stubby.conf
@@ -1,5 +1,11 @@
 { resolution_type: GETDNS_RESOLUTION_STUB
 , dns_transport_list: [ GETDNS_TRANSPORT_TLS ]
+, tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
+, tls_query_padding_blocksize: 256
+, edns_client_subnet_private : 1
+, listen_addresses: [ 127.0.0.1, 0::1 ]
+, idle_timeout: 10000
+, tls_use_all_upstreams: 1
 , upstream_recursive_servers:
   [ { address_data: 145.100.185.15
     , tls_auth_name: "dnsovertls.sinodun.com"
@@ -56,9 +62,4 @@
       } ]
     }
   ]
-, tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
-, tls_query_padding_blocksize: 256
-, edns_client_subnet_private : 1
-, listen_addresses: [ 127.0.0.1, 0::1 ]
-, idle_timeout: 10000 
 }

From 2a1a6768cb0225e6b31cdfff536cd9c114be9d3c Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Thu, 16 Mar 2017 16:26:34 +0000
Subject: [PATCH 180/249] Add unit test and catch a typo

---
 src/libgetdns.symbols                         |  2 +-
 ...tdns_context_set_context_update_callback.h | 24 +++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index 6890dc85..71f63a1f 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -61,7 +61,7 @@ getdns_context_set_suffix
 getdns_context_set_timeout
 getdns_context_set_tls_authentication
 getdns_context_set_tls_query_padding_blocksize
-getdns_context_get_tls_use_all_upstreams
+getdns_context_set_tls_use_all_upstreams
 getdns_context_set_update_callback
 getdns_context_set_upstream_recursive_servers
 getdns_context_set_use_threads
diff --git a/src/test/check_getdns_context_set_context_update_callback.h b/src/test/check_getdns_context_set_context_update_callback.h
index d816a149..25b302d8 100644
--- a/src/test/check_getdns_context_set_context_update_callback.h
+++ b/src/test/check_getdns_context_set_context_update_callback.h
@@ -434,6 +434,29 @@
 
     }
     END_TEST    
+
+    START_TEST (getdns_context_set_context_update_callback_23)
+    {
+     /*
+      *  value is NULL
+      *  expect: GETDNS_RETURN_INVALID_PARAMETER
+      */
+
+      struct getdns_context *context = NULL;
+      CONTEXT_CREATE(TRUE);
+
+      ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
+        GETDNS_RETURN_GOOD, "Return code from getdns_context_set_context_update_callback()");
+
+      expected_changed_item = GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS;
+
+      ASSERT_RC(getdns_context_set_tls_use_all_upstreams(context, 1),
+        GETDNS_RETURN_GOOD, "Return code from getdns_context_set_timeout()");
+
+      CONTEXT_DESTROY;
+
+    }
+    END_TEST
     
     Suite *
     getdns_context_set_context_update_callback_suite (void)
@@ -462,6 +485,7 @@
       tcase_add_test(tc_pos, getdns_context_set_context_update_callback_20);
       tcase_add_test(tc_pos, getdns_context_set_context_update_callback_21);
       tcase_add_test(tc_pos, getdns_context_set_context_update_callback_22);
+      tcase_add_test(tc_pos, getdns_context_set_context_update_callback_23);
       suite_add_tcase(s, tc_pos);
 
        return s;

From 6734a00d59ed4b6d5c0c38e7d9ab10367d449073 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 17 Mar 2017 11:25:47 +0000
Subject: [PATCH 181/249] Improve the logging

---
 src/stub.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/stub.c b/src/stub.c
index fe4c52c2..ee691153 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -870,7 +870,7 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 #endif
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
 	if (!preverify_ok && !upstream->tls_fallback_ok)
-			DEBUG_DAEMON("%s %s : Conn failed   : Transport=TLS - *Failure* -  (%d) \"%s\"\n",
+			DEBUG_DAEMON("%s %-40s : Verify failed : Transport=TLS - *Failure* -  (%d) \"%s\"\n",
 		                  STUB_DEBUG_DAEMON, upstream->addr_str, err,
 			              X509_verify_cert_error_string(err));
 #endif
@@ -920,6 +920,10 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 			preverify_ok = 1;
 			DEBUG_STUB("%s %-35s: FD:  %d, Allowing self-signed (%d) cert since pins match\n",
 		           STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd, err);
+#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
+			DEBUG_DAEMON("%s %-40s : Verify passed : Transport=TLS - Allowing self-signed cert since pins match\n",
+		                  STUB_DEBUG_DAEMON, upstream->addr_str);
+#endif
 		}
 	}
 

From 1d4e3dd7907b5f36ede0f284853982446fefe17b Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 17 Mar 2017 16:53:03 +0000
Subject: [PATCH 182/249] Update the name of the new option to
 'round_robin_upstreams'

---
 src/const-info.c                              |  4 ++--
 src/context.c                                 | 22 +++++++++----------
 src/context.h                                 |  2 +-
 src/getdns/getdns_extra.h.in                  |  8 +++----
 src/libgetdns.symbols                         |  4 ++--
 src/stub.c                                    |  6 ++---
 ...tdns_context_set_context_update_callback.h |  4 ++--
 src/tools/stubby.conf                         |  2 +-
 8 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/src/const-info.c b/src/const-info.c
index b539094a..f105b756 100644
--- a/src/const-info.c
+++ b/src/const-info.c
@@ -73,7 +73,7 @@ static struct const_info consts_info[] = {
 	{  619, "GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE", GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE_TEXT },
 	{  620, "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE_TEXT },
 	{  621, "GETDNS_CONTEXT_CODE_PUBKEY_PINSET", GETDNS_CONTEXT_CODE_PUBKEY_PINSET_TEXT },
-	{  622, "GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS", GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS_TEXT },
+	{  622, "GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS", GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS_TEXT },
 	{  700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
 	{  701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
 	{  702, "GETDNS_CALLBACK_TIMEOUT", GETDNS_CALLBACK_TIMEOUT_TEXT },
@@ -158,11 +158,11 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_CONTEXT_CODE_NAMESPACES", 600 },
 	{ "GETDNS_CONTEXT_CODE_PUBKEY_PINSET", 621 },
 	{ "GETDNS_CONTEXT_CODE_RESOLUTION_TYPE", 601 },
+	{ "GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS", 622 },
 	{ "GETDNS_CONTEXT_CODE_SUFFIX", 608 },
 	{ "GETDNS_CONTEXT_CODE_TIMEOUT", 616 },
 	{ "GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION", 618 },
 	{ "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 },
-	{ "GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS", 622 },
 	{ "GETDNS_CONTEXT_CODE_UPSTREAM_RECURSIVE_SERVERS", 603 },
 	{ "GETDNS_DNSSEC_BOGUS", 401 },
 	{ "GETDNS_DNSSEC_INDETERMINATE", 402 },
diff --git a/src/context.c b/src/context.c
index e5b183d6..2bc6963a 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1429,7 +1429,7 @@ getdns_context_create_with_extended_memory_functions(
 		goto error;
 	result->tls_auth = GETDNS_AUTHENTICATION_NONE; 
 	result->tls_auth_min = GETDNS_AUTHENTICATION_NONE;
-	result->tls_use_all_upstreams = 0;
+	result->round_robin_upstreams = 0;
 	result->limit_outstanding_queries = 0;
 
 	/* unbound context is initialized here */
@@ -2034,11 +2034,11 @@ getdns_context_set_tls_authentication(getdns_context *context,
 }               /* getdns_context_set_tls_authentication_list */
 
 /*
- * getdns_context_set_tls_use_all_upstreams
+ * getdns_context_set_round_robin_upstreams
  *
  */
 getdns_return_t
-getdns_context_set_tls_use_all_upstreams(getdns_context *context, uint8_t value)
+getdns_context_set_round_robin_upstreams(getdns_context *context, uint8_t value)
 {
     RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
     /* only allow 0 or 1 */
@@ -2046,12 +2046,12 @@ getdns_context_set_tls_use_all_upstreams(getdns_context *context, uint8_t value)
         return GETDNS_RETURN_CONTEXT_UPDATE_FAIL;
     }
 
-    context->tls_use_all_upstreams = value;
+    context->round_robin_upstreams = value;
 
-    dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS);
+    dispatch_updated(context, GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS);
 
     return GETDNS_RETURN_GOOD;
-}               /* getdns_context_set_tls_use_all_upstreams */
+}               /* getdns_context_set_round_robin_upstreams */
 
 
 #ifdef HAVE_LIBUNBOUND
@@ -3491,8 +3491,8 @@ _get_context_settings(getdns_context* context)
 	                           context->append_name)
 	    || getdns_dict_set_int(result, "tls_authentication",
 	                           context->tls_auth)
-	    || getdns_dict_set_int(result, "tls_use_all_upstreams",
-	                           context->tls_use_all_upstreams))
+	    || getdns_dict_set_int(result, "round_robin_upstreams",
+	                           context->round_robin_upstreams))
 		goto error;
 	
 	/* list fields */
@@ -3789,11 +3789,11 @@ getdns_context_get_tls_authentication(getdns_context *context,
 }
 
 getdns_return_t
-getdns_context_get_tls_use_all_upstreams(getdns_context *context,
+getdns_context_get_round_robin_upstreams(getdns_context *context,
     uint8_t* value) {
     RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
     RETURN_IF_NULL(value, GETDNS_RETURN_INVALID_PARAMETER);
-    *value = context->tls_use_all_upstreams;
+    *value = context->round_robin_upstreams;
     return GETDNS_RETURN_GOOD;
 }
 
@@ -4192,7 +4192,7 @@ _getdns_context_config_setting(getdns_context *context,
 
 	CONTEXT_SETTING_INT(edns_client_subnet_private)
 	CONTEXT_SETTING_INT(tls_authentication)
-	CONTEXT_SETTING_INT(tls_use_all_upstreams)
+	CONTEXT_SETTING_INT(round_robin_upstreams)
 	CONTEXT_SETTING_INT(tls_query_padding_blocksize)
 
 	/**************************************/
diff --git a/src/context.h b/src/context.h
index df9eb88f..3f4bf5df 100644
--- a/src/context.h
+++ b/src/context.h
@@ -249,7 +249,7 @@ struct getdns_context {
 	uint32_t             dnssec_allowed_skew;
 	getdns_tls_authentication_t  tls_auth;  /* What user requested for TLS*/
 	getdns_tls_authentication_t  tls_auth_min; /* Derived minimum auth allowed*/
-	uint8_t              tls_use_all_upstreams;
+	uint8_t              round_robin_upstreams;
 
 	getdns_transport_list_t   *dns_transports;
 	size_t                     dns_transport_count;
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 90c33c44..2c03dcfc 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -76,8 +76,8 @@ extern "C" {
 #define GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE_TEXT "Change related to getdns_context_set_tls_query_padding_blocksize"
 #define GETDNS_CONTEXT_CODE_PUBKEY_PINSET 621
 #define GETDNS_CONTEXT_CODE_PUBKEY_PINSET_TEXT "Change related to getdns_context_set_pubkey_pinset"
-#define GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS 622
-#define GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS_TEXT "Change related to getdns_context_set_pubkey_pinset"
+#define GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS 622
+#define GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS_TEXT "Change related to getdns_context_set_pubkey_pinset"
 /** @}
   */
 
@@ -268,7 +268,7 @@ getdns_context_set_tls_authentication(
     getdns_context *context, getdns_tls_authentication_t value);
 
 getdns_return_t
-getdns_context_set_tls_use_all_upstreams(getdns_context *context, uint8_t value);
+getdns_context_set_round_robin_upstreams(getdns_context *context, uint8_t value);
 
 getdns_return_t
 getdns_context_set_edns_client_subnet_private(getdns_context *context, uint8_t value);
@@ -362,7 +362,7 @@ getdns_context_get_tls_authentication(getdns_context *context,
     getdns_tls_authentication_t* value);
 
 getdns_return_t
-getdns_context_get_tls_use_all_upstreams(getdns_context *context,
+getdns_context_get_round_robin_upstreams(getdns_context *context,
     uint8_t* value);
 
 /**
diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index 71f63a1f..be63ec40 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -30,7 +30,7 @@ getdns_context_get_suffix
 getdns_context_get_timeout
 getdns_context_get_tls_authentication
 getdns_context_get_tls_query_padding_blocksize
-getdns_context_get_tls_use_all_upstreams
+getdns_context_get_round_robin_upstreams
 getdns_context_get_update_callback
 getdns_context_get_upstream_recursive_servers
 getdns_context_process_async
@@ -61,7 +61,7 @@ getdns_context_set_suffix
 getdns_context_set_timeout
 getdns_context_set_tls_authentication
 getdns_context_set_tls_query_padding_blocksize
-getdns_context_set_tls_use_all_upstreams
+getdns_context_set_round_robin_upstreams
 getdns_context_set_update_callback
 getdns_context_set_upstream_recursive_servers
 getdns_context_set_use_threads
diff --git a/src/stub.c b/src/stub.c
index ee691153..3a600c90 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1707,7 +1707,7 @@ upstream_valid(getdns_upstream *upstream,
                           getdns_transport_list_t transport,
                           getdns_network_req *netreq)
 {
-	if (upstream->transport != transport && upstream_usable(upstream))
+	if (!(upstream->transport == transport && upstream_usable(upstream)))
 		return 0;
 	if (transport == GETDNS_TRANSPORT_TCP)
 		return 1;
@@ -1765,7 +1765,7 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 		}
 	}
 
-	if (netreq->owner->context->tls_use_all_upstreams == 0) {
+	if (netreq->owner->context->round_robin_upstreams == 0) {
 		/* First find if an open upstream has the correct properties and use that*/
 		for (i = 0; i < upstreams->count; i++) {
 			if (upstream_valid_and_open(&upstreams->upstreams[i], transport, netreq)) 
@@ -1793,7 +1793,7 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 		return NULL;
 
 	/* Now select the specific upstream */
-	if (netreq->owner->context->tls_use_all_upstreams == 0) {
+	if (netreq->owner->context->round_robin_upstreams == 0) {
 		/* Base the decision on the stats, noting we will have started from 0*/
 		for (i++; i < upstreams->count; i++) {
 			if (upstream_valid(&upstreams->upstreams[i], transport, netreq) &&
diff --git a/src/test/check_getdns_context_set_context_update_callback.h b/src/test/check_getdns_context_set_context_update_callback.h
index 25b302d8..214893a2 100644
--- a/src/test/check_getdns_context_set_context_update_callback.h
+++ b/src/test/check_getdns_context_set_context_update_callback.h
@@ -448,9 +448,9 @@
       ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
         GETDNS_RETURN_GOOD, "Return code from getdns_context_set_context_update_callback()");
 
-      expected_changed_item = GETDNS_CONTEXT_CODE_TLS_USE_ALL_UPSTREAMS;
+      expected_changed_item = GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS;
 
-      ASSERT_RC(getdns_context_set_tls_use_all_upstreams(context, 1),
+      ASSERT_RC(getdns_context_set_round_robin_upstreams(context, 1),
         GETDNS_RETURN_GOOD, "Return code from getdns_context_set_timeout()");
 
       CONTEXT_DESTROY;
diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf
index 0bda0e7c..92cb38be 100644
--- a/src/tools/stubby.conf
+++ b/src/tools/stubby.conf
@@ -5,7 +5,7 @@
 , edns_client_subnet_private : 1
 , listen_addresses: [ 127.0.0.1, 0::1 ]
 , idle_timeout: 10000
-, tls_use_all_upstreams: 1
+, round_robin_upstreams: 1
 , upstream_recursive_servers:
   [ { address_data: 145.100.185.15
     , tls_auth_name: "dnsovertls.sinodun.com"

From dd76132a92443b372b46821a898646c37e984eab Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 17 Mar 2017 17:16:14 +0000
Subject: [PATCH 183/249] Implement round robin for UDP. Not sure this is the
 best option though. Noticed it results in more timeouts if one resolver isn't
 responding because it is retried more frequently. Willem - please review.

---
 src/stub.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/stub.c b/src/stub.c
index 3a600c90..6931e418 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1370,7 +1370,13 @@ stub_udp_read_cb(void *userarg)
 		return;
 	}
 	netreq->response_len = read;
-	dnsreq->upstreams->current_udp = 0;
+	if (!dnsreq->context->round_robin_upstreams)
+		dnsreq->upstreams->current_udp = 0;
+	else {
+		dnsreq->upstreams->current_udp+=GETDNS_UPSTREAM_TRANSPORTS;
+		if (dnsreq->upstreams->current_udp >= dnsreq->upstreams->count)
+			dnsreq->upstreams->current_udp = 0;
+	}
 	netreq->debug_end_time = _getdns_get_time_as_uintt64();
 	netreq->state = NET_REQ_FINISHED;
 	upstream->udp_responses++;

From 6f7bad5d73ead1b43fb3b278c73739e26ffdcccb Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 17 Mar 2017 14:43:26 +0000
Subject: [PATCH 184/249] Add new configuration parameters for TLS back off
 time and connection retries

---
 src/const-info.c             |  4 ++
 src/context.c                | 78 +++++++++++++++++++++++++++++++-----
 src/context.h                |  4 ++
 src/getdns/getdns_extra.h.in | 18 +++++++++
 src/libgetdns.symbols        |  4 ++
 src/stub.c                   |  3 +-
 src/types-internal.h         |  1 -
 7 files changed, 101 insertions(+), 11 deletions(-)

diff --git a/src/const-info.c b/src/const-info.c
index f105b756..c78f4816 100644
--- a/src/const-info.c
+++ b/src/const-info.c
@@ -74,6 +74,8 @@ static struct const_info consts_info[] = {
 	{  620, "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE_TEXT },
 	{  621, "GETDNS_CONTEXT_CODE_PUBKEY_PINSET", GETDNS_CONTEXT_CODE_PUBKEY_PINSET_TEXT },
 	{  622, "GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS", GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS_TEXT },
+	{  623, "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME_TEXT },
+	{  624, "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES_TEXT },
 	{  700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
 	{  701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
 	{  702, "GETDNS_CALLBACK_TIMEOUT", GETDNS_CALLBACK_TIMEOUT_TEXT },
@@ -162,6 +164,8 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_CONTEXT_CODE_SUFFIX", 608 },
 	{ "GETDNS_CONTEXT_CODE_TIMEOUT", 616 },
 	{ "GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION", 618 },
+	{ "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", 623 },
+	{ "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", 624 },
 	{ "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 },
 	{ "GETDNS_CONTEXT_CODE_UPSTREAM_RECURSIVE_SERVERS", 603 },
 	{ "GETDNS_DNSSEC_BOGUS", 401 },
diff --git a/src/context.c b/src/context.c
index 2bc6963a..d80e5091 100644
--- a/src/context.c
+++ b/src/context.c
@@ -89,9 +89,6 @@ typedef unsigned short in_port_t;
 #define GETDNS_STR_PORT_ZERO "0"
 #define GETDNS_STR_PORT_DNS "53"
 #define GETDNS_STR_PORT_DNS_OVER_TLS "853"
-/* How long to wait in seconds before re-trying a connection based backed-off 
-   upstream. Using 1 hour for all transports - based on RFC7858 value for for TLS.*/
-#define BACKOFF_RETRY 3600
 
 #ifdef HAVE_PTHREADS
 static pthread_mutex_t ssl_init_lock = PTHREAD_MUTEX_INITIALIZER;
@@ -648,6 +645,8 @@ upstreams_create(getdns_context *context, size_t size)
 	r->count = 0;
 	r->current_udp = 0;
 	r->current_stateful = 0;
+	r->tls_backoff_time = context->tls_backoff_time;
+	r->tls_connection_retries = context->tls_connection_retries;
 	return r;
 }
 
@@ -744,16 +743,16 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	   Leave choice between working upstreams to the stub. 
 	   This back-off should be time based for TLS according to RFC7858. For now,
 	   use the same basis if we simply can't get TCP service either.*/
-
+	uint16_t conn_retries = upstream->upstreams->tls_connection_retries;
 	/* [TLS1]TODO: This arbitrary logic at the moment - review and improve!*/
-	if (upstream->conn_setup_failed >= GETDNS_CONN_ATTEMPTS ||
-	    (upstream->conn_shutdowns >= GETDNS_CONN_ATTEMPTS*GETDNS_TRANSPORT_FAIL_MULT
-	     && upstream->total_responses == 0) ||
-	    (upstream->conn_completed >= GETDNS_CONN_ATTEMPTS &&
+	if (upstream->conn_setup_failed >= conn_retries
+	    || (upstream->conn_shutdowns >= conn_retries*GETDNS_TRANSPORT_FAIL_MULT
+	     && upstream->total_responses == 0)
+	    || (upstream->conn_completed >= conn_retries &&
 	     upstream->total_responses == 0 && 
 	     upstream->total_timeouts > GETDNS_TRANSPORT_FAIL_MULT)) {
 		upstream->conn_state = GETDNS_CONN_BACKOFF;
-		upstream->conn_retry_time = time(NULL) + BACKOFF_RETRY;
+		upstream->conn_retry_time = time(NULL) + upstream->upstreams->tls_backoff_time;
 		upstream->total_responses = 0;
 		upstream->total_timeouts = 0;
 		upstream->conn_completed = 0;
@@ -1430,6 +1429,8 @@ getdns_context_create_with_extended_memory_functions(
 	result->tls_auth = GETDNS_AUTHENTICATION_NONE; 
 	result->tls_auth_min = GETDNS_AUTHENTICATION_NONE;
 	result->round_robin_upstreams = 0;
+	result->tls_backoff_time = 3600;
+	result->tls_connection_retries = 2;
 	result->limit_outstanding_queries = 0;
 
 	/* unbound context is initialized here */
@@ -2053,6 +2054,41 @@ getdns_context_set_round_robin_upstreams(getdns_context *context, uint8_t value)
     return GETDNS_RETURN_GOOD;
 }               /* getdns_context_set_round_robin_upstreams */
 
+/*
+ * getdns_context_set_tls_backoff_time
+ *
+ */
+getdns_return_t
+getdns_context_set_tls_backoff_time(getdns_context *context, uint16_t value)
+{
+    RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
+    /* Value is in seconds. Should we have a lower limit? 1 second?*/
+    context->tls_backoff_time = value;
+
+    dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME);
+
+    return GETDNS_RETURN_GOOD;
+}               /* getdns_context_set_tls_backoff_time */
+
+/*
+ * getdns_context_set_tls_connection_retries
+ *
+ */
+getdns_return_t
+getdns_context_set_tls_connection_retries(getdns_context *context, uint16_t value)
+{
+    RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
+    /* Should we put a sensible upper limit on this? 10?*/
+    // if (value > 10) {
+    //     return GETDNS_RETURN_CONTEXT_UPDATE_FAIL;
+    // }
+
+    context->tls_connection_retries = value;
+
+    dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES);
+
+    return GETDNS_RETURN_GOOD;
+}               /* getdns_context_set_tls_connection retries */
 
 #ifdef HAVE_LIBUNBOUND
 static void
@@ -3493,6 +3529,10 @@ _get_context_settings(getdns_context* context)
 	                           context->tls_auth)
 	    || getdns_dict_set_int(result, "round_robin_upstreams",
 	                           context->round_robin_upstreams))
+	    || getdns_dict_set_int(result, "tls_backoff_time",
+	                           context->tls_backoff_time)
+	    || getdns_dict_set_int(result, "tls_connection_retries",
+	                           context->tls_connection_retries))
 		goto error;
 	
 	/* list fields */
@@ -3797,6 +3837,24 @@ getdns_context_get_round_robin_upstreams(getdns_context *context,
     return GETDNS_RETURN_GOOD;
 }
 
+getdns_return_t
+getdns_context_get_tls_backoff_time(getdns_context *context,
+    uint16_t* value) {
+    RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
+    RETURN_IF_NULL(value, GETDNS_RETURN_INVALID_PARAMETER);
+    *value = context->tls_backoff_time;
+    return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t
+getdns_context_get_tls_connection_retries(getdns_context *context,
+    uint16_t* value) {
+    RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
+    RETURN_IF_NULL(value, GETDNS_RETURN_INVALID_PARAMETER);
+    *value = context->tls_connection_retries;
+    return GETDNS_RETURN_GOOD;
+}
+
 getdns_return_t
 getdns_context_get_limit_outstanding_queries(getdns_context *context,
     uint16_t* value) {
@@ -4193,6 +4251,8 @@ _getdns_context_config_setting(getdns_context *context,
 	CONTEXT_SETTING_INT(edns_client_subnet_private)
 	CONTEXT_SETTING_INT(tls_authentication)
 	CONTEXT_SETTING_INT(round_robin_upstreams)
+	CONTEXT_SETTING_INT(tls_backoff_time)
+	CONTEXT_SETTING_INT(tls_connection_retries)
 	CONTEXT_SETTING_INT(tls_query_padding_blocksize)
 
 	/**************************************/
diff --git a/src/context.h b/src/context.h
index 3f4bf5df..91250648 100644
--- a/src/context.h
+++ b/src/context.h
@@ -218,6 +218,8 @@ typedef struct getdns_upstreams {
 	size_t count;
 	size_t current_udp;
 	size_t current_stateful;
+	uint16_t tls_backoff_time;
+	uint16_t tls_connection_retries;
 	getdns_upstream upstreams[];
 } getdns_upstreams;
 
@@ -250,6 +252,8 @@ struct getdns_context {
 	getdns_tls_authentication_t  tls_auth;  /* What user requested for TLS*/
 	getdns_tls_authentication_t  tls_auth_min; /* Derived minimum auth allowed*/
 	uint8_t              round_robin_upstreams;
+	uint16_t             tls_backoff_time;
+	uint16_t             tls_connection_retries;
 
 	getdns_transport_list_t   *dns_transports;
 	size_t                     dns_transport_count;
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 2c03dcfc..8926ede2 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -78,6 +78,10 @@ extern "C" {
 #define GETDNS_CONTEXT_CODE_PUBKEY_PINSET_TEXT "Change related to getdns_context_set_pubkey_pinset"
 #define GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS 622
 #define GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS_TEXT "Change related to getdns_context_set_pubkey_pinset"
+#define GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME 623
+#define GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME_TEXT "Change related to getdns_context_set_pubkey_pinset"
+#define GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES 624
+#define GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES_TEXT "Change related to getdns_context_set_pubkey_pinset"
 /** @}
   */
 
@@ -270,6 +274,12 @@ getdns_context_set_tls_authentication(
 getdns_return_t
 getdns_context_set_round_robin_upstreams(getdns_context *context, uint8_t value);
 
+getdns_return_t
+getdns_context_set_tls_backoff_time(getdns_context *context, uint16_t value);
+
+getdns_return_t
+getdns_context_set_tls_connection_reuse(getdns_context *context, uint16_t value);
+
 getdns_return_t
 getdns_context_set_edns_client_subnet_private(getdns_context *context, uint8_t value);
 
@@ -365,6 +375,14 @@ getdns_return_t
 getdns_context_get_round_robin_upstreams(getdns_context *context,
     uint8_t* value);
 
+getdns_return_t
+getdns_context_get_tls_backoff_time(getdns_context *context,
+    uint16_t* value);
+
+getdns_return_t
+getdns_context_get_tls_connection_retries(getdns_context *context,
+    uint16_t* value);
+
 /**
  * Get the currently registered callback function and user defined argument
  * for context changes.
diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index be63ec40..069a97e7 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -29,6 +29,8 @@ getdns_context_get_resolution_type
 getdns_context_get_suffix
 getdns_context_get_timeout
 getdns_context_get_tls_authentication
+getdns_context_get_tls_backoff_time
+getdns_context_get_tls_connection_retries
 getdns_context_get_tls_query_padding_blocksize
 getdns_context_get_round_robin_upstreams
 getdns_context_get_update_callback
@@ -60,6 +62,8 @@ getdns_context_set_return_dnssec_status
 getdns_context_set_suffix
 getdns_context_set_timeout
 getdns_context_set_tls_authentication
+getdns_context_set_tls_backoff_time
+getdns_context_set_tls_connection_retries
 getdns_context_set_tls_query_padding_blocksize
 getdns_context_set_round_robin_upstreams
 getdns_context_set_update_callback
diff --git a/src/stub.c b/src/stub.c
index 6931e418..790b74cd 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1669,7 +1669,8 @@ upstream_working_ok(getdns_upstream *upstream)
 {
 	/* [TLS1]TODO: This arbitrary logic at the moment - review and improve!*/
 	return (upstream->responses_timeouts > 
-		upstream->responses_received*GETDNS_CONN_ATTEMPTS ? 0 : 1);
+	        upstream->responses_received*
+	        upstream->upstreams->tls_connection_retries ? 0 : 1);
 }
 
 static int
diff --git a/src/types-internal.h b/src/types-internal.h
index 78f1935a..17e5b3fb 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -124,7 +124,6 @@ struct getdns_upstream;
 
 #define GETDNS_TRANSPORTS_MAX 3
 #define GETDNS_UPSTREAM_TRANSPORTS 2
-#define GETDNS_CONN_ATTEMPTS 2
 #define GETDNS_TRANSPORT_FAIL_MULT 5
 
 

From 68eadedc108e63e6fa1dfe06fc05c24a991fb10c Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 17 Mar 2017 17:35:47 +0000
Subject: [PATCH 185/249] Fix rogue bracket

---
 src/context.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/context.c b/src/context.c
index d80e5091..09edcbf1 100644
--- a/src/context.c
+++ b/src/context.c
@@ -3528,7 +3528,7 @@ _get_context_settings(getdns_context* context)
 	    || getdns_dict_set_int(result, "tls_authentication",
 	                           context->tls_auth)
 	    || getdns_dict_set_int(result, "round_robin_upstreams",
-	                           context->round_robin_upstreams))
+	                           context->round_robin_upstreams)
 	    || getdns_dict_set_int(result, "tls_backoff_time",
 	                           context->tls_backoff_time)
 	    || getdns_dict_set_int(result, "tls_connection_retries",

From 915689141b8db4821a37ac07e92d1add0705ad99 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 17 Mar 2017 17:47:30 +0000
Subject: [PATCH 186/249] Fix symbol order

---
 src/libgetdns.symbols | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index be63ec40..68057574 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -26,11 +26,11 @@ getdns_context_get_limit_outstanding_queries
 getdns_context_get_namespaces
 getdns_context_get_num_pending_requests
 getdns_context_get_resolution_type
+getdns_context_get_round_robin_upstreams
 getdns_context_get_suffix
 getdns_context_get_timeout
 getdns_context_get_tls_authentication
 getdns_context_get_tls_query_padding_blocksize
-getdns_context_get_round_robin_upstreams
 getdns_context_get_update_callback
 getdns_context_get_upstream_recursive_servers
 getdns_context_process_async
@@ -57,11 +57,11 @@ getdns_context_set_memory_functions
 getdns_context_set_namespaces
 getdns_context_set_resolution_type
 getdns_context_set_return_dnssec_status
+getdns_context_set_round_robin_upstreams
 getdns_context_set_suffix
 getdns_context_set_timeout
 getdns_context_set_tls_authentication
 getdns_context_set_tls_query_padding_blocksize
-getdns_context_set_round_robin_upstreams
 getdns_context_set_update_callback
 getdns_context_set_upstream_recursive_servers
 getdns_context_set_use_threads

From 1cf39c91345e461696b2b0092b35a6540a44e219 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 17 Mar 2017 18:33:33 +0000
Subject: [PATCH 187/249] Typo

---
 src/getdns/getdns_extra.h.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 8926ede2..af53a5f2 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -278,7 +278,7 @@ getdns_return_t
 getdns_context_set_tls_backoff_time(getdns_context *context, uint16_t value);
 
 getdns_return_t
-getdns_context_set_tls_connection_reuse(getdns_context *context, uint16_t value);
+getdns_context_set_tls_connection_retries(getdns_context *context, uint16_t value);
 
 getdns_return_t
 getdns_context_set_edns_client_subnet_private(getdns_context *context, uint8_t value);

From ed66edf52ae272ea3a955495de7de9af713fb699 Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Fri, 17 Mar 2017 12:19:54 -0700
Subject: [PATCH 188/249] Making sure that the project compiles on Windows when
 HAVE_MDNS_SUPPORT is present. Moving the 2 additional LRU functions from
 mdns.c to lruhash.c Defining the 2 additional functions in lruhash.h

---
 src/mdns.c         | 91 +---------------------------------------------
 src/util/lookup3.c |  1 +
 src/util/lruhash.c | 87 ++++++++++++++++++++++++++++++++++++++++++++
 src/util/lruhash.h | 35 ++++++++++++++++++
 4 files changed, 124 insertions(+), 90 deletions(-)

diff --git a/src/mdns.c b/src/mdns.c
index e55a3916..22319bf0 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -110,96 +110,7 @@ static uint8_t mdns_suffix_b_e_f_ip6_arpa[] = {
  * deleted, using a "compression" procedure.
  */
 
-/*
- * Missing LRU hash function: create only if not currently in cache,
- * and return the created or found entry.
- *
- * TODO: move this to lruhash.c, once source control issues are fixed.
- */
-static struct lruhash_entry*
-lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash,
-struct lruhash_entry* entry, void* data, void* cb_arg)
-{
-	struct lruhash_bin* bin;
-	struct lruhash_entry* found, *reclaimlist = NULL;
-	size_t need_size;
-	fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc));
-	fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
-	fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
-	fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc));
-	fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
-	need_size = table->sizefunc(entry->key, data);
-	if (cb_arg == NULL) cb_arg = table->cb_arg;
 
-	/* find bin */
-	lock_quick_lock(&table->lock);
-	bin = &table->array[hash & table->size_mask];
-	lock_quick_lock(&bin->lock);
-
-	/* see if entry exists already */
-	if ((found = bin_find_entry(table, bin, hash, entry->key)) != NULL) {
-		/* if so: keep the existing data - acquire a writelock */
-		lock_rw_wrlock(&found->lock);
-	}
-	else
-	{
-		/* if not: add to bin */
-		entry->overflow_next = bin->overflow_list;
-		bin->overflow_list = entry;
-		lru_front(table, entry);
-		table->num++;
-		table->space_used += need_size;
-		/* return the entry that was presented, and lock it */
-		found = entry;
-		lock_rw_wrlock(&found->lock);
-	}
-	lock_quick_unlock(&bin->lock);
-	if (table->space_used > table->space_max)
-		reclaim_space(table, &reclaimlist);
-	if (table->num >= table->size)
-		table_grow(table);
-	lock_quick_unlock(&table->lock);
-
-	/* finish reclaim if any (outside of critical region) */
-	while (reclaimlist) {
-		struct lruhash_entry* n = reclaimlist->overflow_next;
-		void* d = reclaimlist->data;
-		(*table->delkeyfunc)(reclaimlist->key, cb_arg);
-		(*table->deldatafunc)(d, cb_arg);
-		reclaimlist = n;
-	}
-
-	/* return the entry that was selected */
-	return found;
-}
-
-/*
- * Another missing LRU hash function: demote, move an entry to the bottom
- * of the LRU pile.
- */
-
-static void
-lru_demote(struct lruhash* table, struct lruhash_entry* entry)
-{
-	log_assert(table && entry);
-	if (entry == table->lru_end)
-		return; /* nothing to do */
-				/* remove from current lru position */
-	lru_remove(table, entry);
-	/* add at end */
-	entry->lru_next = NULL;
-	entry->lru_prev = table->lru_end;
-
-	if (table->lru_end == NULL)
-	{
-		table->lru_start = entry;
-	}
-	else
-	{
-		table->lru_end->lru_next = entry;
-	}
-	table->lru_end = entry;
-}
 
 /*
  * For the data part, we want to allocate in rounded increments, so as to reduce the
@@ -2153,7 +2064,7 @@ int mdns_addition_test(struct getdns_context* context,
 
 	if (ret == 0)
 	{
-		ret = mdns_finalize_lru_test(context, &mdns_exampleRRAM[12], 15, 1, 1,
+		ret = mdns_finalize_lru_test(context, mdns_test_name, sizeof(mdns_test_name), 1, 1,
 			1, buffer, buffer_max, entry_length);
 	}
 
diff --git a/src/util/lookup3.c b/src/util/lookup3.c
index e9b05af3..dedcdcaf 100644
--- a/src/util/lookup3.c
+++ b/src/util/lookup3.c
@@ -45,6 +45,7 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
 /*#define SELF_TEST 1*/
 
 #include "config.h"
+#include "util/lookup3.h"
 #include "util/storage/lookup3.h"
 #include <stdio.h>      /* defines printf for tests */
 #include <time.h>       /* defines time_t for timings in the test */
diff --git a/src/util/lruhash.c b/src/util/lruhash.c
index 97e99960..fd091ef9 100644
--- a/src/util/lruhash.c
+++ b/src/util/lruhash.c
@@ -41,6 +41,7 @@
  */
 
 #include "config.h"
+#include "util/lruhash.h"
 #include "util/storage/lruhash.h"
 #include "util/fptr_wlist.h"
 
@@ -296,6 +297,92 @@ lru_touch(struct lruhash* table, struct lruhash_entry* entry)
 	lru_front(table, entry);
 }
 
+
+/*
+ * Demote: the opposite of touch, move an entry to the bottom
+ * of the LRU pile.
+ */
+
+void
+lru_demote(struct lruhash* table, struct lruhash_entry* entry)
+{
+	log_assert(table && entry);
+	if (entry == table->lru_end)
+		return; /* nothing to do */
+				/* remove from current lru position */
+	lru_remove(table, entry);
+	/* add at end */
+	entry->lru_next = NULL;
+	entry->lru_prev = table->lru_end;
+
+	if (table->lru_end == NULL)
+	{
+		table->lru_start = entry;
+	}
+	else
+	{
+		table->lru_end->lru_next = entry;
+	}
+	table->lru_end = entry;
+}
+
+struct lruhash_entry*
+lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash,
+struct lruhash_entry* entry, void* data, void* cb_arg)
+{
+	struct lruhash_bin* bin;
+	struct lruhash_entry* found, *reclaimlist = NULL;
+	size_t need_size;
+	fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc));
+	fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
+	fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
+	fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc));
+	fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
+	need_size = table->sizefunc(entry->key, data);
+	if (cb_arg == NULL) cb_arg = table->cb_arg;
+
+	/* find bin */
+	lock_quick_lock(&table->lock);
+	bin = &table->array[hash & table->size_mask];
+	lock_quick_lock(&bin->lock);
+
+	/* see if entry exists already */
+	if ((found = bin_find_entry(table, bin, hash, entry->key)) != NULL) {
+		/* if so: keep the existing data - acquire a writelock */
+		lock_rw_wrlock(&found->lock);
+	}
+	else
+	{
+		/* if not: add to bin */
+		entry->overflow_next = bin->overflow_list;
+		bin->overflow_list = entry;
+		lru_front(table, entry);
+		table->num++;
+		table->space_used += need_size;
+		/* return the entry that was presented, and lock it */
+		found = entry;
+		lock_rw_wrlock(&found->lock);
+	}
+	lock_quick_unlock(&bin->lock);
+	if (table->space_used > table->space_max)
+		reclaim_space(table, &reclaimlist);
+	if (table->num >= table->size)
+		table_grow(table);
+	lock_quick_unlock(&table->lock);
+
+	/* finish reclaim if any (outside of critical region) */
+	while (reclaimlist) {
+		struct lruhash_entry* n = reclaimlist->overflow_next;
+		void* d = reclaimlist->data;
+		(*table->delkeyfunc)(reclaimlist->key, cb_arg);
+		(*table->deldatafunc)(d, cb_arg);
+		reclaimlist = n;
+	}
+
+	/* return the entry that was selected */
+	return found;
+}
+
 void 
 lruhash_insert(struct lruhash* table, hashvalue_type hash,
         struct lruhash_entry* entry, void* data, void* cb_arg)
diff --git a/src/util/lruhash.h b/src/util/lruhash.h
index 17c8b551..8c0d1a18 100644
--- a/src/util/lruhash.h
+++ b/src/util/lruhash.h
@@ -46,8 +46,10 @@
 #define lruhash_delete			_getdns_lruhash_delete
 #define lruhash_clear			_getdns_lruhash_clear
 #define lruhash_insert			_getdns_lruhash_insert
+#define lruhash_insert_or_retrieve _getdns_lruhash_insert_or_retrieve
 #define lruhash_lookup			_getdns_lruhash_lookup
 #define lru_touch			_getdns_lru_touch
+#define lru_demote			_getdns_lru_demote
 #define lruhash_setmarkdel		_getdns_lruhash_setmarkdel
 
 #define lruhash_remove			_getdns_lruhash_remove
@@ -65,4 +67,37 @@
 #define lruhash_traverse		_getdns_lruhash_traverse
 
 #include "util/orig-headers/lruhash.h"
+
+/*
+ * Additional function definitions, not found in original header.
+ */
+
+ /**
+  * Demote entry, so it becomes the least recently used in the LRU list.
+  * Caller must hold hash table lock. The entry must be inserted already.
+  * @param table: hash table.
+  * @param entry: entry to make last in LRU.
+  */
+void lru_demote(struct lruhash* table, struct lruhash_entry* entry);
+
+/**
+ * Insert a new element into the hashtable, or retrieve the corresponding
+ * element of it exits.
+ *
+ * If key is already present data pointer in that entry is kept.
+ * If it is not present, a new entry is created. In that case, 
+ * the space calculation function is called with the key, data.
+ * If necessary the least recently used entries are deleted to make space.
+ * If necessary the hash array is grown up.
+ *
+ * @param table: hash table.
+ * @param hash: hash value. User calculates the hash.
+ * @param entry: identifies the entry.
+ * @param data: the data.
+ * @param cb_override: if not null overrides the cb_arg for the deletefunc.
+ * @return: pointer to the existing entry if the key was already present,
+ *     or to the entry argument if it was not.
+ */
+struct lruhash_entry* lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash,
+	struct lruhash_entry* entry, void* data, void* cb_arg);
 #endif

From 8b09633c94cc3aabb1c42c5d4cc43b0af8ecf26b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 20 Mar 2017 11:03:15 +0100
Subject: [PATCH 189/249] Bug and mem-leak fix

---
 .../280-limit_outstanding_queries.Makefile           |  2 +-
 .../280-limit_outstanding_queries.c                  | 12 +++++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.Makefile b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.Makefile
index c297df6d..70d86616 100644
--- a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.Makefile
+++ b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.Makefile
@@ -2,7 +2,7 @@ builddir = @BUILDDIR@
 testname = @TPKG_NAME@
 LIBTOOL  = $(builddir)/libtool
 
-CFLAGS=-I$(builddir)/src
+CFLAGS=-Wall -Wextra -I$(builddir)/src
 LDLIBS=$(builddir)/src/libgetdns.la
 
 .SUFFIXES: .c .o .a .lo .h
diff --git a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.c b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.c
index 78107b57..1467ec34 100644
--- a/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.c
+++ b/src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.c
@@ -64,12 +64,12 @@ void delay_cb(void *userarg)
 void handler(getdns_context *context, getdns_callback_type_t callback_type,
     getdns_dict *request, void *userarg, getdns_transaction_t request_id)
 {
-	transaction_t  *trans;
+	transaction_t  *trans = NULL;
 	getdns_bindata *qname;
 	char           nreq_str[255];
-	getdns_bindata nreq_bd = { 0, nreq_str };
+	getdns_bindata nreq_bd = { 0, (void *)nreq_str };
 
-	(void) userarg;
+	(void) userarg; (void)callback_type;
 	nreq_bd.size = snprintf(nreq_str, sizeof(nreq_str), "n_requests: %d", ++n_requests);
 
 	if (getdns_dict_get_bindata(request, "/question/qname", &qname) ||
@@ -83,8 +83,8 @@ void handler(getdns_context *context, getdns_callback_type_t callback_type,
 	    qname->data[3] == 'i' && qname->data[4] == 't') {
 
 		(void) getdns_reply(context, request, request_id);
-		(void) getdns_context_set_listen_addresses(trans->context, NULL, NULL, NULL);
-		n_requests -= 1;
+		(void) getdns_context_set_listen_addresses(context, NULL, NULL, NULL);
+		getdns_dict_destroy(request);
 		return;
 
 	} else if (!(trans = malloc(sizeof(transaction_t))))
@@ -102,6 +102,8 @@ void handler(getdns_context *context, getdns_callback_type_t callback_type,
 			fprintf(stderr, "Could not schedule delay\n");
 		else	return;
 	}
+	getdns_dict_destroy(trans->request);
+	if (trans) free(trans);
 	exit(EXIT_FAILURE);
 }
 

From 0891e16147d77d0bbe1a6c2cd8927776f9500977 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 20 Mar 2017 15:20:17 +0100
Subject: [PATCH 190/249] Pend netreqs when out of filedescriptors

---
 src/general.c                                 |   17 +-
 src/stub.c                                    |   32 +-
 .../285-out_of_filedescriptors.Makefile       |   15 +
 .../285-out_of_filedescriptors.c              |  143 +++
 .../285-out_of_filedescriptors.dsc            |   16 +
 .../285-out_of_filedescriptors.pre            |   14 +
 .../285-out_of_filedescriptors.queries        | 1000 +++++++++++++++++
 .../285-out_of_filedescriptors.test           |   48 +
 8 files changed, 1276 insertions(+), 9 deletions(-)
 create mode 100644 src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.Makefile
 create mode 100644 src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.c
 create mode 100644 src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.dsc
 create mode 100644 src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.pre
 create mode 100644 src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.queries
 create mode 100644 src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.test

diff --git a/src/general.c b/src/general.c
index 14b7ee40..6ed44004 100644
--- a/src/general.c
+++ b/src/general.c
@@ -299,6 +299,7 @@ _getdns_netreq_change_state(
 {
 	getdns_context *context;
 	uint64_t now_ms;
+	getdns_network_req *prev;
 
 	if (!netreq)
 		return;
@@ -317,12 +318,22 @@ _getdns_netreq_change_state(
 	context->netreqs_in_flight -= 1;
 
 	now_ms = 0;
-	while (context->limit_outstanding_queries > 0 &&
-	    context->pending_netreqs.count > 0 &&
-	    context->netreqs_in_flight < context->limit_outstanding_queries)  {
+	prev = NULL;
+	while (context->pending_netreqs.count > 0 &&
+	    (  context->limit_outstanding_queries > context->netreqs_in_flight
+	    || context->limit_outstanding_queries == 0 ))  {
 
 		getdns_network_req *first = (getdns_network_req *)
 		    _getdns_rbtree_first(&context->pending_netreqs);
+		
+		/* To prevent loops due to _getdns_submit_netreq re-inserting
+		 * because of errno == EMFILE
+		 */
+		if (first == prev)
+			break;
+		else
+			prev = first;
+
 		(void) _getdns_rbtree_delete(&context->pending_netreqs, first);
 		(void) _getdns_submit_netreq(first, &now_ms);
 	}
diff --git a/src/stub.c b/src/stub.c
index 1fefaa8c..20695d25 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -54,15 +54,18 @@ typedef u_short sa_family_t;
 #define _getdns_EWOULDBLOCK (WSAGetLastError() == WSATRY_AGAIN ||\
                              WSAGetLastError() == WSAEWOULDBLOCK)
 #define _getdns_EINPROGRESS (WSAGetLastError() == WSAEINPROGRESS)
+#define _getdns_EMFILE      (WSAGetLastError() == WSAEMFILE)
 #else
 #define _getdns_EWOULDBLOCK (errno == EAGAIN || errno == EWOULDBLOCK)
 #define _getdns_EINPROGRESS (errno == EINPROGRESS)
+#define _getdns_EMFILE      (errno == EMFILE)
 #endif
 
 /* WSA TODO: 
  * STUB_TCP_WOULDBLOCK added to deal with edge triggered event loops (versus
  * level triggered).  See also lines containing WSA TODO below...
  */
+#define STUB_TRY_AGAIN_LATER -24 /* EMFILE, i.e. Out of OS resources */
 #define STUB_NO_AUTH -8 /* Existing TLS connection is not authenticated */
 #define STUB_CONN_GONE -7 /* Connection has failed, clear queue*/
 #define STUB_TCP_WOULDBLOCK -6
@@ -1905,8 +1908,14 @@ upstream_find_for_netreq(getdns_network_req *netreq)
 		upstream = upstream_find_for_transport(netreq,
 		                                  netreq->transports[i],
 		                                  &fd);
-		if (fd == -1 || !upstream)
+		if (!upstream)
 			continue;
+
+		if (fd == -1) {
+			if (_getdns_EMFILE)
+				return STUB_TRY_AGAIN_LATER;
+			return -1;
+		}
 		netreq->transport_current = i;
 		netreq->upstream = upstream;
 		netreq->keepalive_sent = 0;
@@ -2030,10 +2039,15 @@ upstream_schedule_netreq(getdns_upstream *upstream, getdns_network_req *netreq)
 getdns_return_t
 _getdns_submit_stub_request(getdns_network_req *netreq, uint64_t *now_ms)
 {
+	int fd = -1;
+	getdns_dns_req *dnsreq;
+	getdns_context *context;
+
 	DEBUG_STUB("%s %-35s: MSG: %p TYPE: %d\n", STUB_DEBUG_ENTRY, __FUNC__,
 	           (void*)netreq, netreq->request_type);
-	int fd = -1;
-	getdns_dns_req *dnsreq = netreq->owner;
+
+	dnsreq = netreq->owner;
+	context = dnsreq->context;
 
 	/* This does a best effort to get a initial fd.
 	 * All other set up is done async*/
@@ -2041,9 +2055,15 @@ _getdns_submit_stub_request(getdns_network_req *netreq, uint64_t *now_ms)
 	if (fd == -1)
 		return GETDNS_RETURN_NO_UPSTREAM_AVAILABLE;
 
-	getdns_transport_list_t transport =
-	                             netreq->transports[netreq->transport_current];
-	switch(transport) {
+	else if (fd == STUB_TRY_AGAIN_LATER) {
+		_getdns_netreq_change_state(netreq, NET_REQ_NOT_SENT);
+		netreq->node.key = netreq;
+		if (_getdns_rbtree_insert(
+		    &context->pending_netreqs, &netreq->node))
+			return GETDNS_RETURN_GOOD;
+		return GETDNS_RETURN_NO_UPSTREAM_AVAILABLE;
+	}
+	switch(netreq->transports[netreq->transport_current]) {
 	case GETDNS_TRANSPORT_UDP:
 		netreq->fd = fd;
 		GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
diff --git a/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.Makefile b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.Makefile
new file mode 100644
index 00000000..70d86616
--- /dev/null
+++ b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.Makefile
@@ -0,0 +1,15 @@
+builddir = @BUILDDIR@
+testname = @TPKG_NAME@
+LIBTOOL  = $(builddir)/libtool
+
+CFLAGS=-Wall -Wextra -I$(builddir)/src
+LDLIBS=$(builddir)/src/libgetdns.la
+
+.SUFFIXES: .c .o .a .lo .h
+
+.c.lo:
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< -o $@
+
+$(testname): $(testname).lo
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(LDLIBS) $(LDFLAGS) -o $(testname) $(testname).lo
+
diff --git a/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.c b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.c
new file mode 100644
index 00000000..e495466d
--- /dev/null
+++ b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.c
@@ -0,0 +1,143 @@
+/*
+ * delaydns.c - A DNS proxy that adds delay to replies
+ *
+ * Copyright (c) 2016, NLnet Labs. All rights reserved.
+ * 
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <getdns/getdns_extra.h>
+#include <stdio.h>
+#include <string.h>
+
+
+static int n_requests = 0;
+
+typedef struct transaction_t {
+	getdns_transaction_t    request_id;
+	getdns_dict            *request;
+
+	getdns_context         *context;
+	getdns_eventloop       *loop;
+	getdns_eventloop_event  ev;
+} transaction_t;
+
+
+void delay_cb(void *userarg)
+{
+	transaction_t *trans = userarg;
+
+	trans->loop->vmt->clear(trans->loop, &trans->ev);
+	(void) getdns_reply(trans->context, trans->request, trans->request_id);
+	getdns_dict_destroy(trans->request);
+	free(trans);
+	n_requests -= 1;
+}
+
+void handler(getdns_context *context, getdns_callback_type_t callback_type,
+    getdns_dict *request, void *userarg, getdns_transaction_t request_id)
+{
+	transaction_t  *trans = NULL;
+	getdns_bindata *qname;
+	char           nreq_str[255];
+	getdns_bindata nreq_bd = { 0, (void *)nreq_str };
+
+	(void) userarg; (void)callback_type;
+	nreq_bd.size = snprintf(nreq_str, sizeof(nreq_str), "n_requests: %d", ++n_requests);
+
+	if (getdns_dict_get_bindata(request, "/question/qname", &qname) ||
+	    getdns_dict_set_bindata(request, "/answer/0/name", qname) ||
+	    getdns_dict_set_int(request, "/answer/0/type", GETDNS_RRTYPE_TXT) ||
+	    getdns_dict_set_bindata(request, "/answer/0/rdata/txt_strings/-", &nreq_bd))
+		fprintf(stderr, "Request init error\n");
+
+	else if (qname->size >= 6 && qname->data[0] == 4 &&
+	    qname->data[1] == 'q' && qname->data[2] == 'u' &&
+	    qname->data[3] == 'i' && qname->data[4] == 't') {
+
+		(void) getdns_reply(context, request, request_id);
+		(void) getdns_context_set_listen_addresses(context, NULL, NULL, NULL);
+		getdns_dict_destroy(request);
+		return;
+
+	} else if (!(trans = malloc(sizeof(transaction_t))))
+		perror("memerror");
+	else {
+		char *fqdn;
+		getdns_convert_dns_name_to_fqdn(qname, &fqdn);
+
+		(void) memset(trans, 0, sizeof(transaction_t));
+		trans->request_id = request_id;
+		trans->request = request;
+		trans->context = context;
+		trans->ev.userarg = trans;
+		trans->ev.timeout_cb = delay_cb;
+
+		fprintf(stderr, "sched delay for query %s, n_request %d\n", fqdn, (int)n_requests);
+		free(fqdn);
+		if (getdns_context_get_eventloop(context, &trans->loop)
+		||  trans->loop->vmt->schedule(trans->loop, -1, 300, &trans->ev))
+			fprintf(stderr, "Could not schedule delay\n");
+		else	return;
+	}
+	getdns_dict_destroy(trans->request);
+	if (trans) free(trans);
+	exit(EXIT_FAILURE);
+}
+
+int main()
+{
+	getdns_context   *context   = NULL;
+	getdns_list      *listeners = NULL;
+	getdns_dict      *address   = NULL;
+	uint32_t          port      = 18000;
+	getdns_return_t   r;
+
+	if ((r = getdns_str2list("[ 127.0.0.1:18000 ]", &listeners)) ||
+	    (r = getdns_list_get_dict(listeners, 0, &address)) ||
+	    (r = getdns_context_create(&context, 0)))
+		fprintf(stderr, "Error initializing: ");
+
+	else while (++port < 18200 &&
+	    !(r = getdns_dict_set_int(address, "port", port)) &&
+	     (r = getdns_context_set_listen_addresses(
+			    context, listeners, NULL, handler)))
+		; /* pass */
+
+	if (r)	fprintf(stderr, "%s\n", getdns_get_errorstr_by_id(r));
+	else {
+		fprintf(stdout, "%d\n", (int)port);
+		fflush(stdout);
+		getdns_context_run(context);
+	}
+	getdns_list_destroy(listeners);
+	getdns_context_destroy(context);
+	return r;
+}
diff --git a/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.dsc b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.dsc
new file mode 100644
index 00000000..6b00775a
--- /dev/null
+++ b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.dsc
@@ -0,0 +1,16 @@
+BaseName: 285-out_of_filedescriptors
+Version: 1.0
+Description: Test if outstanding queries setting is obeyed
+CreationDate: ma 20 mrt 2017 15:17:45 CET
+Maintainer: Willem Toorop
+Category: 
+Component:
+CmdDepends: 
+Depends: 210-stub-only-link.tpkg
+Help:
+Pre: 285-out_of_filedescriptors.pre
+Post: 
+Test: 285-out_of_filedescriptors.test
+AuxFiles: 
+Passed:
+Failure:
diff --git a/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.pre b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.pre
new file mode 100644
index 00000000..6e7ff3ff
--- /dev/null
+++ b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.pre
@@ -0,0 +1,14 @@
+# #-- 285-out_of_filedescriptors.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+(
+	grep '^CC=' "${BUILDDIR}/build-stub-only/src/Makefile"
+	grep '^LDFLAGS=' "${BUILDDIR}/build-stub-only/src/Makefile"
+
+	BUILDDIR4SED=`echo "${BUILDDIR}/build-stub-only" | sed  's/\//\\\\\//g'`
+	sed -e "s/@BUILDDIR@/${BUILDDIR4SED}/g" \
+	    -e "s/@TPKG_NAME@/${TPKG_NAME}/g" "${TPKG_NAME}.Makefile"
+) > Makefile
diff --git a/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.queries b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.queries
new file mode 100644
index 00000000..0cc2103d
--- /dev/null
+++ b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.queries
@@ -0,0 +1,1000 @@
+q1.
+q2.
+q3.
+q4.
+q5.
+q6.
+q7.
+q8.
+q9.
+q10.
+q11.
+q12.
+q13.
+q14.
+q15.
+q16.
+q17.
+q18.
+q19.
+q20.
+q21.
+q22.
+q23.
+q24.
+q25.
+q26.
+q27.
+q28.
+q29.
+q30.
+q31.
+q32.
+q33.
+q34.
+q35.
+q36.
+q37.
+q38.
+q39.
+q40.
+q41.
+q42.
+q43.
+q44.
+q45.
+q46.
+q47.
+q48.
+q49.
+q50.
+q51.
+q52.
+q53.
+q54.
+q55.
+q56.
+q57.
+q58.
+q59.
+q60.
+q61.
+q62.
+q63.
+q64.
+q65.
+q66.
+q67.
+q68.
+q69.
+q70.
+q71.
+q72.
+q73.
+q74.
+q75.
+q76.
+q77.
+q78.
+q79.
+q80.
+q81.
+q82.
+q83.
+q84.
+q85.
+q86.
+q87.
+q88.
+q89.
+q90.
+q91.
+q92.
+q93.
+q94.
+q95.
+q96.
+q97.
+q98.
+q99.
+q100.
+q101.
+q102.
+q103.
+q104.
+q105.
+q106.
+q107.
+q108.
+q109.
+q110.
+q111.
+q112.
+q113.
+q114.
+q115.
+q116.
+q117.
+q118.
+q119.
+q120.
+q121.
+q122.
+q123.
+q124.
+q125.
+q126.
+q127.
+q128.
+q129.
+q130.
+q131.
+q132.
+q133.
+q134.
+q135.
+q136.
+q137.
+q138.
+q139.
+q140.
+q141.
+q142.
+q143.
+q144.
+q145.
+q146.
+q147.
+q148.
+q149.
+q150.
+q151.
+q152.
+q153.
+q154.
+q155.
+q156.
+q157.
+q158.
+q159.
+q160.
+q161.
+q162.
+q163.
+q164.
+q165.
+q166.
+q167.
+q168.
+q169.
+q170.
+q171.
+q172.
+q173.
+q174.
+q175.
+q176.
+q177.
+q178.
+q179.
+q180.
+q181.
+q182.
+q183.
+q184.
+q185.
+q186.
+q187.
+q188.
+q189.
+q190.
+q191.
+q192.
+q193.
+q194.
+q195.
+q196.
+q197.
+q198.
+q199.
+q200.
+q201.
+q202.
+q203.
+q204.
+q205.
+q206.
+q207.
+q208.
+q209.
+q210.
+q211.
+q212.
+q213.
+q214.
+q215.
+q216.
+q217.
+q218.
+q219.
+q220.
+q221.
+q222.
+q223.
+q224.
+q225.
+q226.
+q227.
+q228.
+q229.
+q230.
+q231.
+q232.
+q233.
+q234.
+q235.
+q236.
+q237.
+q238.
+q239.
+q240.
+q241.
+q242.
+q243.
+q244.
+q245.
+q246.
+q247.
+q248.
+q249.
+q250.
+q251.
+q252.
+q253.
+q254.
+q255.
+q256.
+q257.
+q258.
+q259.
+q260.
+q261.
+q262.
+q263.
+q264.
+q265.
+q266.
+q267.
+q268.
+q269.
+q270.
+q271.
+q272.
+q273.
+q274.
+q275.
+q276.
+q277.
+q278.
+q279.
+q280.
+q281.
+q282.
+q283.
+q284.
+q285.
+q286.
+q287.
+q288.
+q289.
+q290.
+q291.
+q292.
+q293.
+q294.
+q295.
+q296.
+q297.
+q298.
+q299.
+q300.
+q301.
+q302.
+q303.
+q304.
+q305.
+q306.
+q307.
+q308.
+q309.
+q310.
+q311.
+q312.
+q313.
+q314.
+q315.
+q316.
+q317.
+q318.
+q319.
+q320.
+q321.
+q322.
+q323.
+q324.
+q325.
+q326.
+q327.
+q328.
+q329.
+q330.
+q331.
+q332.
+q333.
+q334.
+q335.
+q336.
+q337.
+q338.
+q339.
+q340.
+q341.
+q342.
+q343.
+q344.
+q345.
+q346.
+q347.
+q348.
+q349.
+q350.
+q351.
+q352.
+q353.
+q354.
+q355.
+q356.
+q357.
+q358.
+q359.
+q360.
+q361.
+q362.
+q363.
+q364.
+q365.
+q366.
+q367.
+q368.
+q369.
+q370.
+q371.
+q372.
+q373.
+q374.
+q375.
+q376.
+q377.
+q378.
+q379.
+q380.
+q381.
+q382.
+q383.
+q384.
+q385.
+q386.
+q387.
+q388.
+q389.
+q390.
+q391.
+q392.
+q393.
+q394.
+q395.
+q396.
+q397.
+q398.
+q399.
+q400.
+q401.
+q402.
+q403.
+q404.
+q405.
+q406.
+q407.
+q408.
+q409.
+q410.
+q411.
+q412.
+q413.
+q414.
+q415.
+q416.
+q417.
+q418.
+q419.
+q420.
+q421.
+q422.
+q423.
+q424.
+q425.
+q426.
+q427.
+q428.
+q429.
+q430.
+q431.
+q432.
+q433.
+q434.
+q435.
+q436.
+q437.
+q438.
+q439.
+q440.
+q441.
+q442.
+q443.
+q444.
+q445.
+q446.
+q447.
+q448.
+q449.
+q450.
+q451.
+q452.
+q453.
+q454.
+q455.
+q456.
+q457.
+q458.
+q459.
+q460.
+q461.
+q462.
+q463.
+q464.
+q465.
+q466.
+q467.
+q468.
+q469.
+q470.
+q471.
+q472.
+q473.
+q474.
+q475.
+q476.
+q477.
+q478.
+q479.
+q480.
+q481.
+q482.
+q483.
+q484.
+q485.
+q486.
+q487.
+q488.
+q489.
+q490.
+q491.
+q492.
+q493.
+q494.
+q495.
+q496.
+q497.
+q498.
+q499.
+q500.
+q501.
+q502.
+q503.
+q504.
+q505.
+q506.
+q507.
+q508.
+q509.
+q510.
+q511.
+q512.
+q513.
+q514.
+q515.
+q516.
+q517.
+q518.
+q519.
+q520.
+q521.
+q522.
+q523.
+q524.
+q525.
+q526.
+q527.
+q528.
+q529.
+q530.
+q531.
+q532.
+q533.
+q534.
+q535.
+q536.
+q537.
+q538.
+q539.
+q540.
+q541.
+q542.
+q543.
+q544.
+q545.
+q546.
+q547.
+q548.
+q549.
+q550.
+q551.
+q552.
+q553.
+q554.
+q555.
+q556.
+q557.
+q558.
+q559.
+q560.
+q561.
+q562.
+q563.
+q564.
+q565.
+q566.
+q567.
+q568.
+q569.
+q570.
+q571.
+q572.
+q573.
+q574.
+q575.
+q576.
+q577.
+q578.
+q579.
+q580.
+q581.
+q582.
+q583.
+q584.
+q585.
+q586.
+q587.
+q588.
+q589.
+q590.
+q591.
+q592.
+q593.
+q594.
+q595.
+q596.
+q597.
+q598.
+q599.
+q600.
+q601.
+q602.
+q603.
+q604.
+q605.
+q606.
+q607.
+q608.
+q609.
+q610.
+q611.
+q612.
+q613.
+q614.
+q615.
+q616.
+q617.
+q618.
+q619.
+q620.
+q621.
+q622.
+q623.
+q624.
+q625.
+q626.
+q627.
+q628.
+q629.
+q630.
+q631.
+q632.
+q633.
+q634.
+q635.
+q636.
+q637.
+q638.
+q639.
+q640.
+q641.
+q642.
+q643.
+q644.
+q645.
+q646.
+q647.
+q648.
+q649.
+q650.
+q651.
+q652.
+q653.
+q654.
+q655.
+q656.
+q657.
+q658.
+q659.
+q660.
+q661.
+q662.
+q663.
+q664.
+q665.
+q666.
+q667.
+q668.
+q669.
+q670.
+q671.
+q672.
+q673.
+q674.
+q675.
+q676.
+q677.
+q678.
+q679.
+q680.
+q681.
+q682.
+q683.
+q684.
+q685.
+q686.
+q687.
+q688.
+q689.
+q690.
+q691.
+q692.
+q693.
+q694.
+q695.
+q696.
+q697.
+q698.
+q699.
+q700.
+q701.
+q702.
+q703.
+q704.
+q705.
+q706.
+q707.
+q708.
+q709.
+q710.
+q711.
+q712.
+q713.
+q714.
+q715.
+q716.
+q717.
+q718.
+q719.
+q720.
+q721.
+q722.
+q723.
+q724.
+q725.
+q726.
+q727.
+q728.
+q729.
+q730.
+q731.
+q732.
+q733.
+q734.
+q735.
+q736.
+q737.
+q738.
+q739.
+q740.
+q741.
+q742.
+q743.
+q744.
+q745.
+q746.
+q747.
+q748.
+q749.
+q750.
+q751.
+q752.
+q753.
+q754.
+q755.
+q756.
+q757.
+q758.
+q759.
+q760.
+q761.
+q762.
+q763.
+q764.
+q765.
+q766.
+q767.
+q768.
+q769.
+q770.
+q771.
+q772.
+q773.
+q774.
+q775.
+q776.
+q777.
+q778.
+q779.
+q780.
+q781.
+q782.
+q783.
+q784.
+q785.
+q786.
+q787.
+q788.
+q789.
+q790.
+q791.
+q792.
+q793.
+q794.
+q795.
+q796.
+q797.
+q798.
+q799.
+q800.
+q801.
+q802.
+q803.
+q804.
+q805.
+q806.
+q807.
+q808.
+q809.
+q810.
+q811.
+q812.
+q813.
+q814.
+q815.
+q816.
+q817.
+q818.
+q819.
+q820.
+q821.
+q822.
+q823.
+q824.
+q825.
+q826.
+q827.
+q828.
+q829.
+q830.
+q831.
+q832.
+q833.
+q834.
+q835.
+q836.
+q837.
+q838.
+q839.
+q840.
+q841.
+q842.
+q843.
+q844.
+q845.
+q846.
+q847.
+q848.
+q849.
+q850.
+q851.
+q852.
+q853.
+q854.
+q855.
+q856.
+q857.
+q858.
+q859.
+q860.
+q861.
+q862.
+q863.
+q864.
+q865.
+q866.
+q867.
+q868.
+q869.
+q870.
+q871.
+q872.
+q873.
+q874.
+q875.
+q876.
+q877.
+q878.
+q879.
+q880.
+q881.
+q882.
+q883.
+q884.
+q885.
+q886.
+q887.
+q888.
+q889.
+q890.
+q891.
+q892.
+q893.
+q894.
+q895.
+q896.
+q897.
+q898.
+q899.
+q900.
+q901.
+q902.
+q903.
+q904.
+q905.
+q906.
+q907.
+q908.
+q909.
+q910.
+q911.
+q912.
+q913.
+q914.
+q915.
+q916.
+q917.
+q918.
+q919.
+q920.
+q921.
+q922.
+q923.
+q924.
+q925.
+q926.
+q927.
+q928.
+q929.
+q930.
+q931.
+q932.
+q933.
+q934.
+q935.
+q936.
+q937.
+q938.
+q939.
+q940.
+q941.
+q942.
+q943.
+q944.
+q945.
+q946.
+q947.
+q948.
+q949.
+q950.
+q951.
+q952.
+q953.
+q954.
+q955.
+q956.
+q957.
+q958.
+q959.
+q960.
+q961.
+q962.
+q963.
+q964.
+q965.
+q966.
+q967.
+q968.
+q969.
+q970.
+q971.
+q972.
+q973.
+q974.
+q975.
+q976.
+q977.
+q978.
+q979.
+q980.
+q981.
+q982.
+q983.
+q984.
+q985.
+q986.
+q987.
+q988.
+q989.
+q990.
+q991.
+q992.
+q993.
+q994.
+q995.
+q996.
+q997.
+q998.
+q999.
+q1000.
diff --git a/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.test b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.test
new file mode 100644
index 00000000..64a53cfb
--- /dev/null
+++ b/src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.test
@@ -0,0 +1,48 @@
+# #-- 285-out_of_filedescriptors.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+
+QLIMIT=79
+NQUERIES=`wc "./${TPKG_NAME}.queries"|sed 's/ .*$//g'`
+
+# This time the query limit is set by setting the maximum open
+# filedescriptors. We seem to be needing a higher QLIMIT, than
+# with limit_outstanding_queries unit test.
+#
+# 4 filedescriptors are already needed for overhead (logging etc),
+# but experiments showed that to prevent timeouts, we should
+# have a higher value than 72 at least.
+#
+# Test will take NQUERIES / QLIMIT * answer delay
+# For current parameters this is 1000 / 75 * 0.3 = 4.0
+# which is smaller than 5 seconds default query timeout value,
+# so the test should succeed.
+
+make && "./${TPKG_NAME}" | (
+	read PORT
+	ulimit -n $QLIMIT
+	${GETDNS_STUB_QUERY} @127.0.0.1:$PORT TXT \
+	    -a -F "./${TPKG_NAME}.queries" 2>&1 > out
+
+	${GETDNS_STUB_QUERY} -q @127.0.0.1:$PORT TXT quit.
+) && grep '"n_requests: [0-9][0-9]*"' out | sed -e 's/^.*n_requests: //g' -e 's/".*$//g' \
+    | awk -vQLIMIT=$QLIMIT -vNQUERIES=$NQUERIES '
+
+BEGIN{
+	max_outstanding = 0;
+}
+{
+	if ($1 > max_outstanding)
+		max_outstanding = $1;
+}
+END{
+	printf("%d of %d queries answered (%.1f%%)\n", NR, NQUERIES, (NR / NQUERIES * 100));
+	if (max_outstanding > QLIMIT) {
+		print "ERROR: More than "QLIMIT" outstanding queries: "max_outstanding;
+		exit(-1);
+	} else
+		print "SUCCESS: No more than "QLIMIT" outstanding queries: "max_outstanding;
+}'

From 0048066a2a6c7e99f0767ce00f3293f88f6e3f7e Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 20 Mar 2017 16:15:02 +0100
Subject: [PATCH 191/249] Test op coding practices

---
 .../070-coding-practice.dsc                   | 16 ++++++++
 .../070-coding-practice.pre                   | 14 +++++++
 .../070-coding-practice.test                  | 40 +++++++++++++++++++
 3 files changed, 70 insertions(+)
 create mode 100644 src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.dsc
 create mode 100644 src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.pre
 create mode 100644 src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test

diff --git a/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.dsc b/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.dsc
new file mode 100644
index 00000000..b2101c47
--- /dev/null
+++ b/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.dsc
@@ -0,0 +1,16 @@
+BaseName: 070-coding-practice
+Version: 1.0
+Description: Check for non-recommended coding practices
+CreationDate: ma 20 mrt 2017 15:55:19 CET
+Maintainer: Willem Toorop
+Category: 
+Component:
+CmdDepends: 
+Depends: 
+Help:
+Pre: 070-coding-practice.pre
+Post:
+Test: 070-coding-practice.test
+AuxFiles: 
+Passed:
+Failure:
diff --git a/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.pre b/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.pre
new file mode 100644
index 00000000..150497af
--- /dev/null
+++ b/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.pre
@@ -0,0 +1,14 @@
+# #-- 070-coding-practice.pre--#
+# source the master var file when it's there
+if [ -f ../.tpkg.var.master ]
+then
+	source ../.tpkg.var.master
+else
+	(
+		cd ..
+		[ -f  "${TPKG_SRCDIR}/setup-env.sh" ] \
+		    && sh "${TPKG_SRCDIR}/setup-env.sh" 
+	) && source ../.tpkg.var.master
+fi
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
diff --git a/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test b/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test
new file mode 100644
index 00000000..b0360279
--- /dev/null
+++ b/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test
@@ -0,0 +1,40 @@
+# #-- 070-coding-practice.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+rm -f report.txt
+(
+ 	cd ${SRCROOT}/src
+	if [ `grep '[^!=]=[ 	][ 	]*NET_REQ_' *.[ch] */*.[ch] | wc -l` -gt 1 ]
+	then
+		echo "*** "
+		echo "*** Setting getdns_network_req->state should be done via"
+		echo "*** _getdns_netreq_change_state() only, for anticipating"
+		echo "*** running out of filedescriptors (sockets) and for the"
+		echo "*** limit_outstanding_queries feature."
+		echo "*** "
+		grep '[^!=]=[ 	][ 	]*NET_REQ_' *.[ch] */*.[ch]
+		echo ""
+	fi
+) >> report.txt
+(
+ 	cd ${SRCROOT}/src
+	if [ `grep '__FUNCTION__' *.[ch] */*.[ch] | wc -l` -gt 0 ]
+	then
+		echo "*** "
+		echo "*** Use __FUNC__ instead of __FUNCTION__ for portability"
+		echo "*** __FUNC__ is aliases in config.h to name to be used"
+		echo "*** for the system with a #define"
+		echo "*** "
+		grep '__FUNCION__' *.[ch] */*.[ch]
+		echo ""
+	fi
+) >> report.txt
+
+if [ -s report.txt ]
+then
+	cat report.txt
+	false
+fi

From a3fe9583879b7b510a1efb1662cb2fa14a643cb4 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 20 Mar 2017 16:41:57 +0100
Subject: [PATCH 192/249] Sync with unbound

---
 configure.ac                    |   9 ++
 src/util/lookup3.c              |   1 -
 src/util/lruhash.c              | 173 ++++++++++++++++----------------
 src/util/lruhash.h              |  38 +------
 src/util/orig-headers/lruhash.h |  32 ++++++
 src/util/val_secalgo.c          |  92 ++++++++++++++---
 6 files changed, 207 insertions(+), 138 deletions(-)

diff --git a/configure.ac b/configure.ac
index bb2fa22f..3cb6d24c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -311,6 +311,15 @@ AC_INCLUDES_DEFAULT
 fi
 
 
+AC_ARG_ENABLE(sha1, AC_HELP_STRING([--disable-sha1], [Disable SHA1 RRSIG support, does not disable nsec3 support]))
+	case "$enable_sha1" in
+	no)
+	;;
+	yes|*)
+	AC_DEFINE([USE_SHA1], [1], [Define this to enable SHA1 support.])
+	;;
+esac
+
 AC_ARG_ENABLE(sha2, AC_HELP_STRING([--disable-sha2], [Disable SHA256 and SHA512 RRSIG support]))
 case "$enable_sha2" in
 	no)
diff --git a/src/util/lookup3.c b/src/util/lookup3.c
index dedcdcaf..e9b05af3 100644
--- a/src/util/lookup3.c
+++ b/src/util/lookup3.c
@@ -45,7 +45,6 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
 /*#define SELF_TEST 1*/
 
 #include "config.h"
-#include "util/lookup3.h"
 #include "util/storage/lookup3.h"
 #include <stdio.h>      /* defines printf for tests */
 #include <time.h>       /* defines time_t for timings in the test */
diff --git a/src/util/lruhash.c b/src/util/lruhash.c
index fd091ef9..0003ff49 100644
--- a/src/util/lruhash.c
+++ b/src/util/lruhash.c
@@ -41,7 +41,6 @@
  */
 
 #include "config.h"
-#include "util/lruhash.h"
 #include "util/storage/lruhash.h"
 #include "util/fptr_wlist.h"
 
@@ -297,92 +296,6 @@ lru_touch(struct lruhash* table, struct lruhash_entry* entry)
 	lru_front(table, entry);
 }
 
-
-/*
- * Demote: the opposite of touch, move an entry to the bottom
- * of the LRU pile.
- */
-
-void
-lru_demote(struct lruhash* table, struct lruhash_entry* entry)
-{
-	log_assert(table && entry);
-	if (entry == table->lru_end)
-		return; /* nothing to do */
-				/* remove from current lru position */
-	lru_remove(table, entry);
-	/* add at end */
-	entry->lru_next = NULL;
-	entry->lru_prev = table->lru_end;
-
-	if (table->lru_end == NULL)
-	{
-		table->lru_start = entry;
-	}
-	else
-	{
-		table->lru_end->lru_next = entry;
-	}
-	table->lru_end = entry;
-}
-
-struct lruhash_entry*
-lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash,
-struct lruhash_entry* entry, void* data, void* cb_arg)
-{
-	struct lruhash_bin* bin;
-	struct lruhash_entry* found, *reclaimlist = NULL;
-	size_t need_size;
-	fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc));
-	fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
-	fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
-	fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc));
-	fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
-	need_size = table->sizefunc(entry->key, data);
-	if (cb_arg == NULL) cb_arg = table->cb_arg;
-
-	/* find bin */
-	lock_quick_lock(&table->lock);
-	bin = &table->array[hash & table->size_mask];
-	lock_quick_lock(&bin->lock);
-
-	/* see if entry exists already */
-	if ((found = bin_find_entry(table, bin, hash, entry->key)) != NULL) {
-		/* if so: keep the existing data - acquire a writelock */
-		lock_rw_wrlock(&found->lock);
-	}
-	else
-	{
-		/* if not: add to bin */
-		entry->overflow_next = bin->overflow_list;
-		bin->overflow_list = entry;
-		lru_front(table, entry);
-		table->num++;
-		table->space_used += need_size;
-		/* return the entry that was presented, and lock it */
-		found = entry;
-		lock_rw_wrlock(&found->lock);
-	}
-	lock_quick_unlock(&bin->lock);
-	if (table->space_used > table->space_max)
-		reclaim_space(table, &reclaimlist);
-	if (table->num >= table->size)
-		table_grow(table);
-	lock_quick_unlock(&table->lock);
-
-	/* finish reclaim if any (outside of critical region) */
-	while (reclaimlist) {
-		struct lruhash_entry* n = reclaimlist->overflow_next;
-		void* d = reclaimlist->data;
-		(*table->delkeyfunc)(reclaimlist->key, cb_arg);
-		(*table->deldatafunc)(d, cb_arg);
-		reclaimlist = n;
-	}
-
-	/* return the entry that was selected */
-	return found;
-}
-
 void 
 lruhash_insert(struct lruhash* table, hashvalue_type hash,
         struct lruhash_entry* entry, void* data, void* cb_arg)
@@ -630,3 +543,89 @@ lruhash_traverse(struct lruhash* h, int wr,
 	}
 	lock_quick_unlock(&h->lock);
 }
+
+/*
+ * Demote: the opposite of touch, move an entry to the bottom
+ * of the LRU pile.
+ */
+
+void
+lru_demote(struct lruhash* table, struct lruhash_entry* entry)
+{
+	log_assert(table && entry);
+	if (entry == table->lru_end)
+		return; /* nothing to do */
+	/* remove from current lru position */
+	lru_remove(table, entry);
+	/* add at end */
+	entry->lru_next = NULL;
+	entry->lru_prev = table->lru_end;
+
+	if (table->lru_end == NULL)
+	{
+		table->lru_start = entry;
+	}
+	else
+	{
+		table->lru_end->lru_next = entry;
+	}
+	table->lru_end = entry;
+}
+
+struct lruhash_entry*
+lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash,
+	struct lruhash_entry* entry, void* data, void* cb_arg)
+{
+	struct lruhash_bin* bin;
+	struct lruhash_entry* found, *reclaimlist = NULL;
+	size_t need_size;
+	fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc));
+	fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
+	fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
+	fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc));
+	fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
+	need_size = table->sizefunc(entry->key, data);
+	if (cb_arg == NULL) cb_arg = table->cb_arg;
+
+	/* find bin */
+	lock_quick_lock(&table->lock);
+	bin = &table->array[hash & table->size_mask];
+	lock_quick_lock(&bin->lock);
+
+	/* see if entry exists already */
+	if ((found = bin_find_entry(table, bin, hash, entry->key)) != NULL) {
+		/* if so: keep the existing data - acquire a writelock */
+		lock_rw_wrlock(&found->lock);
+	}
+	else
+	{
+		/* if not: add to bin */
+		entry->overflow_next = bin->overflow_list;
+		bin->overflow_list = entry;
+		lru_front(table, entry);
+		table->num++;
+		table->space_used += need_size;
+		/* return the entry that was presented, and lock it */
+		found = entry;
+		lock_rw_wrlock(&found->lock);
+	}
+	lock_quick_unlock(&bin->lock);
+	if (table->space_used > table->space_max)
+		reclaim_space(table, &reclaimlist);
+	if (table->num >= table->size)
+		table_grow(table);
+	lock_quick_unlock(&table->lock);
+
+	/* finish reclaim if any (outside of critical region) */
+	while (reclaimlist) {
+		struct lruhash_entry* n = reclaimlist->overflow_next;
+		void* d = reclaimlist->data;
+		(*table->delkeyfunc)(reclaimlist->key, cb_arg);
+		(*table->deldatafunc)(d, cb_arg);
+		reclaimlist = n;
+	}
+
+	/* return the entry that was selected */
+	return found;
+}
+
diff --git a/src/util/lruhash.h b/src/util/lruhash.h
index 8c0d1a18..6796a68d 100644
--- a/src/util/lruhash.h
+++ b/src/util/lruhash.h
@@ -46,12 +46,13 @@
 #define lruhash_delete			_getdns_lruhash_delete
 #define lruhash_clear			_getdns_lruhash_clear
 #define lruhash_insert			_getdns_lruhash_insert
-#define lruhash_insert_or_retrieve _getdns_lruhash_insert_or_retrieve
 #define lruhash_lookup			_getdns_lruhash_lookup
 #define lru_touch			_getdns_lru_touch
-#define lru_demote			_getdns_lru_demote
 #define lruhash_setmarkdel		_getdns_lruhash_setmarkdel
 
+#define lru_demote			_getdns_lru_demote
+#define lruhash_insert_or_retrieve	_getdns_lruhash_insert_or_retrieve
+
 #define lruhash_remove			_getdns_lruhash_remove
 #define bin_init			_getdns_bin_init
 #define bin_delete			_getdns_bin_delete
@@ -67,37 +68,4 @@
 #define lruhash_traverse		_getdns_lruhash_traverse
 
 #include "util/orig-headers/lruhash.h"
-
-/*
- * Additional function definitions, not found in original header.
- */
-
- /**
-  * Demote entry, so it becomes the least recently used in the LRU list.
-  * Caller must hold hash table lock. The entry must be inserted already.
-  * @param table: hash table.
-  * @param entry: entry to make last in LRU.
-  */
-void lru_demote(struct lruhash* table, struct lruhash_entry* entry);
-
-/**
- * Insert a new element into the hashtable, or retrieve the corresponding
- * element of it exits.
- *
- * If key is already present data pointer in that entry is kept.
- * If it is not present, a new entry is created. In that case, 
- * the space calculation function is called with the key, data.
- * If necessary the least recently used entries are deleted to make space.
- * If necessary the hash array is grown up.
- *
- * @param table: hash table.
- * @param hash: hash value. User calculates the hash.
- * @param entry: identifies the entry.
- * @param data: the data.
- * @param cb_override: if not null overrides the cb_arg for the deletefunc.
- * @return: pointer to the existing entry if the key was already present,
- *     or to the entry argument if it was not.
- */
-struct lruhash_entry* lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash,
-	struct lruhash_entry* entry, void* data, void* cb_arg);
 #endif
diff --git a/src/util/orig-headers/lruhash.h b/src/util/orig-headers/lruhash.h
index c3937408..af06b622 100644
--- a/src/util/orig-headers/lruhash.h
+++ b/src/util/orig-headers/lruhash.h
@@ -301,6 +301,38 @@ void lru_touch(struct lruhash* table, struct lruhash_entry* entry);
  */
 void lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_type md);
 
+/************************* getdns functions ************************/
+/*** these are used by getdns only and not by unbound. ***/
+
+/**
+ * Demote entry, so it becomes the least recently used in the LRU list.
+ * Caller must hold hash table lock. The entry must be inserted already.
+ * @param table: hash table.
+ * @param entry: entry to make last in LRU.
+ */
+void lru_demote(struct lruhash* table, struct lruhash_entry* entry);
+
+/**
+ * Insert a new element into the hashtable, or retrieve the corresponding
+ * element of it exits.
+ *
+ * If key is already present data pointer in that entry is kept.
+ * If it is not present, a new entry is created. In that case, 
+ * the space calculation function is called with the key, data.
+ * If necessary the least recently used entries are deleted to make space.
+ * If necessary the hash array is grown up.
+ *
+ * @param table: hash table.
+ * @param hash: hash value. User calculates the hash.
+ * @param entry: identifies the entry.
+ * @param data: the data.
+ * @param cb_override: if not null overrides the cb_arg for the deletefunc.
+ * @return: pointer to the existing entry if the key was already present,
+ *     or to the entry argument if it was not.
+ */
+struct lruhash_entry* lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash,
+        struct lruhash_entry* entry, void* data, void* cb_arg);
+
 /************************* Internal functions ************************/
 /*** these are only exposed for unit tests. ***/
 
diff --git a/src/util/val_secalgo.c b/src/util/val_secalgo.c
index 302820fc..be88ff43 100644
--- a/src/util/val_secalgo.c
+++ b/src/util/val_secalgo.c
@@ -74,6 +74,8 @@
 
 /** fake DSA support for unit tests */
 int fake_dsa = 0;
+/** fake SHA1 support for unit tests */
+int fake_sha1 = 0;
 
 /* return size of digest if supported, or 0 otherwise */
 size_t
@@ -116,9 +118,12 @@ size_t
 ds_digest_size_supported(int algo)
 {
 	switch(algo) {
-#ifdef HAVE_EVP_SHA1
 		case LDNS_SHA1:
+#if defined(HAVE_EVP_SHA1) && defined(USE_SHA1)
 			return SHA_DIGEST_LENGTH;
+#else
+			if(fake_sha1) return 20;
+			return 0;
 #endif
 #ifdef HAVE_EVP_SHA256
 		case LDNS_SHA256:
@@ -158,7 +163,7 @@ secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
 	unsigned char* res)
 {
 	switch(algo) {
-#ifdef HAVE_EVP_SHA1
+#if defined(HAVE_EVP_SHA1) && defined(USE_SHA1)
 		case LDNS_SHA1:
 			(void)SHA1(buf, len, res);
 			return 1;
@@ -197,14 +202,22 @@ dnskey_algo_id_is_supported(int id)
 		return 0;
 	case LDNS_DSA:
 	case LDNS_DSA_NSEC3:
-#ifdef USE_DSA
+#if defined(USE_DSA) && defined(USE_SHA1)
 		return 1;
 #else
-		if(fake_dsa) return 1;
+		if(fake_dsa || fake_sha1) return 1;
 		return 0;
 #endif
+
 	case LDNS_RSASHA1:
 	case LDNS_RSASHA1_NSEC3:
+#ifdef USE_SHA1
+		return 1;
+#else
+		if(fake_sha1) return 1;
+		return 0;
+#endif
+
 #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
 	case LDNS_RSASHA256:
 #endif
@@ -215,7 +228,10 @@ dnskey_algo_id_is_supported(int id)
 	case LDNS_ECDSAP256SHA256:
 	case LDNS_ECDSAP384SHA384:
 #endif
+#if (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) || defined(USE_ECDSA)
 		return 1;
+#endif
+
 #ifdef USE_GOST
 	case LDNS_ECC_GOST:
 		/* we support GOST if it can be loaded */
@@ -392,13 +408,13 @@ static int
 setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, 
 	unsigned char* key, size_t keylen)
 {
-#ifdef USE_DSA
+#if defined(USE_DSA) && defined(USE_SHA1)
 	DSA* dsa;
 #endif
 	RSA* rsa;
 
 	switch(algo) {
-#ifdef USE_DSA
+#if defined(USE_DSA) && defined(USE_SHA1)
 		case LDNS_DSA:
 		case LDNS_DSA_NSEC3:
 			*evp_key = EVP_PKEY_new();
@@ -424,9 +440,13 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 #endif
 
 			break;
-#endif /* USE_DSA */
+#endif /* USE_DSA && USE_SHA1 */
+
+#if defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2))
+#ifdef USE_SHA1
 		case LDNS_RSASHA1:
 		case LDNS_RSASHA1_NSEC3:
+#endif
 #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
 		case LDNS_RSASHA256:
 #endif
@@ -461,9 +481,14 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 				*digest_type = EVP_sha512();
 			else
 #endif
+#ifdef USE_SHA1
 				*digest_type = EVP_sha1();
-
+#else
+				{ verbose(VERB_QUERY, "no digest available"); return 0; }
+#endif
 			break;
+#endif /* defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) */
+
 		case LDNS_RSAMD5:
 			*evp_key = EVP_PKEY_new();
 			if(!*evp_key) {
@@ -562,7 +587,11 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 	EVP_PKEY *evp_key = NULL;
 
 #ifndef USE_DSA
-	if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) && fake_dsa)
+	if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) &&(fake_dsa||fake_sha1))
+		return sec_status_secure;
+#endif
+#ifndef USE_SHA1
+	if(fake_sha1 && (algo == LDNS_DSA || algo == LDNS_DSA_NSEC3 || algo == LDNS_RSASHA1 || algo == LDNS_RSASHA1_NSEC3))
 		return sec_status_secure;
 #endif
 	
@@ -706,8 +735,10 @@ ds_digest_size_supported(int algo)
 {
 	/* uses libNSS */
 	switch(algo) {
+#ifdef USE_SHA1
 		case LDNS_SHA1:
 			return SHA1_LENGTH;
+#endif
 #ifdef USE_SHA2
 		case LDNS_SHA256:
 			return SHA256_LENGTH;
@@ -729,9 +760,11 @@ secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
 {
 	/* uses libNSS */
 	switch(algo) {
+#ifdef USE_SHA1
 		case LDNS_SHA1:
 			return HASH_HashBuf(HASH_AlgSHA1, res, buf, len)
 				== SECSuccess;
+#endif
 #if defined(USE_SHA2)
 		case LDNS_SHA256:
 			return HASH_HashBuf(HASH_AlgSHA256, res, buf, len)
@@ -759,12 +792,15 @@ dnskey_algo_id_is_supported(int id)
 	case LDNS_RSAMD5:
 		/* RFC 6725 deprecates RSAMD5 */
 		return 0;
-#ifdef USE_DSA
+#if defined(USE_SHA1) || defined(USE_SHA2)
+#if defined(USE_DSA) && defined(USE_SHA1)
 	case LDNS_DSA:
 	case LDNS_DSA_NSEC3:
 #endif
+#ifdef USE_SHA1
 	case LDNS_RSASHA1:
 	case LDNS_RSASHA1_NSEC3:
+#endif
 #ifdef USE_SHA2
 	case LDNS_RSASHA256:
 #endif
@@ -772,6 +808,8 @@ dnskey_algo_id_is_supported(int id)
 	case LDNS_RSASHA512:
 #endif
 		return 1;
+#endif /* SHA1 or SHA2 */
+
 #ifdef USE_ECDSA
 	case LDNS_ECDSAP256SHA256:
 	case LDNS_ECDSAP384SHA384:
@@ -1003,7 +1041,9 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype,
 	*/
 
 	switch(algo) {
-#ifdef USE_DSA
+
+#if defined(USE_SHA1) || defined(USE_SHA2)
+#if defined(USE_DSA) && defined(USE_SHA1)
 		case LDNS_DSA:
 		case LDNS_DSA_NSEC3:
 			*pubkey = nss_buf2dsa(key, keylen);
@@ -1015,8 +1055,10 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype,
 			/* no prefix for DSA verification */
 			break;
 #endif
+#ifdef USE_SHA1
 		case LDNS_RSASHA1:
 		case LDNS_RSASHA1_NSEC3:
+#endif
 #ifdef USE_SHA2
 		case LDNS_RSASHA256:
 #endif
@@ -1043,13 +1085,22 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype,
 				*prefixlen = sizeof(p_sha512);
 			} else
 #endif
+#ifdef USE_SHA1
 			{
 				*htype = HASH_AlgSHA1;
 				*prefix = p_sha1;
 				*prefixlen = sizeof(p_sha1);
 			}
+#else
+			{
+				verbose(VERB_QUERY, "verify: no digest algo");
+				return 0;
+			}
+#endif
 
 			break;
+#endif /* SHA1 or SHA2 */
+
 		case LDNS_RSAMD5:
 			*pubkey = nss_buf2rsa(key, keylen);
 			if(!*pubkey) {
@@ -1131,7 +1182,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 		return sec_status_bogus;
 	}
 
-#ifdef USE_DSA
+#if defined(USE_DSA) && defined(USE_SHA1)
 	/* need to convert DSA, ECDSA signatures? */
 	if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3)) {
 		if(sigblock_len == 1+2*SHA1_LENGTH) {
@@ -1312,7 +1363,12 @@ ds_digest_size_supported(int algo)
 {
 	switch(algo) {
 		case LDNS_SHA1:
+#ifdef USE_SHA1
 			return SHA1_DIGEST_SIZE;
+#else
+			if(fake_sha1) return 20;
+			return 0;
+#endif
 #ifdef USE_SHA2
 		case LDNS_SHA256:
 			return SHA256_DIGEST_SIZE;
@@ -1334,8 +1390,10 @@ secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
 	unsigned char* res)
 {
 	switch(algo) {
+#ifdef USE_SHA1
 		case LDNS_SHA1:
 			return _digest_nettle(SHA1_DIGEST_SIZE, buf, len, res);
+#endif
 #if defined(USE_SHA2)
 		case LDNS_SHA256:
 			return _digest_nettle(SHA256_DIGEST_SIZE, buf, len, res);
@@ -1359,12 +1417,14 @@ dnskey_algo_id_is_supported(int id)
 {
 	/* uses libnettle */
 	switch(id) {
-#ifdef USE_DSA
+#if defined(USE_DSA) && defined(USE_SHA1)
 	case LDNS_DSA:
 	case LDNS_DSA_NSEC3:
 #endif
+#ifdef USE_SHA1
 	case LDNS_RSASHA1:
 	case LDNS_RSASHA1_NSEC3:
+#endif
 #ifdef USE_SHA2
 	case LDNS_RSASHA256:
 	case LDNS_RSASHA512:
@@ -1381,7 +1441,7 @@ dnskey_algo_id_is_supported(int id)
 	}
 }
 
-#ifdef USE_DSA
+#if defined(USE_DSA) && defined(USE_SHA1)
 static char *
 _verify_nettle_dsa(sldns_buffer* buf, unsigned char* sigblock,
 	unsigned int sigblock_len, unsigned char* key, unsigned int keylen)
@@ -1641,7 +1701,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 	}
 
 	switch(algo) {
-#ifdef USE_DSA
+#if defined(USE_DSA) && defined(USE_SHA1)
 	case LDNS_DSA:
 	case LDNS_DSA_NSEC3:
 		*reason = _verify_nettle_dsa(buf, sigblock, sigblock_len, key, keylen);
@@ -1651,9 +1711,11 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 			return sec_status_secure;
 #endif /* USE_DSA */
 
+#ifdef USE_SHA1
 	case LDNS_RSASHA1:
 	case LDNS_RSASHA1_NSEC3:
 		digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE);
+#endif
 #ifdef USE_SHA2
 	case LDNS_RSASHA256:
 		digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE);

From 24abf43de17fff8d58f0ded804bc3b6def8b9947 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 20 Mar 2017 21:33:19 +0100
Subject: [PATCH 193/249] Fit mdns code with pending dns netreqs on EMFILE

---
 configure.ac                                      |  5 ++++-
 src/general.c                                     | 15 ++++++++++-----
 src/mdns.c                                        | 14 +++++++-------
 src/request-internal.c                            |  1 +
 .../070-coding-practice.test                      |  5 +++--
 src/types-internal.h                              |  1 +
 6 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/configure.ac b/configure.ac
index 3cb6d24c..fa6a2436 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1011,7 +1011,10 @@ fi
 
 
 #---- check for pthreads library
-AC_SEARCH_LIBS([pthread_mutex_init],[pthread],[AC_DEFINE([HAVE_PTHREAD], [1], [Have pthreads library])], [AC_MSG_WARN([pthreads not available])])
+AC_SEARCH_LIBS([pthread_mutex_init],[pthread], [
+	AC_DEFINE([HAVE_PTHREAD], [1], [Have pthreads library])
+	LIBS="-lpthread $LIBS"
+], [AC_MSG_WARN([pthreads not available])])
 
 AC_MSG_CHECKING([whether the C compiler (${CC-cc}) supports the __func__ variable])
 AC_LANG_PUSH(C)
diff --git a/src/general.c b/src/general.c
index 6ed44004..8d780eb7 100644
--- a/src/general.c
+++ b/src/general.c
@@ -110,7 +110,8 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 
 	/* Do we have to check more suffixes on nxdomain/nodata?
 	 */
-	if (dns_req->suffix_appended && /* Something was appended */
+	if (dns_req->is_dns_request &&
+	    dns_req->suffix_appended && /* Something was appended */
 	    dns_req->suffix_len > 1 &&  /* Next suffix available */
 	    no_answer(dns_req)) {
 		/* Remove suffix from name */
@@ -146,6 +147,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 			return;
 		}
 	} else if (
+	    dns_req->is_dns_request &&
 	    ( dns_req->append_name ==
 	      GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE ||
 	      dns_req->append_name ==
@@ -189,7 +191,9 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 		dns_req->internal_cb(dns_req);
 	} else if (! results_found)
 		_getdns_call_user_callback(dns_req, NULL);
-	else if (dns_req->dnssec_return_validation_chain
+	else if (
+	    dns_req->is_dns_request &&
+	    (dns_req->dnssec_return_validation_chain
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 	    || (   dns_req->dnssec_roadblock_avoidance 
 	       && !dns_req->avoid_dnssec_roadblocks)
@@ -202,7 +206,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 	            dns_req->dnssec_return_all_statuses
 	           ))
 #endif
-	    )
+	    ))
 		_getdns_get_validation_chain(dns_req);
 	else
 		_getdns_call_user_callback(
@@ -301,7 +305,7 @@ _getdns_netreq_change_state(
 	uint64_t now_ms;
 	getdns_network_req *prev;
 
-	if (!netreq)
+	if (!netreq || !netreq->owner->is_dns_request)
 		return;
 
 	context = netreq->owner->context;
@@ -571,7 +575,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 
 			if (!(r = _getdns_context_local_namespace_resolve(
 			    req, &localnames_response))) {
-
+				req->is_dns_request = 0;
 				_getdns_call_user_callback
 				    ( req, localnames_response);
 				break;
@@ -581,6 +585,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			/* Check whether the name belongs in the MDNS space */
 			if (!(r = _getdns_mdns_namespace_check(req)))
 			{
+				req->is_dns_request = 0;
 				// Submit the query to the MDNS transport.
 				for (netreq_p = req->netreqs
 					; !r && (netreq = *netreq_p)
diff --git a/src/mdns.c b/src/mdns.c
index b18368ff..6373b265 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -513,7 +513,7 @@ static void msdn_cache_deldata(void* vdata, void* vcontext)
 
 		/* TODO: treating as a timeout for now, may consider treating as error */
 		netreq->debug_end_time = _getdns_get_time_as_uintt64();
-		netreq->state = NET_REQ_TIMED_OUT;
+		_getdns_netreq_change_state(netreq, NET_REQ_TIMED_OUT);
 		if (netreq->owner->user_callback) {
 			(void)_getdns_context_request_timed_out(netreq->owner);
 		}
@@ -1008,7 +1008,7 @@ mdns_complete_query_from_cache_entry(
 
 				netreq->response_len = packet_length;
 				netreq->debug_end_time = _getdns_get_time_as_uintt64();
-				netreq->state = NET_REQ_FINISHED;
+				_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
 				_getdns_check_dns_req_complete(netreq->owner);
 			}
 			else
@@ -1016,7 +1016,7 @@ mdns_complete_query_from_cache_entry(
 				/* Fail the query? */
 				netreq->response_len = 0;
 				netreq->debug_end_time = _getdns_get_time_as_uintt64();
-				netreq->state = NET_REQ_ERRORED;
+				_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 				_getdns_check_dns_req_complete(netreq->owner);
 			}
 		}
@@ -1026,7 +1026,7 @@ mdns_complete_query_from_cache_entry(
 		/* Failure */
 		netreq->response_len = 0;
 		netreq->debug_end_time = _getdns_get_time_as_uintt64();
-		netreq->state = NET_REQ_ERRORED;
+		_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 		_getdns_check_dns_req_complete(netreq->owner);
 	}
 
@@ -1085,7 +1085,7 @@ mdns_mcast_timeout_cb(void *userarg)
 	int found = 0;
 
 	DEBUG_MDNS("%s %-35s: MSG:  %p\n",
-		MDNS_DEBUG_CLEANUP, __FUNCTION__, netreq);
+		MDNS_DEBUG_CLEANUP, __FUNC__, netreq);
 
 	msdn_cache_create_key_in_buffer(temp_key, dnsreq->name, dnsreq->name_len,
 		netreq->request_type, dnsreq->request_class);
@@ -1113,7 +1113,7 @@ mdns_mcast_timeout_cb(void *userarg)
 		/* Fail the request on timeout */
 		netreq->response_len = 0;
 		netreq->debug_end_time = _getdns_get_time_as_uintt64();
-		netreq->state = NET_REQ_ERRORED;
+		_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 		_getdns_check_dns_req_complete(netreq->owner);
 	}
 }
@@ -1128,7 +1128,7 @@ mdns_udp_multicast_read_cb(void *userarg)
 	uint64_t current_time;
 	ssize_t       read;
 	DEBUG_MDNS("%s %-35s: CTX: %p, NET=%d \n", MDNS_DEBUG_MREAD,
-		__FUNCTION__, cnx->context, cnx->addr_mcast.ss_family);
+		__FUNC__, cnx->context, cnx->addr_mcast.ss_family);
 
 	current_time = _getdns_get_time_as_uintt64();
 
diff --git a/src/request-internal.c b/src/request-internal.c
index 2259286e..a74fe8f0 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -938,6 +938,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 	result->finished_next = NULL;
 	result->freed = NULL;
 	result->validating = 0;
+	result->is_dns_request = 1;
 	result->chain = NULL;
 
 	network_req_init(result->netreqs[0], result,
diff --git a/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test b/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test
index b0360279..b628a657 100644
--- a/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test
+++ b/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test
@@ -15,7 +15,8 @@ rm -f report.txt
 		echo "*** running out of filedescriptors (sockets) and for the"
 		echo "*** limit_outstanding_queries feature."
 		echo "*** "
-		grep '[^!=]=[ 	][ 	]*NET_REQ_' *.[ch] */*.[ch]
+		grep -n '[^!=]=[ 	][ 	]*NET_REQ_' *.[ch] */*.[ch] | \
+		    grep -v '^request-internal.c:[12][0-9][0-9]:	*net_req->state = NET_REQ_NOT_SENT;$'
 		echo ""
 	fi
 ) >> report.txt
@@ -28,7 +29,7 @@ rm -f report.txt
 		echo "*** __FUNC__ is aliases in config.h to name to be used"
 		echo "*** for the system with a #define"
 		echo "*** "
-		grep '__FUNCION__' *.[ch] */*.[ch]
+		grep -n '__FUNCTION__' *.[ch] */*.[ch]
 		echo ""
 	fi
 ) >> report.txt
diff --git a/src/types-internal.h b/src/types-internal.h
index ad1e9806..856651a3 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -313,6 +313,7 @@ typedef struct getdns_dns_req {
 	/* Internally used by return_validation_chain */
 	unsigned dnssec_ok_checking_disabled		: 1;
 	unsigned is_sync_request			: 1;
+	unsigned is_dns_request				: 1;
 
 	/* The validating and freed variables are used to make sure a single
 	 * code path is followed while processing a DNS request, even when

From a77a3353704dbd9b833ca55a463468d4b2dbaefd Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 20 Mar 2017 21:57:57 +0100
Subject: [PATCH 194/249] Comment out dead assignement

To silence static code analysis
---
 src/mdns.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/mdns.c b/src/mdns.c
index 6373b265..8a63f013 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -788,7 +788,9 @@ mdns_update_cache_ttl_and_prune(struct getdns_context *context,
 		memmove(old_record + last_copied_index, old_record + current_hole_index,
 			answer_index - current_hole_index);
 		last_copied_index += answer_index - current_hole_index;
-		answer_index = last_copied_index;
+
+		/* dead assignment */
+		/* answer_index = last_copied_index; */
 	}
 
 	/* if some records were deleted, update the record headers */

From a5876d57fea29647429cf7f13d5487bfac019969 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 20 Mar 2017 21:58:45 +0100
Subject: [PATCH 195/249] Dependencies

---
 spec/example/Makefile.in |  24 ++-
 src/Makefile.in          | 434 +++++++++++++++++++++++++--------------
 src/test/Makefile.in     |  71 +++++--
 src/tools/Makefile.in    |   7 +-
 4 files changed, 346 insertions(+), 190 deletions(-)

diff --git a/spec/example/Makefile.in b/spec/example/Makefile.in
index 7bf5e016..8ff7f2d1 100644
--- a/spec/example/Makefile.in
+++ b/spec/example/Makefile.in
@@ -149,16 +149,24 @@ depend:
 
 # Dependencies for the examples
 example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
-example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h ../../src/config.h \
- ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/getdns/getdns_extra.h
+example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
 example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/getdns/getdns_extra.h
 example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
  ../../src/getdns/getdns.h
-example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h ../../src/config.h \
- ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
diff --git a/src/Makefile.in b/src/Makefile.in
index 6497cc6a..c1cb8f12 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -216,169 +216,287 @@ depend:
 FORCE:
 
 # Dependencies for gldns, utils, the extensions and compat functions
-const-info.lo const-info.o: $(srcdir)/const-info.c getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/const-info.h
-context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h \
- $(srcdir)/pubkey-pinning.h
-convert.lo convert.o: $(srcdir)/convert.c config.h getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
-dict.lo dict.o: $(srcdir)/dict.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h \
- $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/parseutil.h
-dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h $(srcdir)/debug.h getdns/getdns.h $(srcdir)/context.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h \
- $(srcdir)/list.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/orig-headers/val_secalgo.h
-general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/general.h getdns/getdns.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util-internal.h \
- $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h $(srcdir)/mdns.h
-list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
- config.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
-mdns.lo mdns.o: $(srcdir)/mdns.c config.h $(srcdir)/debug.h $(srcdir)/context.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/mdns.h
-pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c config.h $(srcdir)/debug.h getdns/getdns.h \
- $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
- config.h $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
-request-internal.lo request-internal.o: $(srcdir)/request-internal.c config.h $(srcdir)/types-internal.h \
- getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h $(srcdir)/convert.h
-rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h config.h getdns/getdns.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/util-internal.h $(srcdir)/context.h getdns/getdns_extra.h getdns/getdns.h \
+const-info.lo const-info.o: $(srcdir)/const-info.c \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/const-info.h
+context.lo context.o: $(srcdir)/context.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
-rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h config.h getdns/getdns.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
-server.lo server.o: $(srcdir)/server.c config.h getdns/getdns_extra.h getdns/getdns.h \
- $(srcdir)/context.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h
-stub.lo stub.o: $(srcdir)/stub.c config.h $(srcdir)/debug.h $(srcdir)/stub.h getdns/getdns.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
-sync.lo sync.o: $(srcdir)/sync.c getdns/getdns.h config.h $(srcdir)/context.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
- $(srcdir)/gldns/wire2str.h
-ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h config.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
-util-internal.lo util-internal.o: $(srcdir)/util-internal.c config.h getdns/getdns.h $(srcdir)/dict.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
-version.lo version.o: version.c
-gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c config.h $(srcdir)/gldns/gbuffer.h
-keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c config.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
-parse.lo parse.o: $(srcdir)/gldns/parse.c config.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h \
- $(srcdir)/gldns/gbuffer.h
-parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c config.h $(srcdir)/gldns/parseutil.h
-rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
-str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c config.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
-wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c config.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/keyraw.h
-arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h
-arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
-arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c config.h
-explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
-getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
-getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h
-getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
-getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
-gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c config.h
-inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
-inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
-sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
-strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
-locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h
-lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c config.h $(srcdir)/util/auxiliary/util/storage/lookup3.h \
- $(srcdir)/util/lookup3.h $(srcdir)/util/orig-headers/lookup3.h
-lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c config.h $(srcdir)/util/auxiliary/util/storage/lruhash.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h \
+ $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
+convert.lo convert.o: $(srcdir)/convert.c \
+ config.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
  $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h \
- $(srcdir)/util/auxiliary/util/fptr_wlist.h
-rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/auxiliary/log.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/fptr_wlist.h \
- $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h
-val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h \
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
+ $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
+dict.lo dict.o: $(srcdir)/dict.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/parseutil.h
+dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
+ config.h \
+ $(srcdir)/debug.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h \
+ $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
+ $(srcdir)/util/orig-headers/val_secalgo.h
+general.lo general.o: $(srcdir)/general.c \
+ config.h \
+ $(srcdir)/general.h \
+ getdns/getdns.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h \
+ $(srcdir)/mdns.h
+list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
+ config.h \
+ $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
+mdns.lo mdns.o: $(srcdir)/mdns.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/context.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/mdns.h \
+ $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
+ $(srcdir)/util/orig-headers/lookup3.h
+pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
+ config.h \
+ $(srcdir)/debug.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
+request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h \
+ $(srcdir)/convert.h $(srcdir)/general.h
+rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
+rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
+server.lo server.o: $(srcdir)/server.c \
+ config.h \
+ getdns/getdns_extra.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
+stub.lo stub.o: $(srcdir)/stub.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/stub.h \
+ getdns/getdns.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
+ $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
+sync.lo sync.o: $(srcdir)/sync.c \
+ getdns/getdns.h \
+ config.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
+ $(srcdir)/gldns/wire2str.h
+ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
+ config.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
+util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
+gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
+ config.h \
+ $(srcdir)/gldns/gbuffer.h
+keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
+ config.h \
+ $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
+parse.lo parse.o: $(srcdir)/gldns/parse.c \
+ config.h \
+ $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
+parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
+ config.h \
+ $(srcdir)/gldns/parseutil.h
+rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
+ config.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
+str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
+ config.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
+wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
+ config.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
+arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
+ config.h
+arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
+ config.h \
+ $(srcdir)/compat/chacha_private.h
+arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c \
+ config.h
+explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c \
+ config.h
+getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c \
+ config.h
+getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c \
+ config.h
+getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c \
+ config.h
+getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
+gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c \
+ config.h
+inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c \
+ config.h
+inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c \
+ config.h
+sha512.lo sha512.o: $(srcdir)/compat/sha512.c \
+ config.h
+strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
+ config.h
+locks.lo locks.o: $(srcdir)/util/locks.c \
+ config.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
+lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c \
+ config.h \
+ $(srcdir)/util/auxiliary/util/storage/lookup3.h $(srcdir)/util/lookup3.h \
+ $(srcdir)/util/orig-headers/lookup3.h
+lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c \
+ config.h \
+ $(srcdir)/util/auxiliary/util/storage/lruhash.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/util/fptr_wlist.h
+rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
+ config.h \
+ $(srcdir)/util/auxiliary/log.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
+ $(srcdir)/util/auxiliary/fptr_wlist.h $(srcdir)/util/auxiliary/util/fptr_wlist.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
+val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
+ config.h \
  $(srcdir)/util/auxiliary/util/data/packed_rrset.h \
  $(srcdir)/util/auxiliary/validator/val_secalgo.h $(srcdir)/util/val_secalgo.h \
  $(srcdir)/util/orig-headers/val_secalgo.h $(srcdir)/util/auxiliary/validator/val_nsec3.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
  $(srcdir)/gldns/rrdef.h $(srcdir)/util/auxiliary/sldns/keyraw.h $(srcdir)/gldns/keyraw.h \
  $(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
-libev.lo libev.o: $(srcdir)/extension/libev.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h \
- getdns/getdns_extra.h
-libevent.lo libevent.o: $(srcdir)/extension/libevent.c config.h $(srcdir)/types-internal.h \
- getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h \
- getdns/getdns_extra.h
-libuv.lo libuv.o: $(srcdir)/extension/libuv.c config.h $(srcdir)/debug.h config.h $(srcdir)/types-internal.h \
- getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h \
- getdns/getdns_extra.h
-poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h config.h
-select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c config.h \
- $(srcdir)/extension/select_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/debug.h config.h $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
+libev.lo libev.o: $(srcdir)/extension/libev.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
+libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
+libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
+poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
+ config.h \
+ $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
+select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
+ config.h \
+ $(srcdir)/extension/select_eventloop.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
diff --git a/src/test/Makefile.in b/src/test/Makefile.in
index c481fdab..758435c1 100644
--- a/src/test/Makefile.in
+++ b/src/test/Makefile.in
@@ -216,10 +216,13 @@ depend:
 .PHONY: clean test
 
 # Dependencies for the unit tests
-check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_address.h \
- $(srcdir)/check_getdns_address_sync.h $(srcdir)/check_getdns_cancel_callback.h \
- $(srcdir)/check_getdns_context_create.h $(srcdir)/check_getdns_context_destroy.h \
+check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
+ ../getdns/getdns.h \
+ $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_address.h $(srcdir)/check_getdns_address_sync.h \
+ $(srcdir)/check_getdns_cancel_callback.h $(srcdir)/check_getdns_context_create.h \
+ $(srcdir)/check_getdns_context_destroy.h \
  $(srcdir)/check_getdns_context_set_context_update_callback.h \
  $(srcdir)/check_getdns_context_set_dns_transport.h \
  $(srcdir)/check_getdns_context_set_timeout.h \
@@ -239,34 +242,58 @@ check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(sr
  $(srcdir)/check_getdns_list_get_list.h $(srcdir)/check_getdns_pretty_print_dict.h \
  $(srcdir)/check_getdns_service.h $(srcdir)/check_getdns_service_sync.h \
  $(srcdir)/check_getdns_transport.h
-check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c ../getdns/getdns.h \
- ../config.h $(srcdir)/check_getdns_common.h ../getdns/getdns_extra.h \
+check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c \
+ ../getdns/getdns.h \
+ ../config.h \
+ $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h \
  $(srcdir)/check_getdns_eventloop.h
 check_getdns_context_set_timeout.lo check_getdns_context_set_timeout.o: $(srcdir)/check_getdns_context_set_timeout.c \
  $(srcdir)/check_getdns_context_set_timeout.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h
 check_getdns_libev.lo check_getdns_libev.o: $(srcdir)/check_getdns_libev.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libev.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libev.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_common.h
 check_getdns_libevent.lo check_getdns_libevent.o: $(srcdir)/check_getdns_libevent.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libevent.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libevent.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
 check_getdns_libuv.lo check_getdns_libuv.o: $(srcdir)/check_getdns_libuv.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libuv.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libuv.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_common.h
 check_getdns_selectloop.lo check_getdns_selectloop.o: $(srcdir)/check_getdns_selectloop.c \
- $(srcdir)/check_getdns_eventloop.h ../config.h ../getdns/getdns.h \
+ $(srcdir)/check_getdns_eventloop.h \
+ ../config.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 check_getdns_transport.lo check_getdns_transport.o: $(srcdir)/check_getdns_transport.c \
- $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h ../getdns/getdns.h \
+ $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
-scratchpad.template.lo scratchpad.template.o: scratchpad.template.c ../getdns/getdns.h \
+scratchpad.template.lo scratchpad.template.o: scratchpad.template.c \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 testmessages.lo testmessages.o: $(srcdir)/testmessages.c $(srcdir)/testmessages.h
-tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c ../config.h $(srcdir)/testmessages.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
-tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h ../getdns/getdns.h \
+tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c \
+ ../config.h \
+ $(srcdir)/testmessages.h \
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h
+tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index d98cf437..d066e824 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -113,5 +113,8 @@ depend:
 .PHONY: clean test
 
 # Dependencies for getdns_query
-getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c ../config.h $(srcdir)/../debug.h ../config.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
+getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c \
+ ../config.h \
+ $(srcdir)/../debug.h \
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h

From fe446a0d66fdb22f2457fd94b9f4baab743b320b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 20 Mar 2017 23:17:44 +0100
Subject: [PATCH 196/249] Minor fixes

---
 src/getdns/getdns_extra.h.in |  6 +++---
 src/stub.c                   | 26 ++++++++++++++++++++++----
 2 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index af53a5f2..a6e82c6f 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -77,11 +77,11 @@ extern "C" {
 #define GETDNS_CONTEXT_CODE_PUBKEY_PINSET 621
 #define GETDNS_CONTEXT_CODE_PUBKEY_PINSET_TEXT "Change related to getdns_context_set_pubkey_pinset"
 #define GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS 622
-#define GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS_TEXT "Change related to getdns_context_set_pubkey_pinset"
+#define GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS_TEXT "Change related to getdns_context_set_round_robin_upstreams"
 #define GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME 623
-#define GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME_TEXT "Change related to getdns_context_set_pubkey_pinset"
+#define GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME_TEXT "Change related to getdns_context_set_tls_backoff_time"
 #define GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES 624
-#define GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES_TEXT "Change related to getdns_context_set_pubkey_pinset"
+#define GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES_TEXT "Change related to getdns_context_set_tls_connection_retries"
 /** @}
   */
 
diff --git a/src/stub.c b/src/stub.c
index 6736885e..8c0b897a 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -32,6 +32,13 @@
  */
 
 #include "config.h"
+#ifdef USE_POLL_DEFAULT_EVENTLOOP
+# ifdef HAVE_SYS_POLL_H
+#  include <sys/poll.h>
+# else
+#  include <poll.h>
+# endif
+#endif
 #include "debug.h"
 #include <openssl/err.h>
 #include <openssl/conf.h>
@@ -626,7 +633,15 @@ upstream_idle_timeout_cb(void *userarg)
 static void
 upstream_setup_timeout_cb(void *userarg)
 {
+	int ret;
 	getdns_upstream *upstream = (getdns_upstream *)userarg;
+#ifdef USE_POLL_DEFAULT_EVENTLOOP
+	struct pollfd fds;
+#else
+	fd_set fds;
+	struct timeval tval;
+#endif
+
 	DEBUG_STUB("%s %-35s: FD:  %d\n",
 	           STUB_DEBUG_CLEANUP, __FUNC__, upstream->fd);
 	/* Clean up and trigger a write to let the fallback code to its job */
@@ -636,14 +651,17 @@ upstream_setup_timeout_cb(void *userarg)
 	 * TCP SYN and doesn't do a reset (as is the case with e.g. 8.8.8.8@853).
 	 * For that case the socket never becomes writable so doesn't trigger any
 	 * callbacks. If so then clear out the queue in one go.*/
-	int ret;
-	fd_set fds;
+#ifdef USE_POLL_DEFAULT_EVENTLOOP
+	fds.fd = upstream->fd;
+	fds.events = POLLOUT;
+	ret = poll(&fds, 1, 0);
+#else
 	FD_ZERO(&fds);
-	FD_SET(FD_SET_T upstream->fd, &fds);
-	struct timeval tval;
+	FD_SET((int)(upstream->fd), &fds);
 	tval.tv_sec = 0;
 	tval.tv_usec = 0;
 	ret = select(upstream->fd+1, NULL, &fds, NULL, &tval);
+#endif
 	if (ret == 0) {
 		DEBUG_STUB("%s %-35s: FD:  %d Cleaning up dangling queue\n",
 		           STUB_DEBUG_CLEANUP, __FUNC__, upstream->fd);

From b838cbfe1c0fa9f22193e476b9106f3ff7077a05 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 20 Mar 2017 23:22:55 +0100
Subject: [PATCH 197/249] Bumb version

---
 configure.ac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index fa6a2436..2d5deeab 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,7 +37,7 @@ sinclude(./m4/ax_check_compile_flag.m4)
 sinclude(./m4/pkg.m4)
 
 AC_INIT([getdns], [1.1.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
-AC_SUBST(RELEASE_CANDIDATE, [-alpha3])
+AC_SUBST(RELEASE_CANDIDATE, [-rc1])
 
 # Set current date from system if not set
 AC_ARG_WITH([current-date],
@@ -47,7 +47,7 @@ AC_ARG_WITH([current-date],
   [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
 
 AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
-AC_SUBST(GETDNS_NUMERIC_VERSION, [0x0100A300])
+AC_SUBST(GETDNS_NUMERIC_VERSION, [0x0100C100])
 AC_SUBST(API_VERSION, ["December 2015"])
 AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
 GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"

From fa99b206e8a91a316f2c0cf20ba505e617c65ece Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 21 Mar 2017 12:28:48 +0100
Subject: [PATCH 198/249] Updated readme & new groups for doxygen

---
 README.md                    |   6 +-
 src/getdns/getdns_extra.h.in | 122 +++++++++++++++++++++--------------
 2 files changed, 79 insertions(+), 49 deletions(-)

diff --git a/README.md b/README.md
index 4f802fca..f89b77aa 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ Traditional access to DNS data from applications has several limitations:
 
 * Sophisticated uses of the DNS (things like IDNA and DNSSEC validation) require considerable application work, possibly by application developers with little experience with the vagaries of DNS.
 
-getdns also provides a experimental DNS Privacy enabled client called 'stubby' - see below for more details.
+getdns also provides an experimental DNS Privacy enabled client called 'stubby' - see below for more details.
 
 ## Motivation for providing the API
 
@@ -78,7 +78,7 @@ before building.
 As well as building the getdns library 2 other tools are installed by default by the above process:
 
 * getdns_query: a command line test script wrapper for getdns
-* stubby: a experimental DNS Privacy enabled client
+* stubby: an experimental DNS Privacy enabled client
 
 Note: If you only want to build stubby, then use the `--enable-stub-only` and `--without-libidn` options when running 'configure'.
 
@@ -344,6 +344,7 @@ Contributors
 * Robert Groenenberg
 * Paul Hoffman
 * Scott Hollenbeck, Verising, Inc.
+* Christian Huitema
 * Shumon Huque, Verisign Labs
 * Jelte Janssen
 * Guillem Jover
@@ -358,6 +359,7 @@ Contributors
 * Joel Purra
 * Tom Pusateri
 * Prithvi Ranganath, Verisign, Inc.
+* Hoda Rohani, NLnet Labs
 * Rushi Shah, Verisign, Inc.
 * Vinay Soni, Verisign, Inc.
 * Melinda Shore, No Mountain Software LLC
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index a6e82c6f..9d5274f6 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -126,7 +126,6 @@ typedef enum getdns_tls_authentication_t {
 /** @}
   */
 
-
 /**
  * \defgroup Uvaluesandtextsdepricated Additional transport values and texts (will be deprecated)
  *  @{
@@ -227,15 +226,6 @@ getdns_context_run(getdns_context *context);
  */
 
 
-/**
- * \defgroup contextfunction Additional getdns_context async functions
- *  @{
- */
-/* process async reqs */
-getdns_return_t getdns_context_process_async(getdns_context* context);
-/** @}
- */
-
 /**
  * \defgroup Ucontextset Additional getdns_context_set functions
  *  @{
@@ -400,9 +390,6 @@ getdns_return_t
 getdns_context_get_update_callback(getdns_context *context, void **userarg,
     void (**value) (getdns_context *, getdns_context_code_t, void *));
 
-/* Async support */
-uint32_t getdns_context_get_num_pending_requests(getdns_context* context,
-    struct timeval* next_timeout);
 /** @}
  */
 
@@ -435,6 +422,8 @@ getdns_return_t getdns_dict_util_set_string(getdns_dict * dict,
 getdns_return_t getdns_dict_util_get_string(getdns_dict * dict,
     char *name, char **result);
 
+
+
 /**
  * Validate replies or resource records.
  *
@@ -521,6 +510,51 @@ getdns_return_t getdns_pubkey_pinset_sanity_check(
 	const getdns_list* pinset,
 	getdns_list* errorlist);
 
+/**
+ * Configure a context with settings given in a getdns_dict.
+ *
+ * @param  context The context to be configured.
+ * @param  config_dict The getdns_dict containing the settings.
+ *                     The settings have the same name as returned by the
+ *                     getdns_context_get_api_information() function, or as
+ *                     used in the names of the getdns_context_get_*() and
+ *                     getdns_context_set_*() functions.
+ *                     - The dict returned by
+ *                       getdns_context_get_api_information() can be used
+ *                       as the config_dict directly, but context settings
+ *                       do *not* have to be below a `"all_context"` key.
+ *                     - It is possible to set default values for extensions
+ *                       that could otherwise only be given on a per query
+ *                       basis.  For example:
+ *                       `{ dnssec_return_status: GETDNS_EXTENSION_TRUE }` is
+ *                       equivalent to using the
+ *                       getdns_context_set_return_dnssec_status() function
+ *                       with that value, but default values for the other 
+ *                       extensions can be set by this method now too.
+ *                       For example
+ *                       `{ return_call_reporting: GETDNS_EXTENSION_TRUE}`
+ *                     - Trust anchor files and root hints content can also be
+ *                       given by file, for example:
+ *
+ *                            { dns_root_servers : "named.root"
+ *                            , dnssec_trust_anchors: "/etc/unbound/getdns-root.key"
+ *                            }
+ * @return GETDNS_RETURN_GOOD on success or an error code on failure.
+ * **Beware** that context might be partially configured on error.  For retry
+ * strategies it is advised to recreate a new config.
+ */
+getdns_return_t
+getdns_context_config(getdns_context *context, const getdns_dict *config_dict);
+
+
+
+/** @}
+ */
+
+/**
+ * \defgroup UXTRAPrettyPrinting Pretty printing of getdns dicts and lists
+ *  @{
+ */
 
 /**
  * Pretty print the getdns_dict in a given buffer snprintf style.
@@ -617,6 +651,14 @@ getdns_snprint_json_list(
     char *str, size_t size, const getdns_list *list, int pretty);
 
 
+/** @}
+ */
+
+/**
+ * \defgroup UDNSDataConversionFunctions Functions for converting between getdns DNS dicts, DNS wire format and DNS presentation format
+ *  @{
+ */
+
 /**
  * Convert rr_dict to wireformat representation of the resource record.
  *
@@ -930,6 +972,14 @@ getdns_return_t
 getdns_msg_dict2str_scan(
     const getdns_dict *msg_dict, char **str, int *str_len);
 
+/** @}
+ */
+
+/**
+ * \defgroup Ustring2getdns_data Functions for converting strings to getdns data structures
+ *  @{
+ */
+
 /**
  * Convert string text to a getdns_dict.
  *
@@ -1018,42 +1068,13 @@ getdns_str2bindata(const char *str, getdns_bindata **bindata);
 getdns_return_t
 getdns_str2int(const char *str, uint32_t *value);
 
-/**
- * Configure a context with settings given in a getdns_dict.
- *
- * @param  context The context to be configured.
- * @param  config_dict The getdns_dict containing the settings.
- *                     The settings have the same name as returned by the
- *                     getdns_context_get_api_information() function, or as
- *                     used in the names of the getdns_context_get_*() and
- *                     getdns_context_set_*() functions.
- *                     - The dict returned by
- *                       getdns_context_get_api_information() can be used
- *                       as the config_dict directly, but context settings
- *                       do *not* have to be below a `"all_context"` key.
- *                     - It is possible to set default values for extensions
- *                       that could otherwise only be given on a per query
- *                       basis.  For example:
- *                       `{ dnssec_return_status: GETDNS_EXTENSION_TRUE }` is
- *                       equivalent to using the
- *                       getdns_context_set_return_dnssec_status() function
- *                       with that value, but default values for the other 
- *                       extensions can be set by this method now too.
- *                       For example
- *                       `{ return_call_reporting: GETDNS_EXTENSION_TRUE}`
- *                     - Trust anchor files and root hints content can also be
- *                       given by file, for example:
- *
- *                            { dns_root_servers : "named.root"
- *                            , dnssec_trust_anchors: "/etc/unbound/getdns-root.key"
- *                            }
- * @return GETDNS_RETURN_GOOD on success or an error code on failure.
- * **Beware** that context might be partially configured on error.  For retry
- * strategies it is advised to recreate a new config.
+/** @}
  */
-getdns_return_t
-getdns_context_config(getdns_context *context, const getdns_dict *config_dict);
 
+/**
+ * \defgroup UServerFunctions Functions for creating simple DNS servers
+ *  @{
+ */
 
 /**
  * The user defined request handler that will be called on incoming requests.
@@ -1133,6 +1154,13 @@ getdns_reply(getdns_context *context,
  * Please use getdns_get_errorstr_by_id instead of getdns_strerror.
  */
 getdns_return_t getdns_strerror(getdns_return_t err, char *buf, size_t buflen);
+
+getdns_return_t getdns_context_process_async(getdns_context* context);
+
+/* Async support */
+uint32_t getdns_context_get_num_pending_requests(getdns_context* context,
+    struct timeval* next_timeout);
+
 /** @}
  */
 /** @}

From 5d125453910d71558387e2bf934541e0cf1d3fd0 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 22 Mar 2017 10:52:55 +0100
Subject: [PATCH 199/249] Bugfix in handling UDP backing off

---
 src/context.c |  2 +-
 src/context.h | 29 ++++++++++++++++++++++++++---
 src/stub.c    | 36 +++++++++++++++++++++++++++++-------
 3 files changed, 56 insertions(+), 11 deletions(-)

diff --git a/src/context.c b/src/context.c
index efb5eca3..1515f77b 100644
--- a/src/context.c
+++ b/src/context.c
@@ -938,7 +938,7 @@ upstream_init(getdns_upstream *upstream,
 	upstream->keepalive_shutdown = 0;
 	upstream->keepalive_timeout = 0;
 	/* How is this upstream doing on UDP? */
-	upstream->to_retry =  2;
+	upstream->to_retry =  1;
 	upstream->back_off =  1;
 	upstream->udp_responses = 0;
 	upstream->udp_timeouts = 0;
diff --git a/src/context.h b/src/context.h
index 71ea728c..21090da1 100644
--- a/src/context.h
+++ b/src/context.h
@@ -131,9 +131,32 @@ typedef struct getdns_upstream {
 	char                     addr_str[INET6_ADDRSTRLEN];
 #endif
 
-	/* How is this upstream doing over UDP? */
-	int                      to_retry;
-	int                      back_off;
+	/**
+	 * How is this upstream doing over UDP?
+	 *
+	 * to_retry = 1, back_off = 1, in context.c:upstream_init()
+	 * 
+	 * When querying over UDP, first a upstream is selected which to_retry
+	 * value > 0 in stub.c:upstream_select().
+	 * 
+	 * Every time a udp request times out, to_retry is decreased, and if
+	 * it reaches 0, it is set to minus back_off in
+	 * stub.c:stub_next_upstream().
+	 *
+	 * to_retry will become > 0 again. because each time an upstream is
+	 * selected for a UDP query in stub.c:upstream_select(), all to_retry
+	 * counters <= 0 are incremented.
+	 *
+	 * On continuous failure, the stubs are less likely to be reselected,
+	 * because each time to_retry is set to minus back_off, in 
+	 * stub.c:stub_next_upstream(), the back_off value is doubled.
+	 *
+	 * Finally, if all upstreams are failing, the upstreams with the
+	 * smallest back_off value will be selected, and the back_off value
+	 * decremented by one.
+	 */
+	int                      to_retry;  /* (initialized to 1) */
+	int                      back_off;  /* (initialized to 1) */
 	size_t                   udp_responses;
 	size_t                   udp_timeouts;
 
diff --git a/src/stub.c b/src/stub.c
index 8c0b897a..29112cc3 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -600,10 +600,10 @@ stub_timeout_cb(void *userarg)
 #endif
 		netreq->upstream->udp_timeouts++;
 #if defined(DAEMON_DEBUG) && DAEMON_DEBUG
-	if (netreq->upstream->udp_timeouts % 100 == 0)
-		DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
-		             STUB_DEBUG_DAEMON, netreq->upstream->addr_str,
-		             (int)netreq->upstream->udp_responses, (int)netreq->upstream->udp_timeouts);
+		if (netreq->upstream->udp_timeouts % 100 == 0)
+			DEBUG_DAEMON("%s %-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
+			             STUB_DEBUG_DAEMON, netreq->upstream->addr_str,
+			             (int)netreq->upstream->udp_responses, (int)netreq->upstream->udp_timeouts);
 #endif
 		stub_next_upstream(netreq);
 	} else {
@@ -1329,6 +1329,7 @@ _getdns_get_time_as_uintt64() {
 /* UDP callback functions */
 /**************************/
 
+
 static void
 stub_udp_read_cb(void *userarg)
 {
@@ -1348,8 +1349,28 @@ stub_udp_read_cb(void *userarg)
 	                                       */
 	    0, NULL, NULL);
 	if (read == -1 && _getdns_EWOULDBLOCK)
-		return;
+		return; /* Try again later */
 
+	if (read == -1) {
+		DEBUG_STUB("%s %-35s: MSG: %p error while reading from socket:"
+		           " %s\n", STUB_DEBUG_READ, __FUNC__, (void*)netreq
+			   , strerror(errno));
+
+		stub_cleanup(netreq);
+		_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
+		/* Handle upstream*/
+		if (netreq->fd >= 0) {
+#ifdef USE_WINSOCK
+			closesocket(netreq->fd);
+#else
+			close(netreq->fd);
+#endif
+			stub_next_upstream(netreq);
+		}
+		netreq->debug_end_time = _getdns_get_time_as_uintt64();
+		_getdns_check_dns_req_complete(netreq->owner);
+		return;
+	}
 	if (read < GLDNS_HEADER_SIZE)
 		return; /* Not DNS */
 	
@@ -1871,9 +1892,10 @@ upstream_select(getdns_network_req *netreq)
 		    upstream->back_off)
 			upstream = &upstreams->upstreams[i];
 
-	upstream->back_off++;
+	if (upstream->back_off > 1)
+		upstream->back_off--;
 	upstream->to_retry = 1;
-	upstreams->current_udp = (upstream - upstreams->upstreams) / GETDNS_UPSTREAM_TRANSPORTS;
+	upstreams->current_udp = upstream - upstreams->upstreams;
 	return upstream;
 }
 

From a7c824c75685f40249ec2c11f8ec36ad0d138dcb Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 22 Mar 2017 11:52:07 +0100
Subject: [PATCH 200/249] Update changelog and documentation

---
 ChangeLog                    | 17 +++++++++++++++++
 README.md                    | 14 ++------------
 src/getdns/getdns_extra.h.in |  5 +++--
 3 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 16a6428f..61e1620d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,20 @@
+* 2017-04-??: Version 1.1.0
+  * More fine grained control over TLS upstream retry and back off
+    behaviour with getdns_context_set_tls_backoff_time() and
+    getdns_context_set_tls_connection_retries().
+  * Feature: Round robin over the available upstreams
+    enable with getdns_context_set_round_robin_upstreams()
+  * Bugfix: Queue requests when no sockets available for outgoing queries.
+  * Obey the outstanding query limit with STUB resolution mode too.
+  * Updated stubby config file
+  * Basic draft MDNS client support
+    Thanks Christian Huitema
+  * bugfix: Let synchronous queries use fds > MAX_FDSETSIZE;
+            By moving default eventloop from select to poll
+    Thanks Neil Cook
+  * bugfix: authentication failure for self signed cert + only pinset
+  * bugfix: issue with session re-use making authentication appear to fail
+	
 * 2017-01-13: Version 1.0.0
   * edns0_cookies extension enabled by default (per RFC7873)
   * dnssec_roadblock_avoidance enabled by default (per RFC8027)
diff --git a/README.md b/README.md
index f89b77aa..4bc2b040 100644
--- a/README.md
+++ b/README.md
@@ -197,18 +197,7 @@ Stub mode does not support:
 
 # Known Issues
 
-* The synchronous lookup functions will not work when new file descriptors
-  needed for the lookup will be larger than `FD_SETSIZE`.  This is because
-  the synchronous functions use a "default" event loop under the hood
-  which is based on `select()` and thus inherits the limits that `select()` has.
-
-  If you need only slightly more file descriptors, it is possible to enlarge
-  the `FD_SETSIZE` with the `--with-fd-setsize=`*`size`* flag to `configure`.
-
-  To resolve, use the asynchronous functions with an event loop extension for
-  libevent, libev or libuv.  Note that the asynchronous functions will have
-  the same problem when used in combination with `getdns_context_run()`, which
-  also uses the default event loop.
+* None
 
 # Supported Platforms
 
@@ -342,6 +331,7 @@ Contributors
 * Neel Goyal, Verisign, Inc.
 * Bryan Graham, Verisign, Inc.
 * Robert Groenenberg
+* Jim Hague, Sinodun
 * Paul Hoffman
 * Scott Hollenbeck, Verising, Inc.
 * Christian Huitema
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 9d5274f6..bbb305d1 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -1027,7 +1027,8 @@ getdns_str2list(const char *str, getdns_list **list);
  *               - bindata representation of IP or IPv6 addresses may be
  *                 given in their presentation format.  For example:
  *                 `{ dns_root_servers: [ 2001:7fd::1, 193.0.14.129 ] }`
- *               - Arbitrary binary data may be given with a `0x` prefix.
+ *               - Arbitrary binary data may be given with a `0x` prefix,
+ *                 or in base64 encoding.
  *                 For example:
  *
  *                      { add_opt_parameters:
@@ -1044,7 +1045,7 @@ getdns_str2list(const char *str, getdns_list **list);
  *                        [ { address_data  : 2a04:b900:0:100::37
  *                          , tsig_name     : hmac-md5.tsigs.getdnsapi.net.
  *                          , tsig_algorithm: hmac-md5.sig-alg.reg.int.
- *                          , tsig_secret : 0xD7A1BAF4E4DE5D6EB149
+ *                          , tsig_secret : 16G69OTeXW6xSQ==
  *                          } ]
  *                      }
  *

From 29c1c9524ea613d25a6c132dde3ab16df299e49a Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 22 Mar 2017 12:32:26 +0100
Subject: [PATCH 201/249] Include unbound includes rerouting in dist tarball

+ don't try to install getdns-*.tgz spec anymore
---
 Makefile.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index a98b0654..2b924c59 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -66,7 +66,6 @@ install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_STUBB
 	$(INSTALL) -m 644 getdns_ext_event.pc $(DESTDIR)$(libdir)/pkgconfig
 	$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)/spec
 	$(INSTALL) -m 644 $(srcdir)/spec/index.html $(DESTDIR)$(docdir)/spec
-	$(INSTALL) -m 644 $(srcdir)/spec/getdns*tgz $(DESTDIR)$(docdir)/spec || true
 	cd src && $(MAKE) $@
 	cd doc && $(MAKE) $@
 	@echo "***"
@@ -232,12 +231,13 @@ $(distdir):
 	cp $(srcdir)/src/test/*.good $(distdir)/src/test
 	cp $(srcdir)/src/compat/*.[ch] $(distdir)/src/compat
 	cp $(srcdir)/src/util/*.[ch] $(distdir)/src/util
+	cp -r $(srcdir)/src/util/orig-headers $(distdir)/src/util
+	cp -r $(srcdir)/src/util/auxiliary $(distdir)/src/util
 	cp $(srcdir)/src/gldns/*.[ch] $(distdir)/src/gldns
 	cp $(srcdir)/doc/Makefile.in $(distdir)/doc
 	cp $(srcdir)/doc/*.in $(distdir)/doc
 	cp $(srcdir)/doc/manpgaltnames $(distdir)/doc
 	cp $(srcdir)/spec/*.html $(distdir)/spec
-	cp $(srcdir)/spec/*.tgz $(distdir)/spec || true
 	cp $(srcdir)/spec/example/Makefile.in $(distdir)/spec/example
 	cp $(srcdir)/spec/example/*.[ch] $(distdir)/spec/example
 	cp $(srcdir)/src/tools/Makefile.in $(distdir)/src/tools

From b48a92c8f50f7536c8b48113fe56e23ce2c80bae Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 22 Mar 2017 12:33:13 +0100
Subject: [PATCH 202/249] Max OS-X and FreeBSD multicast portability

---
 src/mdns.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/mdns.c b/src/mdns.c
index 8a63f013..fbb875ac 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -48,6 +48,11 @@ typedef u_short sa_family_t;
 #define TRUE 1
 #endif
 
+/* Define IPV6_ADD_MEMBERSHIP for FreeBSD and Mac OS X */
+#ifndef IPV6_ADD_MEMBERSHIP
+#define IPV6_ADD_MEMBERSHIP IPV6_JOIN_GROUP
+#endif
+
 uint64_t _getdns_get_time_as_uintt64();
 
 #include "util/fptr_wlist.h"

From 3d45a77884e44adc4925abd18968c18afeaa27a0 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 22 Mar 2017 12:35:23 +0100
Subject: [PATCH 203/249] Mention how to enable MDNS in ChangeLog

---
 ChangeLog | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 61e1620d..de4e70ca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,13 +2,13 @@
   * More fine grained control over TLS upstream retry and back off
     behaviour with getdns_context_set_tls_backoff_time() and
     getdns_context_set_tls_connection_retries().
-  * Feature: Round robin over the available upstreams
-    enable with getdns_context_set_round_robin_upstreams()
+  * New round robin over the available upstreams feaure.
+    Enable with getdns_context_set_round_robin_upstreams()
   * Bugfix: Queue requests when no sockets available for outgoing queries.
   * Obey the outstanding query limit with STUB resolution mode too.
   * Updated stubby config file
-  * Basic draft MDNS client support
-    Thanks Christian Huitema
+  * Draft MDNS client implementation by Christian Huitema.
+    Enable with --enable-draft-mdns-support to configure
   * bugfix: Let synchronous queries use fds > MAX_FDSETSIZE;
             By moving default eventloop from select to poll
     Thanks Neil Cook

From b2ac3849b78b175da4f034d93d48e1c8745aadb3 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 22 Mar 2017 13:50:11 +0100
Subject: [PATCH 204/249] Fxies for two NetBSD compiler warnings

ubkey-pinning.c -o pubkey-pinning.lo
./pubkey-pinning.c: In function '_getdns_verify_pinset_match':
./pubkey-pinning.c:385: warning: 'prev' may be used uninitialized in this function
IX_C_SOURCE=200112L -D_XOPEN_SOURCE=600 -c ./context.c -o context.lo
./context.c: In function '_getdns_upstream_shutdown':
./context.c:760: warning: comparison between signed and unsigned
---
 src/context.c        | 2 +-
 src/pubkey-pinning.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/context.c b/src/context.c
index 1515f77b..41e7d3b2 100644
--- a/src/context.c
+++ b/src/context.c
@@ -756,7 +756,7 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	uint16_t conn_retries = upstream->upstreams->tls_connection_retries;
 	/* [TLS1]TODO: This arbitrary logic at the moment - review and improve!*/
 	if (upstream->conn_setup_failed >= conn_retries
-	    || (upstream->conn_shutdowns >= conn_retries*GETDNS_TRANSPORT_FAIL_MULT
+	    || ((int)upstream->conn_shutdowns >= conn_retries*GETDNS_TRANSPORT_FAIL_MULT
 	     && upstream->total_responses == 0)
 	    || (upstream->conn_completed >= conn_retries &&
 	     upstream->total_responses == 0 && 
diff --git a/src/pubkey-pinning.c b/src/pubkey-pinning.c
index 89ba5d86..a960ab66 100644
--- a/src/pubkey-pinning.c
+++ b/src/pubkey-pinning.c
@@ -382,7 +382,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 			    X509_STORE_CTX *store)
 {
 	getdns_return_t ret = GETDNS_RETURN_GENERIC_ERROR;
-	X509 *x, *prev;
+	X509 *x, *prev = NULL;
 	int i, len;
 	unsigned char raw[4096];
 	unsigned char *next;

From 426fc238da0c0fb05c6d0a0f04e48c5b966464a2 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 22 Mar 2017 14:10:15 +0100
Subject: [PATCH 205/249] Fixes for FreeBSD warnings when compiling tests

/usr/local/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__ is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
     _ck_assert_failed(__FILE__, __LINE__, "Assertion '"#expr"' failed" , ## __VA_ARGS__, NULL)
/usr/local/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__ is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
---
 src/test/check_getdns.c                     | 3 +++
 src/test/check_getdns_common.c              | 3 +++
 src/test/check_getdns_context_set_timeout.h | 3 +++
 src/test/check_getdns_libev.c               | 3 +++
 src/test/check_getdns_libevent.c            | 3 +++
 src/test/check_getdns_libuv.c               | 3 +++
 src/test/check_getdns_transport.h           | 3 +++
 7 files changed, 21 insertions(+)

diff --git a/src/test/check_getdns.c b/src/test/check_getdns.c
index f2dff1fa..8e39fe6e 100644
--- a/src/test/check_getdns.c
+++ b/src/test/check_getdns.c
@@ -30,7 +30,10 @@
 #include <string.h>
 #include <inttypes.h>
 #include <unistd.h>
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
 #include <check.h>
+#pragma clang diagnostic pop
 #include "getdns/getdns.h"
 #include "check_getdns_common.h"
 #include "check_getdns_address.h"
diff --git a/src/test/check_getdns_common.c b/src/test/check_getdns_common.c
index 20310f93..5a1409ad 100644
--- a/src/test/check_getdns_common.c
+++ b/src/test/check_getdns_common.c
@@ -29,7 +29,10 @@
 #include <stdlib.h>
 #include <string.h>
 #include <inttypes.h>
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
 #include <check.h>
+#pragma clang diagnostic pop
 #include "getdns/getdns.h"
 #include "config.h"
 #include "check_getdns_common.h"
diff --git a/src/test/check_getdns_context_set_timeout.h b/src/test/check_getdns_context_set_timeout.h
index 6aabb198..c4ab14b8 100644
--- a/src/test/check_getdns_context_set_timeout.h
+++ b/src/test/check_getdns_context_set_timeout.h
@@ -27,7 +27,10 @@
 #ifndef _check_getdns_context_set_timeout_h_
 #define _check_getdns_context_set_timeout_h_
 
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
 #include <check.h>
+#pragma clang diagnostic pop
 
 Suite *
 getdns_context_set_timeout_suite (void);
diff --git a/src/test/check_getdns_libev.c b/src/test/check_getdns_libev.c
index 5523f126..0939f083 100644
--- a/src/test/check_getdns_libev.c
+++ b/src/test/check_getdns_libev.c
@@ -41,7 +41,10 @@
 #else
 #include <ev.h>
 #endif
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
 #include <check.h>
+#pragma clang diagnostic pop
 #include "check_getdns_common.h"
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
diff --git a/src/test/check_getdns_libevent.c b/src/test/check_getdns_libevent.c
index e9316b6f..d3bd4f69 100644
--- a/src/test/check_getdns_libevent.c
+++ b/src/test/check_getdns_libevent.c
@@ -37,7 +37,10 @@
 
 #include "getdns/getdns_ext_libevent.h"
 #include "check_getdns_libevent.h"
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
 #include <check.h>
+#pragma clang diagnostic pop
 #include "check_getdns_common.h"
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
diff --git a/src/test/check_getdns_libuv.c b/src/test/check_getdns_libuv.c
index b7d50e72..722406e7 100644
--- a/src/test/check_getdns_libuv.c
+++ b/src/test/check_getdns_libuv.c
@@ -37,7 +37,10 @@
 
 #include "getdns/getdns_ext_libuv.h"
 #include <uv.h>
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
 #include <check.h>
+#pragma clang diagnostic pop
 #include "check_getdns_common.h"
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
diff --git a/src/test/check_getdns_transport.h b/src/test/check_getdns_transport.h
index 6da58405..6a18d0de 100644
--- a/src/test/check_getdns_transport.h
+++ b/src/test/check_getdns_transport.h
@@ -27,7 +27,10 @@
 #ifndef _check_getdns_transport_h_
 #define _check_getdns_transport_h_
 
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
 #include <check.h>
+#pragma clang diagnostic pop
 
 Suite *
 getdns_transport_suite (void);

From f67314c1c186fd5f5077f2f326fa2ae74f078b65 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 22 Mar 2017 14:36:16 +0100
Subject: [PATCH 206/249] Unbound event API without header compile fix

---
 src/ub_loop.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ub_loop.h b/src/ub_loop.h
index e73667f5..bb57f5e5 100644
--- a/src/ub_loop.h
+++ b/src/ub_loop.h
@@ -43,18 +43,20 @@
 #include "debug.h"
 
 #ifdef HAVE_UNBOUND_EVENT_H
-#include <unbound-event.h>
+# include <unbound-event.h>
 #else
 struct ub_event_base_vmt;
 struct ub_event_base {
 	unsigned long magic;
         struct ub_event_base_vmt* vmt;
 };
-struct ub_event_base;
+# ifndef _UB_EVENT_PRIMITIVES
+#  define _UB_EVENT_PRIMITIVES
 struct ub_ctx* ub_ctx_create_ub_event(struct ub_event_base* base);
 typedef void (*ub_event_callback_t)(void*, int, void*, int, int, char*);
 int ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype,
         int rrclass, void* mydata, ub_event_callback_t callback, int* async_id);
+# endif
 #endif
 
 typedef struct _getdns_ub_loop {

From c653e8502cbe311cc40c8a50e0b8025ab1aaef9c Mon Sep 17 00:00:00 2001
From: Christian Huitema <huitema@huitema.net>
Date: Wed, 22 Mar 2017 15:50:26 -0700
Subject: [PATCH 207/249] Minor fixes in MDNS code to make sure it does work
 after the recent loop tightening.

Suppressing the warning about mapping the 64 bit timeout value to a 32 bit integer,
based on the comments that the "maximum timeout used in practice is 6553500ms." If that
really is the case, we do not need to support 64 bit integers in the dict structure.
---
 src/context.c       | 8 +++++---
 src/general.c       | 3 ++-
 src/mdns.c          | 4 ++--
 src/util-internal.c | 2 +-
 4 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/context.c b/src/context.c
index efb5eca3..363ecf24 100644
--- a/src/context.c
+++ b/src/context.c
@@ -756,7 +756,7 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	uint16_t conn_retries = upstream->upstreams->tls_connection_retries;
 	/* [TLS1]TODO: This arbitrary logic at the moment - review and improve!*/
 	if (upstream->conn_setup_failed >= conn_retries
-	    || (upstream->conn_shutdowns >= conn_retries*GETDNS_TRANSPORT_FAIL_MULT
+	    || (upstream->conn_shutdowns >= conn_retries*((unsigned)GETDNS_TRANSPORT_FAIL_MULT)
 	     && upstream->total_responses == 0)
 	    || (upstream->conn_completed >= conn_retries &&
 	     upstream->total_responses == 0 && 
@@ -3569,10 +3569,12 @@ _get_context_settings(getdns_context* context)
 		return NULL;
 
 	/* int fields */
+	/* the timeouts are stored as uint64, but the value maximum used in 
+	   practice is 6553500ms, so we just trim the value to be on the safe side. */
 	if (   getdns_dict_set_int(result, "timeout",
-	                           context->timeout)
+		                       (context->timeout > 0xFFFFFFFFull)? 0xFFFFFFFF: (uint32_t) context->timeout)
 	    || getdns_dict_set_int(result, "idle_timeout",
-	                           context->idle_timeout)
+		                       (context->idle_timeout > 0xFFFFFFFFull) ? 0xFFFFFFFF : (uint32_t) context->idle_timeout)
 	    || getdns_dict_set_int(result, "limit_outstanding_queries",
 	                           context->limit_outstanding_queries)
             || getdns_dict_set_int(result, "dnssec_allowed_skew",
diff --git a/src/general.c b/src/general.c
index 8d780eb7..d05d19ee 100644
--- a/src/general.c
+++ b/src/general.c
@@ -585,11 +585,12 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			/* Check whether the name belongs in the MDNS space */
 			if (!(r = _getdns_mdns_namespace_check(req)))
 			{
-				req->is_dns_request = 0;
+				req->is_dns_request = 1;
 				// Submit the query to the MDNS transport.
 				for (netreq_p = req->netreqs
 					; !r && (netreq = *netreq_p)
 					; netreq_p++) {
+					netreq->owner = req;
 					if ((r = _getdns_submit_mdns_request(netreq))) {
 						if (r == DNS_REQ_FINISHED) {
 							if (return_netreq_p)
diff --git a/src/mdns.c b/src/mdns.c
index 8a63f013..1629fd14 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -1584,7 +1584,7 @@ static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *ne
 		{
 			GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 			GETDNS_SCHEDULE_EVENT(
-				dnsreq->loop, -1, dnsreq->context->timeout,
+				dnsreq->loop, -1, dnsreq->context->timeout*1000,
 				getdns_eventloop_event_init(&netreq->event, netreq,
 					NULL, NULL, mdns_mcast_timeout_cb));
 		}
@@ -1813,7 +1813,7 @@ mdns_udp_write_cb(void *userarg)
 		return;
 	}
 	GETDNS_SCHEDULE_EVENT(
-		dnsreq->loop, netreq->fd, dnsreq->context->timeout,
+		dnsreq->loop, netreq->fd, dnsreq->context->timeout*1000,
 		getdns_eventloop_event_init(&netreq->event, netreq,
 			mdns_udp_read_cb, NULL, mdns_timeout_cb));
 }
diff --git a/src/util-internal.c b/src/util-internal.c
index fe05cd83..48242eb1 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -862,7 +862,7 @@ _getdns_create_call_reporting_dict(
 				return NULL;
 			}
 		} else{
-			uint32_t idle_timeout = netreq->upstream->keepalive_timeout;
+			uint32_t idle_timeout = (uint32_t) netreq->upstream->keepalive_timeout;
 			if (getdns_dict_set_int( netreq_debug, "idle timeout in ms", idle_timeout)) {
 				getdns_dict_destroy(netreq_debug);
 				return NULL;

From c275b205d3aac3e5cd19bbd73ccf01d8ab117428 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 23 Mar 2017 10:58:18 +0100
Subject: [PATCH 208/249] Create doxygen tagfile

---
 doc/Makefile.in | 1 +
 src/Doxyfile.in | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/Makefile.in b/doc/Makefile.in
index 301175bf..94770c77 100644
--- a/doc/Makefile.in
+++ b/doc/Makefile.in
@@ -77,6 +77,7 @@ uninstall:
 
 clean:
 	for x in $(MANPAGES3); do rm -f $$($(srcdir)/manpgaltnames $$x); done
+	rm -f tagfile
 	rm -rf $(DOCDIRS) $(MANPAGES3)
 
 distclean : clean
diff --git a/src/Doxyfile.in b/src/Doxyfile.in
index 2e8b3d63..e12f9c58 100644
--- a/src/Doxyfile.in
+++ b/src/Doxyfile.in
@@ -1657,7 +1657,7 @@ TAGFILES               =
 # When a file name is specified after GENERATE_TAGFILE, doxygen will create
 # a tag file that is based on the input files it reads.
 
-GENERATE_TAGFILE       =
+GENERATE_TAGFILE       = ../doc/tagfile
 
 # If the ALLEXTERNALS tag is set to YES all external classes will be listed
 # in the class index. If set to NO only the inherited external classes

From 2a496969cd27615121de36ccff4aeb898baff99a Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 23 Mar 2017 12:53:44 +0100
Subject: [PATCH 209/249] Fixes for mdns

---
 src/general.c | 7 ++++++-
 src/mdns.c    | 8 +++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/general.c b/src/general.c
index 8d780eb7..cc6e1fe9 100644
--- a/src/general.c
+++ b/src/general.c
@@ -305,9 +305,14 @@ _getdns_netreq_change_state(
 	uint64_t now_ms;
 	getdns_network_req *prev;
 
-	if (!netreq || !netreq->owner->is_dns_request)
+	if (!netreq)
 		return;
 
+	if (!netreq->owner->is_dns_request) {
+		netreq->state = new_state;
+		return;
+	}
+
 	context = netreq->owner->context;
 
 	if (netreq->state != NET_REQ_IN_FLIGHT) {
diff --git a/src/mdns.c b/src/mdns.c
index fbb875ac..28de951f 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -1589,7 +1589,7 @@ static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *ne
 		{
 			GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 			GETDNS_SCHEDULE_EVENT(
-				dnsreq->loop, -1, dnsreq->context->timeout,
+				dnsreq->loop, -1, _getdns_ms_until_expiry(dnsreq->expires),
 				getdns_eventloop_event_init(&netreq->event, netreq,
 					NULL, NULL, mdns_mcast_timeout_cb));
 		}
@@ -1818,7 +1818,8 @@ mdns_udp_write_cb(void *userarg)
 		return;
 	}
 	GETDNS_SCHEDULE_EVENT(
-		dnsreq->loop, netreq->fd, dnsreq->context->timeout,
+		dnsreq->loop, netreq->fd,
+		_getdns_ms_until_expiry(dnsreq->expires),
 		getdns_eventloop_event_init(&netreq->event, netreq,
 			mdns_udp_read_cb, NULL, mdns_timeout_cb));
 }
@@ -1871,7 +1872,8 @@ _getdns_submit_mdns_request(getdns_network_req *netreq)
 		netreq->fd = fd;
 		GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 		GETDNS_SCHEDULE_EVENT(
-			dnsreq->loop, netreq->fd, dnsreq->context->timeout,
+			dnsreq->loop, netreq->fd,
+			_getdns_ms_until_expiry(dnsreq->expires),
 			getdns_eventloop_event_init(&netreq->event, netreq,
 				NULL, mdns_udp_write_cb, mdns_timeout_cb));
 		ret = GETDNS_RETURN_GOOD;

From b80ccba02c208ecbb337b7bc369078bf42b14a62 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 23 Mar 2017 13:04:11 +0100
Subject: [PATCH 210/249] Revert "Minor fixes in MDNS code to make sure it does
 work after the recent loop tightening."

This reverts commit c653e8502cbe311cc40c8a50e0b8025ab1aaef9c.
---
 src/context.c       | 8 +++-----
 src/general.c       | 3 +--
 src/mdns.c          | 4 ++--
 src/util-internal.c | 2 +-
 4 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/context.c b/src/context.c
index 363ecf24..efb5eca3 100644
--- a/src/context.c
+++ b/src/context.c
@@ -756,7 +756,7 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	uint16_t conn_retries = upstream->upstreams->tls_connection_retries;
 	/* [TLS1]TODO: This arbitrary logic at the moment - review and improve!*/
 	if (upstream->conn_setup_failed >= conn_retries
-	    || (upstream->conn_shutdowns >= conn_retries*((unsigned)GETDNS_TRANSPORT_FAIL_MULT)
+	    || (upstream->conn_shutdowns >= conn_retries*GETDNS_TRANSPORT_FAIL_MULT
 	     && upstream->total_responses == 0)
 	    || (upstream->conn_completed >= conn_retries &&
 	     upstream->total_responses == 0 && 
@@ -3569,12 +3569,10 @@ _get_context_settings(getdns_context* context)
 		return NULL;
 
 	/* int fields */
-	/* the timeouts are stored as uint64, but the value maximum used in 
-	   practice is 6553500ms, so we just trim the value to be on the safe side. */
 	if (   getdns_dict_set_int(result, "timeout",
-		                       (context->timeout > 0xFFFFFFFFull)? 0xFFFFFFFF: (uint32_t) context->timeout)
+	                           context->timeout)
 	    || getdns_dict_set_int(result, "idle_timeout",
-		                       (context->idle_timeout > 0xFFFFFFFFull) ? 0xFFFFFFFF : (uint32_t) context->idle_timeout)
+	                           context->idle_timeout)
 	    || getdns_dict_set_int(result, "limit_outstanding_queries",
 	                           context->limit_outstanding_queries)
             || getdns_dict_set_int(result, "dnssec_allowed_skew",
diff --git a/src/general.c b/src/general.c
index d05d19ee..8d780eb7 100644
--- a/src/general.c
+++ b/src/general.c
@@ -585,12 +585,11 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			/* Check whether the name belongs in the MDNS space */
 			if (!(r = _getdns_mdns_namespace_check(req)))
 			{
-				req->is_dns_request = 1;
+				req->is_dns_request = 0;
 				// Submit the query to the MDNS transport.
 				for (netreq_p = req->netreqs
 					; !r && (netreq = *netreq_p)
 					; netreq_p++) {
-					netreq->owner = req;
 					if ((r = _getdns_submit_mdns_request(netreq))) {
 						if (r == DNS_REQ_FINISHED) {
 							if (return_netreq_p)
diff --git a/src/mdns.c b/src/mdns.c
index 1629fd14..8a63f013 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -1584,7 +1584,7 @@ static getdns_return_t mdns_initialize_continuous_request(getdns_network_req *ne
 		{
 			GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 			GETDNS_SCHEDULE_EVENT(
-				dnsreq->loop, -1, dnsreq->context->timeout*1000,
+				dnsreq->loop, -1, dnsreq->context->timeout,
 				getdns_eventloop_event_init(&netreq->event, netreq,
 					NULL, NULL, mdns_mcast_timeout_cb));
 		}
@@ -1813,7 +1813,7 @@ mdns_udp_write_cb(void *userarg)
 		return;
 	}
 	GETDNS_SCHEDULE_EVENT(
-		dnsreq->loop, netreq->fd, dnsreq->context->timeout*1000,
+		dnsreq->loop, netreq->fd, dnsreq->context->timeout,
 		getdns_eventloop_event_init(&netreq->event, netreq,
 			mdns_udp_read_cb, NULL, mdns_timeout_cb));
 }
diff --git a/src/util-internal.c b/src/util-internal.c
index 48242eb1..fe05cd83 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -862,7 +862,7 @@ _getdns_create_call_reporting_dict(
 				return NULL;
 			}
 		} else{
-			uint32_t idle_timeout = (uint32_t) netreq->upstream->keepalive_timeout;
+			uint32_t idle_timeout = netreq->upstream->keepalive_timeout;
 			if (getdns_dict_set_int( netreq_debug, "idle timeout in ms", idle_timeout)) {
 				getdns_dict_destroy(netreq_debug);
 				return NULL;

From 15b451d71bf192c9648a1697e859b627043b06c5 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 23 Mar 2017 13:09:34 +0100
Subject: [PATCH 211/249] Recommit parts of "Minor fixes in MDNS code to make
 sure it does work after the recent loop tightening."

---
 src/context.c       | 6 ++++--
 src/util-internal.c | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/context.c b/src/context.c
index 41e7d3b2..ba51d90c 100644
--- a/src/context.c
+++ b/src/context.c
@@ -3569,10 +3569,12 @@ _get_context_settings(getdns_context* context)
 		return NULL;
 
 	/* int fields */
+	/* the timeouts are stored as uint64, but the value maximum used in
+	   practice is 6553500ms, so we just trim the value to be on the safe side. */
 	if (   getdns_dict_set_int(result, "timeout",
-	                           context->timeout)
+	                           (context->timeout > 0xFFFFFFFFull) ? 0xFFFFFFFF: (uint32_t) context->timeout)
 	    || getdns_dict_set_int(result, "idle_timeout",
-	                           context->idle_timeout)
+	                           (context->idle_timeout > 0xFFFFFFFFull) ? 0xFFFFFFFF : (uint32_t) context->idle_timeout)
 	    || getdns_dict_set_int(result, "limit_outstanding_queries",
 	                           context->limit_outstanding_queries)
             || getdns_dict_set_int(result, "dnssec_allowed_skew",
diff --git a/src/util-internal.c b/src/util-internal.c
index fe05cd83..48242eb1 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -862,7 +862,7 @@ _getdns_create_call_reporting_dict(
 				return NULL;
 			}
 		} else{
-			uint32_t idle_timeout = netreq->upstream->keepalive_timeout;
+			uint32_t idle_timeout = (uint32_t) netreq->upstream->keepalive_timeout;
 			if (getdns_dict_set_int( netreq_debug, "idle timeout in ms", idle_timeout)) {
 				getdns_dict_destroy(netreq_debug);
 				return NULL;

From e4d4e975421473079ab6b8d92988ac422cacf8a7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 23 Mar 2017 16:59:03 +0100
Subject: [PATCH 212/249] Suppress unused parameter warnings when we can't help
 it

---
 configure.ac | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configure.ac b/configure.ac
index 2d5deeab..43d653e3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -104,6 +104,7 @@ AX_CHECK_COMPILE_FLAG([-Wall],[CFLAGS="$CFLAGS -Wall"],[],[])
 AX_CHECK_COMPILE_FLAG([-Wextra],[CFLAGS="$CFLAGS -Wextra"],[],[])
 AX_CHECK_COMPILE_FLAG([-Wpedantic],[WPEDANTICFLAG="-Wpedantic"],[],[])
 AX_CHECK_COMPILE_FLAG([-Wno-error=unused-parameter],[WNOERRORFLAG="-Wno-error=unused-parameter"],[],[])
+AX_CHECK_COMPILE_FLAG([-Wno-unused-parameter],[WNOERRORFLAG="$WNOERRORFLAG -Wno-unused-parameter"],[],[])
 AC_SUBST(WPEDANTICFLAG)
 AC_SUBST(WNOERRORFLAG)
 

From ed0b655af04a055919a73fdbeda2fe1efa8a899f Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 25 Mar 2017 06:45:02 -0500
Subject: [PATCH 213/249] Update doxygen

---
 src/getdns/getdns.h.in | 88 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 87 insertions(+), 1 deletion(-)

diff --git a/src/getdns/getdns.h.in b/src/getdns/getdns.h.in
index f7825361..5851c023 100644
--- a/src/getdns/getdns.h.in
+++ b/src/getdns/getdns.h.in
@@ -501,6 +501,8 @@ typedef enum getdns_data_type
 {
 	t_dict, t_list, t_int, t_bindata
 } getdns_data_type;
+
+
 typedef struct getdns_bindata
 {
 	size_t size;
@@ -709,12 +711,46 @@ getdns_return_t getdns_dict_get_int(const getdns_dict *dict,
  * @return pointer to an allocated list, NULL if insufficient memory
  */
 getdns_list *getdns_list_create();
+
+/**
+ * create a new list with no items, creating and initializing it with the
+ * custom memory function from context.  These memory functions will be used
+ * for creating, and inherited by the list members when populating the list.
+ * The custom deallocator will be used for destroying the list.
+ * @param context The context from which the custom memory functions will be
+ *                used to create and initialize the list.
+ * @return pointer to an allocated list, NULL if insufficient memory
+ */
 getdns_list *getdns_list_create_with_context(getdns_context *context);
+
+/**
+ * create a new list with no items, creating and initializing it with the
+ * provided custom memory function.  These memory functions will be used
+ * for creating, and inherited by the list members when populating the list.
+ * The custom deallocator will be used for destroying the list.
+ * @param malloc Custom allocator
+ * @param realloc Custom reallocator
+ * @param free Custom deallocator
+ * @return pointer to an allocated list, NULL if insufficient memory
+ */
 getdns_list *getdns_list_create_with_memory_functions(
     void *(*malloc) (size_t),
     void *(*realloc) (void *, size_t),
     void (*free) (void *)
 );
+
+/**
+ * create a new list with no items, creating and initializing it with the
+ * provided extended custom memory function.  These memory functions will be
+ * used for creating, and inherited by the list members when populating the
+ * list.  The custom deallocator will be used for destroying the list.
+ * @param userarg Will be passed as the first argument to the extended 
+ *                custom malloc, realloc, and free.
+ * @param malloc Custom allocator
+ * @param realloc Custom reallocator
+ * @param free Custom deallocator
+ * @return pointer to an allocated list, NULL if insufficient memory
+ */
 getdns_list *getdns_list_create_with_extended_memory_functions(
     void *userarg,
     void *(*malloc) (void *userarg, size_t),
@@ -795,12 +831,46 @@ getdns_return_t getdns_list_set_int(getdns_list *list, size_t index,
  * @return pointer to an allocated dictionary, NULL if insufficient memory
  */
 getdns_dict *getdns_dict_create();
+
+/**
+ * create a new dict with no items, creating and initializing it with the
+ * custom memory function from context.  These memory functions will be used
+ * for creating, and inherited by the list members when populating the dict.
+ * The custom deallocator will be used for destroying the dict.
+ * @param context The context from which the custom memory functions will be
+ *                used to create and initialize the dict.
+ * @return pointer to an allocated dict, NULL if insufficient memory
+ */
 getdns_dict *getdns_dict_create_with_context(getdns_context *context);
+
+/**
+ * create a new dict with no items, creating and initializing it with the
+ * provided custom memory function.  These memory functions will be used
+ * for creating, and inherited by the dict members when populating the dict.
+ * The custom deallocator will be used for destroying the dict.
+ * @param malloc Custom allocator
+ * @param realloc Custom reallocator
+ * @param free Custom deallocator
+ * @return pointer to an allocated dict, NULL if insufficient memory
+ */
 getdns_dict *getdns_dict_create_with_memory_functions(
     void *(*malloc) (size_t),
     void *(*realloc) (void *, size_t),
     void (*free) (void *)
 );
+
+/**
+ * create a new dict with no items, creating and initializing it with the
+ * provided extended custom memory function.  These memory functions will be
+ * used for creating, and inherited by the dict members when populating the
+ * dict.  The custom deallocator will be used for destroying the dict.
+ * @param userarg Will be passed as the first argument to the extended 
+ *                custom malloc, realloc, and free.
+ * @param malloc Custom allocator
+ * @param realloc Custom reallocator
+ * @param free Custom deallocator
+ * @return pointer to an allocated dict, NULL if insufficient memory
+ */
 getdns_dict *getdns_dict_create_with_extended_memory_functions(
     void *userarg,
     void *(*malloc) (void *userarg, size_t),
@@ -872,7 +942,10 @@ getdns_return_t getdns_dict_remove_name(getdns_dict *dict, const char *name);
 /**
  * \addtogroup callbackfns getdns_callback functions
  */
-/* Callback arguments */
+/**
+ * The type of the callback function that must be registered when scheduling
+ * asynchronous requests.
+ */
 typedef void (*getdns_callback_t) (getdns_context *context,
     getdns_callback_type_t callback_type,
     getdns_dict * response,
@@ -1019,6 +1092,10 @@ getdns_context_create_with_extended_memory_functions(
     void (*free) (void *userarg, void *)
 );
 
+/**
+ * destroy the context.  All outstanding requests will be cancelled with
+ * the getdns_cancel_callback() function.
+ */
 void getdns_context_destroy(getdns_context *context);
 /** @}
  */
@@ -1028,6 +1105,11 @@ void getdns_context_destroy(getdns_context *context);
  * \addtogroup callbackfns getdns_callback functions
  * @{
  */
+/**
+ * Cancel an outstanding asynchronous request.  The callback registered with
+ * the request will be called with the getdns_callback_type_t set to
+ * GETDNS_CALLBACK_CANCEL and the response set to NULL.
+ */
 getdns_return_t
 getdns_cancel_callback(getdns_context *context,
     getdns_transaction_t transaction_id);
@@ -1111,6 +1193,10 @@ getdns_service_sync(getdns_context *context,
  * @{
  */
 
+/**
+ * Convert a domain name in DNS wire format to presentation format.
+ * The newly allocated string should be freed with free.
+ */
 getdns_return_t
 getdns_convert_dns_name_to_fqdn(
     const getdns_bindata *dns_name_wire_fmt,

From a2efd8f6c17e0b90df569efb439ce53553827005 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 25 Mar 2017 19:36:20 +0100
Subject: [PATCH 214/249] Report peer certificate in call_reporting

---
 src/request-internal.c | 2 ++
 src/stub.c             | 6 ++++++
 src/types-internal.h   | 1 +
 src/util-internal.c    | 9 +++++++++
 4 files changed, 18 insertions(+)

diff --git a/src/request-internal.c b/src/request-internal.c
index a74fe8f0..d52ad585 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -182,6 +182,8 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
 	net_req->write_queue_tail = NULL;
 	/* Some fields to record info for return_call_reporting */
 	net_req->debug_tls_auth_status = GETDNS_AUTH_NONE;
+	net_req->debug_tls_peer_cert.size = 0;
+	net_req->debug_tls_peer_cert.data = NULL;
 	net_req->debug_udp = 0;
 
 	/* Scheduling, touch only via _getdns_netreq_change_state!
diff --git a/src/stub.c b/src/stub.c
index 29112cc3..17b7e1d6 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1618,6 +1618,7 @@ upstream_write_cb(void *userarg)
 	getdns_upstream *upstream = (getdns_upstream *)userarg;
 	getdns_network_req *netreq = upstream->write_queue;
 	int q;
+	X509 *cert;
 
 	if (!netreq) {
 		GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
@@ -1672,8 +1673,13 @@ upstream_write_cb(void *userarg)
 		return;
 
 	default:
+		cert = SSL_get_peer_certificate(netreq->upstream->tls_obj);
+		assert(netreq->debug_tls_peer_cert.data == NULL);
+
 		/* Need this because auth status is reset on connection close */
 		netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
+		netreq->debug_tls_peer_cert.size = i2d_X509(
+		    cert, &netreq->debug_tls_peer_cert.data);
 		upstream->queries_sent++;
 		netreq->query_id = (uint16_t) q;
 		/* Unqueue the netreq from the write_queue */
diff --git a/src/types-internal.h b/src/types-internal.h
index 57286bed..5e1961ac 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -240,6 +240,7 @@ typedef struct getdns_network_req
 	uint64_t                debug_start_time;
 	uint64_t                debug_end_time;
 	getdns_auth_state_t     debug_tls_auth_status;
+	getdns_bindata          debug_tls_peer_cert;
 	size_t                  debug_udp;
 
 	/* When more space is needed for the wire_data response than is
diff --git a/src/util-internal.c b/src/util-internal.c
index 48242eb1..5c1d92c7 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -904,6 +904,15 @@ _getdns_create_call_reporting_dict(
 		getdns_dict_destroy(netreq_debug);
 		return NULL;
 	}
+	if (getdns_dict_set_bindata(netreq_debug, "tls_peer_cert",
+	    &netreq->debug_tls_peer_cert)) {
+
+		getdns_dict_destroy(netreq_debug);
+		return NULL;
+	}
+	netreq->debug_tls_peer_cert.size = 0;
+	OPENSSL_free(netreq->debug_tls_peer_cert.data);
+
 	return netreq_debug;
 }
 

From 5f6e47d091a15af0f4c5f7aa592ca4abff5b89be Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 25 Mar 2017 21:26:05 +0100
Subject: [PATCH 215/249] Only equip with peer cert when transport is TLS

---
 src/stub.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index 17b7e1d6..068eeb72 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1673,13 +1673,15 @@ upstream_write_cb(void *userarg)
 		return;
 
 	default:
-		cert = SSL_get_peer_certificate(netreq->upstream->tls_obj);
-		assert(netreq->debug_tls_peer_cert.data == NULL);
+		if (netreq->upstream->tls_obj &&
+		    (cert = SSL_get_peer_certificate(netreq->upstream->tls_obj))) {
+			assert(netreq->debug_tls_peer_cert.data == NULL);
 
+			netreq->debug_tls_peer_cert.size = i2d_X509(
+			    cert, &netreq->debug_tls_peer_cert.data);
+		}
 		/* Need this because auth status is reset on connection close */
 		netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
-		netreq->debug_tls_peer_cert.size = i2d_X509(
-		    cert, &netreq->debug_tls_peer_cert.data);
 		upstream->queries_sent++;
 		netreq->query_id = (uint16_t) q;
 		/* Unqueue the netreq from the write_queue */

From 3eb6ebf5e4b7d1af92ec321a608b83870ac1d177 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 25 Mar 2017 21:33:30 +0100
Subject: [PATCH 216/249] Fix memory leak

---
 src/request-internal.c | 3 +++
 src/stub.c             | 3 ++-
 src/util-internal.c    | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/request-internal.c b/src/request-internal.c
index d52ad585..7663e37c 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -110,6 +110,9 @@ network_req_cleanup(getdns_network_req *net_req)
 	if (net_req->response && (net_req->response < net_req->wire_data ||
 	    net_req->response > net_req->wire_data+ net_req->wire_data_sz))
 		GETDNS_FREE(net_req->owner->my_mf, net_req->response);
+	if (netreq->debug_tls_peer_cert.size &&
+	    netreq->debug_tls_peer_cert.data)
+		OPENSSL_free(netreq->debug_tls_peer_cert.data);
 }
 
 static uint8_t *
diff --git a/src/stub.c b/src/stub.c
index 068eeb72..c97789f6 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1673,7 +1673,8 @@ upstream_write_cb(void *userarg)
 		return;
 
 	default:
-		if (netreq->upstream->tls_obj &&
+		if (netreq->owner->return_call_reporting &&
+		    netreq->upstream->tls_obj &&
 		    (cert = SSL_get_peer_certificate(netreq->upstream->tls_obj))) {
 			assert(netreq->debug_tls_peer_cert.data == NULL);
 
diff --git a/src/util-internal.c b/src/util-internal.c
index 5c1d92c7..33c31745 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -912,7 +912,7 @@ _getdns_create_call_reporting_dict(
 	}
 	netreq->debug_tls_peer_cert.size = 0;
 	OPENSSL_free(netreq->debug_tls_peer_cert.data);
-
+	netreq->debug_tls_peer_cert.data = NULL;
 	return netreq_debug;
 }
 

From 6316c558bc299e523c25074ac23b2dd768829fb7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 25 Mar 2017 21:45:08 +0100
Subject: [PATCH 217/249] typo

---
 src/context.c          | 5 +++--
 src/request-internal.c | 6 +++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/context.c b/src/context.c
index ba51d90c..c52f770b 100644
--- a/src/context.c
+++ b/src/context.c
@@ -693,9 +693,10 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
 			upstream->finished_dnsreqs = dnsreq->finished_next;
 			_getdns_context_cancel_request(dnsreq);
 		}
+		if (upstream->tls_session != NULL)
+			SSL_SESSION_free(upstream->tls_session);
+
 		if (upstream->tls_obj != NULL) {
-		    if (upstream->tls_session != NULL)
-				SSL_SESSION_free(upstream->tls_session);
 			SSL_shutdown(upstream->tls_obj);
 			SSL_free(upstream->tls_obj);
 		}
diff --git a/src/request-internal.c b/src/request-internal.c
index 7663e37c..1bd5475e 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -110,9 +110,9 @@ network_req_cleanup(getdns_network_req *net_req)
 	if (net_req->response && (net_req->response < net_req->wire_data ||
 	    net_req->response > net_req->wire_data+ net_req->wire_data_sz))
 		GETDNS_FREE(net_req->owner->my_mf, net_req->response);
-	if (netreq->debug_tls_peer_cert.size &&
-	    netreq->debug_tls_peer_cert.data)
-		OPENSSL_free(netreq->debug_tls_peer_cert.data);
+	if (net_req->debug_tls_peer_cert.size &&
+	    net_req->debug_tls_peer_cert.data)
+		OPENSSL_free(net_req->debug_tls_peer_cert.data);
 }
 
 static uint8_t *

From b7d16e3c8924536f1a488466a39aa151ba558dba Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 25 Mar 2017 17:00:02 -0500
Subject: [PATCH 218/249] One more leak

---
 src/stub.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/stub.c b/src/stub.c
index c97789f6..d23fb61f 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1680,6 +1680,7 @@ upstream_write_cb(void *userarg)
 
 			netreq->debug_tls_peer_cert.size = i2d_X509(
 			    cert, &netreq->debug_tls_peer_cert.data);
+			X509_free(cert);
 		}
 		/* Need this because auth status is reset on connection close */
 		netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;

From 9fa6ab5994ea72fafceb50b2c99a9b098eeb8663 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 25 Mar 2017 20:22:34 -0500
Subject: [PATCH 219/249] Clang pragma's with clang only

---
 src/test/check_getdns.c                     | 4 ++++
 src/test/check_getdns_common.c              | 4 ++++
 src/test/check_getdns_context_set_timeout.h | 4 ++++
 src/test/check_getdns_libev.c               | 4 ++++
 src/test/check_getdns_libevent.c            | 4 ++++
 src/test/check_getdns_libuv.c               | 4 ++++
 src/test/check_getdns_transport.h           | 4 ++++
 7 files changed, 28 insertions(+)

diff --git a/src/test/check_getdns.c b/src/test/check_getdns.c
index 8e39fe6e..a437374d 100644
--- a/src/test/check_getdns.c
+++ b/src/test/check_getdns.c
@@ -30,10 +30,14 @@
 #include <string.h>
 #include <inttypes.h>
 #include <unistd.h>
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 #include "getdns/getdns.h"
 #include "check_getdns_common.h"
 #include "check_getdns_address.h"
diff --git a/src/test/check_getdns_common.c b/src/test/check_getdns_common.c
index 5a1409ad..8fe9f8c6 100644
--- a/src/test/check_getdns_common.c
+++ b/src/test/check_getdns_common.c
@@ -29,10 +29,14 @@
 #include <stdlib.h>
 #include <string.h>
 #include <inttypes.h>
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 #include "getdns/getdns.h"
 #include "config.h"
 #include "check_getdns_common.h"
diff --git a/src/test/check_getdns_context_set_timeout.h b/src/test/check_getdns_context_set_timeout.h
index c4ab14b8..fe89ee0f 100644
--- a/src/test/check_getdns_context_set_timeout.h
+++ b/src/test/check_getdns_context_set_timeout.h
@@ -27,10 +27,14 @@
 #ifndef _check_getdns_context_set_timeout_h_
 #define _check_getdns_context_set_timeout_h_
 
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 
 Suite *
 getdns_context_set_timeout_suite (void);
diff --git a/src/test/check_getdns_libev.c b/src/test/check_getdns_libev.c
index 0939f083..ffdc6e22 100644
--- a/src/test/check_getdns_libev.c
+++ b/src/test/check_getdns_libev.c
@@ -41,10 +41,14 @@
 #else
 #include <ev.h>
 #endif
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 #include "check_getdns_common.h"
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
diff --git a/src/test/check_getdns_libevent.c b/src/test/check_getdns_libevent.c
index d3bd4f69..ee59854b 100644
--- a/src/test/check_getdns_libevent.c
+++ b/src/test/check_getdns_libevent.c
@@ -37,10 +37,14 @@
 
 #include "getdns/getdns_ext_libevent.h"
 #include "check_getdns_libevent.h"
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 #include "check_getdns_common.h"
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
diff --git a/src/test/check_getdns_libuv.c b/src/test/check_getdns_libuv.c
index 722406e7..7aa88b51 100644
--- a/src/test/check_getdns_libuv.c
+++ b/src/test/check_getdns_libuv.c
@@ -37,10 +37,14 @@
 
 #include "getdns/getdns_ext_libuv.h"
 #include <uv.h>
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 #include "check_getdns_common.h"
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
diff --git a/src/test/check_getdns_transport.h b/src/test/check_getdns_transport.h
index 6a18d0de..a5496a27 100644
--- a/src/test/check_getdns_transport.h
+++ b/src/test/check_getdns_transport.h
@@ -27,10 +27,14 @@
 #ifndef _check_getdns_transport_h_
 #define _check_getdns_transport_h_
 
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 
 Suite *
 getdns_transport_suite (void);

From 6f0b08a4008f36bc937452b302835238d6fec61d Mon Sep 17 00:00:00 2001
From: huitema <huitema@huitema.net>
Date: Sun, 26 Mar 2017 10:07:44 -0500
Subject: [PATCH 220/249] Fixing the select event loop so it does not give up
 for naked timers in Windows. Making sure the poll event loop works on
 windows. Fixing the poll event loop so it does not give up for naked timers
 in Windows.

---
 src/extension/poll_eventloop.c   |  6 ++++++
 src/extension/select_eventloop.c | 10 ++++++++++
 src/stub.c                       |  4 ++++
 3 files changed, 20 insertions(+)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index b59ad64d..cb629d18 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -30,8 +30,10 @@
 #ifdef HAVE_SYS_POLL_H
 #include <sys/poll.h>
 #else
+#ifndef USE_WINSOCK
 #include <poll.h>
 #endif
+#endif
 #ifdef HAVE_SYS_RESOURCE_H
 #include <sys/resource.h>
 #endif
@@ -402,6 +404,10 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		   , poll_timeout
 		   );
 #ifdef USE_WINSOCK
+    if (poll_loop->fd_events_free == 0)
+    {
+        Sleep(poll_timeout);
+    } else
 	if (WSAPoll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
 #else	
 	if (poll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
diff --git a/src/extension/select_eventloop.c b/src/extension/select_eventloop.c
index 1b889fc1..47769afd 100644
--- a/src/extension/select_eventloop.c
+++ b/src/extension/select_eventloop.c
@@ -234,6 +234,16 @@ select_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		tv.tv_sec  = (long)((timeout - now) / 1000000);
 		tv.tv_usec = (long)((timeout - now) % 1000000);
 	}
+#ifdef USE_WINSOCK
+    if (max_fd == -1)
+    {
+        if (timeout != TIMEOUT_FOREVER)
+        {
+            uint32_t timeout_ms = (tv.tv_usec / 1000) + (tv.tv_sec * 1000);
+            Sleep(timeout_ms);
+        }
+    } else
+#endif
 	if (select(max_fd + 1, &readfds, &writefds, NULL,
 	    (timeout == TIMEOUT_FOREVER ? NULL : &tv)) < 0) {
 		perror("select() failed");
diff --git a/src/stub.c b/src/stub.c
index 29112cc3..322fa0d7 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -36,7 +36,11 @@
 # ifdef HAVE_SYS_POLL_H
 #  include <sys/poll.h>
 # else
+#ifdef USE_WINSOCK
+#define poll(fdarray, nbsockets, timer) WSAPoll(fdarray, nbsockets, timer)
+#else
 #  include <poll.h>
+#endif
 # endif
 #endif
 #include "debug.h"

From 03efb66991cb234eaf724d8725b9dd90f9100ac8 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sun, 26 Mar 2017 10:16:25 -0500
Subject: [PATCH 221/249] Keep connections open with sync requests too

---
 src/sync.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/sync.c b/src/sync.c
index bfec94c6..75f8cca3 100644
--- a/src/sync.c
+++ b/src/sync.c
@@ -123,18 +123,22 @@ getdns_sync_data_cleanup(getdns_sync_data *data)
 			 * synchronous request.
 			 */
 			GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
-			(*upstream->event.timeout_cb)(upstream->event.userarg);
-
-			/* This should have cleared the event */
-			assert(!upstream->event.read_cb &&
-			       !upstream->event.write_cb &&
-			       !upstream->event.timeout_cb);
+			if (upstream->conn_state != GETDNS_CONN_OPEN ||
+			    upstream->keepalive_timeout == 0)
+				(*upstream->event.timeout_cb)(upstream->event.userarg);
 		}
 		upstream->loop = data->context->extension;
 		upstream->is_sync_loop = 0;
 		if (upstream->event.read_cb || upstream->event.write_cb)
 			GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd,
 			    TIMEOUT_FOREVER, &upstream->event);
+
+		else if (upstream->event.timeout_cb &&
+		    upstream->conn_state == GETDNS_CONN_OPEN &&
+		    upstream->keepalive_timeout != 0) {
+			GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd,
+			    upstream->keepalive_timeout, &upstream->event);
+		}
 	}
 }
 

From 9de4d6537bdd2341eb257e822b2d6b1a0005fa06 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 26 Mar 2017 14:06:29 -0500
Subject: [PATCH 222/249] Implement sensible default padding policy.

This commit changes the semantics of tls_query_padding_blocksize()
slightly.  Where previously both 0 and 1 meant "no padding", this
commit changes 1 to mean "pad using a sensible policy".

At NDSS 2017's DNS privacy workshop, I presented an empirical study of
DNS padding policies:

https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3

The slide deck is here:
https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf

The resulting recommendation from the research is that a simple
padding policy is relatively cheap and still protective of metadata
when DNS traffic is encrypted:

 * queries should be padded to a multiple of 128 octets
 * responses should be padded to a multiple of 468 octets

Since getdns is only currently doing queries over tls, we only have to
implement the first part of this policy :)
---
 src/context.c            | 2 +-
 src/stub.c               | 9 ++++++---
 src/tools/getdns_query.c | 5 +++--
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/context.c b/src/context.c
index c52f770b..0748f40c 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1435,7 +1435,7 @@ getdns_context_create_with_extended_memory_functions(
 	result->edns_version = 0;
 	result->edns_do_bit = 0;
 	result->edns_client_subnet_private = 0;
-	result->tls_query_padding_blocksize = 1; /* default is to not try to pad */
+	result->tls_query_padding_blocksize = 1; /* default is to pad queries sensibly */
 	result->tls_ctx = NULL;
 
 	result->extension = &result->default_eventloop.loop;
diff --git a/src/stub.c b/src/stub.c
index 2acf0708..30c08091 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1284,12 +1284,15 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
 					return STUB_OUT_OF_OPTIONS;
 				netreq->keepalive_sent = 1;
 			}
-			if (netreq->owner->tls_query_padding_blocksize > 1) {
+			if (netreq->owner->tls_query_padding_blocksize > 0) {
+				uint16_t blksz = netreq->owner->tls_query_padding_blocksize;
+				if (blksz == 1) /* use a sensible default policy */
+					blksz = 128;
 				pkt_len = netreq->response - netreq->query;
 				pkt_len += 4; /* this accounts for the OPTION-CODE and OPTION-LENGTH of the padding */
-				padding_sz = pkt_len % netreq->owner->tls_query_padding_blocksize;
+				padding_sz = pkt_len % blksz;
 				if (padding_sz)
-					padding_sz = netreq->owner->tls_query_padding_blocksize - padding_sz;
+					padding_sz = blksz - padding_sz;
 				if (_getdns_network_req_add_upstream_option(netreq,
 									    EDNS_PADDING_OPCODE,
 									    padding_sz, NULL))
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index bb452929..350ba7cc 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -54,7 +54,7 @@ static const char *default_stubby_config =
 ", dns_transport_list: [ GETDNS_TRANSPORT_TLS, GETDNS_TRANSPORT_UDP, GETDNS_TRANSPORT_TCP ]"
 ", idle_timeout: 10000"
 ", listen_addresses: [ 127.0.0.1@53, 0::1@53 ]"
-", tls_query_padding_blocksize: 256"
+", tls_query_padding_blocksize: 1"
 ", edns_client_subnet_private : 1"
 "}";
 static int clear_listen_list_on_arg = 0;
@@ -243,7 +243,8 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t-n\tSet TLS authentication mode to NONE (default)\n");
 	fprintf(out, "\t-m\tSet TLS authentication mode to REQUIRED\n");
 	fprintf(out, "\t-p\tPretty print response dict\n");
-	fprintf(out, "\t-P <blocksize>\tPad TLS queries to a multiple of blocksize\n");
+	fprintf(out, "\t-P <blocksize>\tPad TLS queries to a multiple of blocksize\n"
+		"\t\t(special values: 0: no padding, 1: sensible default policy)\n");
 	fprintf(out, "\t-q\tQuiet mode - don't print response\n");
 	fprintf( out, "\t-r\tSet recursing resolution type%s\n"
 	       , i_am_stubby ? "(default = stub)" : "");

From f2a90925bc7c7074d3939fa257ad4ccc80faabe1 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 26 Mar 2017 14:38:13 -0500
Subject: [PATCH 223/249] getdns-query: S is no longer a valid transport label.

---
 src/tools/getdns_query.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index bb452929..5b4d63c0 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -271,7 +271,7 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t-u\tSet transport to UDP with TCP fallback (default)\n");
 	fprintf(out, "\t-U\tSet transport to UDP only\n");
 	fprintf(out, "\t-l <transports>\tSet transport list. List can contain 1 of each of the characters\n");
-	fprintf(out, "\t\t\t U T L S for UDP, TCP or TLS e.g 'UT' or 'LTU' \n");
+	fprintf(out, "\t\t\t U T L for UDP, TCP or TLS e.g 'UT' or 'LTU' \n");
 	fprintf(out, "\t-z <listen address>\n");
 	fprintf(out, "\t\tListen for DNS requests on the given IP address\n");
 	fprintf(out, "\t\t<listen address> is in the same format as upstreams.\n");

From 67baa1d651a6e796ecfbad596459ad8f20163302 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 5 Apr 2017 12:37:48 +0200
Subject: [PATCH 224/249] getdns_context_unset_edns_maximum_udp_payload_size

---
 src/context.c                | 42 ++++++++++++++++++++----------------
 src/getdns/getdns_extra.h.in |  3 +++
 2 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/src/context.c b/src/context.c
index 0748f40c..ac96691e 100644
--- a/src/context.c
+++ b/src/context.c
@@ -153,8 +153,6 @@ static getdns_return_t set_ub_dns_transport(struct getdns_context*);
 static void set_ub_limit_outstanding_queries(struct getdns_context*,
     uint16_t);
 static void set_ub_dnssec_allowed_skew(struct getdns_context*, uint32_t);
-static void set_ub_edns_maximum_udp_payload_size(struct getdns_context*,
-    int);
 #endif
 
 /* Stuff to make it compile pedantically */
@@ -1797,9 +1795,9 @@ rebuild_ub_ctx(struct getdns_context* context) {
 	    "target-fetch-policy:", "0 0 0 0 0");
 #endif
 	set_ub_dnssec_allowed_skew(context,
-		context->dnssec_allowed_skew);
-	set_ub_edns_maximum_udp_payload_size(context,
-		context->edns_maximum_udp_payload_size);
+	    context->dnssec_allowed_skew);
+    	set_ub_number_opt(context, "edns-buffer-size:",
+	    context->edns_maximum_udp_payload_size);
 	set_ub_dns_transport(context);
 
 	context->ub_event.userarg    = context;
@@ -2832,15 +2830,26 @@ error:
 } /* getdns_context_set_upstream_recursive_servers */
 
 
+/*
+ * getdns_context_unset_edns_maximum_udp_payload_size
+ *
+ */
+getdns_return_t
+getdns_context_unset_edns_maximum_udp_payload_size(getdns_context *context)
+{
+	if (!context)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
 #ifdef HAVE_LIBUNBOUND
-static void
-set_ub_edns_maximum_udp_payload_size(struct getdns_context* context,
-    int value) {
-    /* edns-buffer-size */
-    if (value >= 512 && value <= 65535)
-    	set_ub_number_opt(context, "edns-buffer-size:", (uint16_t)value);
-}
+    	set_ub_number_opt(context, "edns-buffer-size:", 4096);
 #endif
+	if (context->edns_maximum_udp_payload_size != -1) {
+		context->edns_maximum_udp_payload_size = -1;
+		dispatch_updated(context,
+		    GETDNS_CONTEXT_CODE_EDNS_MAXIMUM_UDP_PAYLOAD_SIZE);
+	}
+	return GETDNS_RETURN_GOOD;
+}               /* getdns_context_set_edns_maximum_udp_payload_size */
 
 /*
  * getdns_context_set_edns_maximum_udp_payload_size
@@ -2853,12 +2862,8 @@ getdns_context_set_edns_maximum_udp_payload_size(struct getdns_context *context,
 	if (!context)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	/* check for < 512.  uint16_t won't let it go above max) */
-	if (value < 512)
-		value = 512;
-
 #ifdef HAVE_LIBUNBOUND
-	set_ub_edns_maximum_udp_payload_size(context, value);
+    	set_ub_number_opt(context, "edns-buffer-size:", value);
 #endif
 	if (value != context->edns_maximum_udp_payload_size) {
 		context->edns_maximum_udp_payload_size = value;
@@ -4151,7 +4156,8 @@ getdns_context_get_edns_maximum_udp_payload_size(getdns_context *context,
     uint16_t* value) {
     RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
     RETURN_IF_NULL(value, GETDNS_RETURN_INVALID_PARAMETER);
-    *value = context->edns_maximum_udp_payload_size;
+    *value = context->edns_maximum_udp_payload_size == -1 ? 0
+           : context->edns_maximum_udp_payload_size;
     return GETDNS_RETURN_GOOD;
 }
 
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index bbb305d1..c49113dc 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -275,6 +275,9 @@ getdns_context_set_edns_client_subnet_private(getdns_context *context, uint8_t v
 
 getdns_return_t
 getdns_context_set_tls_query_padding_blocksize(getdns_context *context, uint16_t value);
+
+getdns_return_t
+getdns_context_unset_edns_maximum_udp_payload_size(getdns_context *context);
 /** @}
  */
 

From 2220c1a48d6a9bff27e2d3dd7572f3314c810f91 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 5 Apr 2017 17:53:39 +0200
Subject: [PATCH 225/249] Options for request debugging

---
 configure.ac | 12 ++++++++++--
 src/debug.h  | 10 +++++++++-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 43d653e3..bc07ab09 100644
--- a/configure.ac
+++ b/configure.ac
@@ -149,15 +149,16 @@ fi
 ])
 ACX_ARG_RPATH
 
-
+AC_ARG_ENABLE(debug-req, AC_HELP_STRING([--enable-debug-req], [Enable request debugging]))
 AC_ARG_ENABLE(debug-sched, AC_HELP_STRING([--enable-debug-sched], [Enable scheduling debugging messages]))
 AC_ARG_ENABLE(debug-stub, AC_HELP_STRING([--enable-debug-stub], [Enable stub debugging messages]))
 AC_ARG_ENABLE(debug-daemon, AC_HELP_STRING([--enable-debug-daemon], [Enable daemon debugging messages]))
 AC_ARG_ENABLE(debug-sec, AC_HELP_STRING([--enable-debug-sec], [Enable dnssec debugging messages]))
 AC_ARG_ENABLE(debug-server, AC_HELP_STRING([--enable-debug-server], [Enable server debugging messages]))
-AC_ARG_ENABLE(all-debugging, AC_HELP_STRING([--enable-all-debugging], [Enable scheduling, stub and dnssec debugging]))
+AC_ARG_ENABLE(all-debugging, AC_HELP_STRING([--enable-all-debugging], [Enable all debugging messages]))
 case "$enable_all_debugging" in
 	yes)
+		enable_debug_req=yes
 		enable_debug_sched=yes
 		enable_debug_stub=yes
 		enable_debug_daemon=yes
@@ -167,6 +168,13 @@ case "$enable_all_debugging" in
 	no|*)
 		;;
 esac
+case "$enable_debug_req" in
+	yes)
+		AC_DEFINE_UNQUOTED([REQ_DEBUG], [1], [Define this to enable printing of request debugging messages.])
+		;;
+	no|*)
+		;;
+esac
 case "$enable_debug_sched" in
 	yes)
 		AC_DEFINE_UNQUOTED([SCHED_DEBUG], [1], [Define this to enable printing of scheduling debugging messages.])
diff --git a/src/debug.h b/src/debug.h
index 9c5fa6f1..fff6b0cd 100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -91,6 +91,13 @@
 
 #define DEBUG_OFF(...) do {} while (0)
 
+#if defined(REQ_DEBUG) && REQ_DEBUG
+#include <time.h>
+#define DEBUG_REQ(...) DEBUG_ON(__VA_ARGS__)
+#else
+#define DEBUG_REQ(...) DEBUG_OFF(__VA_ARGS__)
+#endif
+
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
 #include <time.h>
 #define DEBUG_SCHED(...) DEBUG_ON(__VA_ARGS__)
@@ -139,7 +146,8 @@
 #define DEBUG_MDNS(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 
-#if (defined(SCHED_DEBUG)  && SCHED_DEBUG)  || \
+#if (defined(REQ_DEBUG)    && REQ_DEBUG)    || \
+    (defined(SCHED_DEBUG)  && SCHED_DEBUG)  || \
     (defined(STUB_DEBUG)   && STUB_DEBUG)   || \
     (defined(DAEMON_DEBUG) && DAEMON_DEBUG) || \
     (defined(SEC_DEBUG)    && SEC_DEBUG)    || \

From f8c7d8b5d597c54119fd0d1aca64480fe4f6f680 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 5 Apr 2017 22:43:27 +0200
Subject: [PATCH 226/249] Network request submission and callback reporting

---
 src/context.c |  3 +++
 src/debug.h   | 19 ++++++++++++++++++-
 src/general.c | 10 ++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/context.c b/src/context.c
index 0748f40c..ca3603cf 100644
--- a/src/context.c
+++ b/src/context.c
@@ -691,6 +691,7 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
 		while (upstream->finished_dnsreqs) {
 			dnsreq = upstream->finished_dnsreqs;
 			upstream->finished_dnsreqs = dnsreq->finished_next;
+			debug_req("Destroy    ", *dnsreq->netreqs);
 			_getdns_context_cancel_request(dnsreq);
 		}
 		if (upstream->tls_session != NULL)
@@ -3080,6 +3081,7 @@ getdns_cancel_callback(getdns_context *context,
 
 	getdns_context_request_count_changed(context);
 
+	debug_req("CB Cancel  ", *dnsreq->netreqs);
 	if (dnsreq->user_callback) {
 		dnsreq->context->processing = 1;
 		dnsreq->user_callback(dnsreq->context, GETDNS_CALLBACK_CANCEL,
@@ -3095,6 +3097,7 @@ _getdns_context_request_timed_out(getdns_dns_req *dnsreq)
 {
 	DEBUG_SCHED("%s(%p)\n", __FUNC__, (void *)dnsreq);
 
+	debug_req("CB Timeout ", *dnsreq->netreqs);
 	if (dnsreq->user_callback) {
 		dnsreq->context->processing = 1;
 		dnsreq->user_callback(dnsreq->context, GETDNS_CALLBACK_TIMEOUT,
diff --git a/src/debug.h b/src/debug.h
index fff6b0cd..fb74527c 100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -36,7 +36,6 @@
 #define DEBUG_H
 
 #include "config.h"
-
 #define STUB_DEBUG_ENTRY     "=> ENTRY:       "
 #define STUB_DEBUG_SETUP     "--- SETUP:      "
 #define STUB_DEBUG_SETUP_TLS "--- SETUP(TLS): "
@@ -94,8 +93,26 @@
 #if defined(REQ_DEBUG) && REQ_DEBUG
 #include <time.h>
 #define DEBUG_REQ(...) DEBUG_ON(__VA_ARGS__)
+#include "gldns/wire2str.h"
+#include "rr-dict.h"
+#include "types-internal.h"
+static inline void debug_req(const char *msg, getdns_network_req *netreq)
+{
+	char str[1024];
+	struct timeval tv;
+	uint64_t t;
+
+	(void) gettimeofday(&tv, NULL);
+	t = tv.tv_sec * 1000 + tv.tv_usec / 1000;
+	t = t >= netreq->owner->expires ? 0 : netreq->owner->expires - t;
+	(void) gldns_wire2str_dname_buf(netreq->owner->name,
+	    netreq->owner->name_len, str, sizeof(str));
+	DEBUG_REQ("NETREQ %s %4"PRIu64" %s %s\n", msg, t,
+	    str, _getdns_rr_type_name(netreq->request_type));
+}
 #else
 #define DEBUG_REQ(...) DEBUG_OFF(__VA_ARGS__)
+#define debug_req(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 
 #if defined(SCHED_DEBUG) && SCHED_DEBUG
diff --git a/src/general.c b/src/general.c
index cc6e1fe9..4ac4e3f2 100644
--- a/src/general.c
+++ b/src/general.c
@@ -186,6 +186,14 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 			return;
 		}
 	}
+#if defined(REQ_DEBUG) && REQ_DEBUG
+	if (dns_req->internal_cb)
+		debug_req("CB Internal", *dns_req->netreqs);
+	else if (results_found)
+		debug_req("CB Complete", *dns_req->netreqs);
+	else
+		debug_req("CB Error   ", *dns_req->netreqs);
+#endif
 	if (dns_req->internal_cb) {
 		_getdns_context_clear_outbound_request(dns_req);
 		dns_req->internal_cb(dns_req);
@@ -373,6 +381,8 @@ _getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms)
 	}
 	_getdns_netreq_change_state(netreq, NET_REQ_IN_FLIGHT);
 
+	debug_req("Submitting ", netreq);
+
 #ifdef STUB_NATIVE_DNSSEC
 # ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 

From e08d3592a069c3ce8c6a51f88adebac6d7f3102f Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 6 Apr 2017 11:20:08 +0200
Subject: [PATCH 227/249] Schedule timeout when collecting for dnssec chain

---
 src/context.c                                 | 11 ++++--
 src/dnssec.c                                  | 37 +++++++++++++++++++
 src/dnssec.h                                  |  1 +
 src/general.c                                 | 22 +++++++++--
 src/request-internal.c                        |  1 +
 src/stub.c                                    | 22 +++++++++++
 .../070-coding-practice.test                  | 13 +++++++
 src/types-internal.h                          |  1 +
 src/util-internal.c                           |  1 +
 9 files changed, 102 insertions(+), 7 deletions(-)

diff --git a/src/context.c b/src/context.c
index ca3603cf..2af25a3f 100644
--- a/src/context.c
+++ b/src/context.c
@@ -691,8 +691,10 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
 		while (upstream->finished_dnsreqs) {
 			dnsreq = upstream->finished_dnsreqs;
 			upstream->finished_dnsreqs = dnsreq->finished_next;
-			debug_req("Destroy    ", *dnsreq->netreqs);
-			_getdns_context_cancel_request(dnsreq);
+			if (!dnsreq->internal_cb) { /* Not part of chain */
+				debug_req("Destroy    ", *dnsreq->netreqs);
+				_getdns_context_cancel_request(dnsreq);
+			}
 		}
 		if (upstream->tls_session != NULL)
 			SSL_SESSION_free(upstream->tls_session);
@@ -3088,7 +3090,10 @@ getdns_cancel_callback(getdns_context *context,
 		    NULL, dnsreq->user_pointer, dnsreq->trans_id);
 		dnsreq->context->processing = 0;
 	}
-	_getdns_context_cancel_request(dnsreq);
+	if (!dnsreq->internal_cb) { /* Not part of chain */
+		debug_req("Destroy    ", *dnsreq->netreqs);
+		_getdns_context_cancel_request(dnsreq);
+	}
 	return GETDNS_RETURN_GOOD;
 } /* getdns_cancel_callback */
 
diff --git a/src/dnssec.c b/src/dnssec.c
index b3e86bae..8c01a635 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -3113,6 +3113,43 @@ static void check_chain_complete(chain_head *chain)
 	_getdns_call_user_callback(dnsreq, response_dict);
 }
 
+void _getdns_validation_chain_timeout(getdns_dns_req *dnsreq)
+{
+	chain_head *head = dnsreq->chain, *next;
+	chain_node *node;
+	size_t      node_count;
+
+	while (head) {
+		next = head->next;
+
+		for ( node_count = head->node_count, node = head->parent
+		    ; node_count
+		    ; node_count--, node = node->parent ) {
+
+			if (!_getdns_netreq_finished(node->dnskey_req)) {
+				_getdns_context_cancel_request(
+				    node->dnskey_req->owner);
+				node->dnskey_req = NULL;
+			}
+
+			if (!_getdns_netreq_finished(node->ds_req)) {
+				_getdns_context_cancel_request(
+				    node->ds_req->owner);
+				node->ds_req = NULL;
+			}
+
+			if (!_getdns_netreq_finished(node->soa_req)) {
+				_getdns_context_cancel_request(
+				    node->soa_req->owner);
+				node->soa_req = NULL;
+			}
+		}
+		head = next;
+	}
+	dnsreq->request_timed_out = 1;
+	check_chain_complete(dnsreq->chain);
+}
+
 void _getdns_cancel_validation_chain(getdns_dns_req *dnsreq)
 {
 	chain_head *head = dnsreq->chain, *next;
diff --git a/src/dnssec.h b/src/dnssec.h
index b7becfe9..b0334d52 100644
--- a/src/dnssec.h
+++ b/src/dnssec.h
@@ -47,6 +47,7 @@
 /* Do some additional requests to fetch the complete validation chain */
 void _getdns_get_validation_chain(getdns_dns_req *dns_req);
 void _getdns_cancel_validation_chain(getdns_dns_req *dns_req);
+void _getdns_validation_chain_timeout(getdns_dns_req *dns_req);
 
 uint16_t _getdns_parse_ta_file(time_t *ta_mtime, gldns_buffer *gbuf);
 
diff --git a/src/general.c b/src/general.c
index 4ac4e3f2..16a07128 100644
--- a/src/general.c
+++ b/src/general.c
@@ -61,8 +61,9 @@ void _getdns_call_user_callback(getdns_dns_req *dnsreq, getdns_dict *response)
 	if (dnsreq->user_callback) {
 		dnsreq->context->processing = 1;
 		dnsreq->user_callback(dnsreq->context,
-		    (response ? GETDNS_CALLBACK_COMPLETE
-		              : GETDNS_CALLBACK_ERROR),
+		    ( ! response                ? GETDNS_CALLBACK_ERROR
+		    : dnsreq->request_timed_out ? GETDNS_CALLBACK_TIMEOUT
+		                                : GETDNS_CALLBACK_COMPLETE ),
 		    response, dnsreq->user_pointer, dnsreq->trans_id);
 		dnsreq->context->processing = 0;
 	}
@@ -214,9 +215,22 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 	            dns_req->dnssec_return_all_statuses
 	           ))
 #endif
-	    ))
+	    )) {
+		/* Reschedule timeout for this DNS request
+		 */
+		dns_req->timeout.userarg    = dns_req;
+		dns_req->timeout.read_cb    = NULL;
+		dns_req->timeout.write_cb   = NULL;
+		dns_req->timeout.timeout_cb =
+		    (getdns_eventloop_callback)
+		    _getdns_validation_chain_timeout;
+		dns_req->timeout.ev         = NULL;
+		(void) dns_req->loop->vmt->schedule(dns_req->loop, -1,
+		    _getdns_ms_until_expiry2(dns_req->expires, &now_ms),
+		    &dns_req->timeout);
+
 		_getdns_get_validation_chain(dns_req);
-	else
+	} else
 		_getdns_call_user_callback(
 		    dns_req, _getdns_create_getdns_response(dns_req));
 }
diff --git a/src/request-internal.c b/src/request-internal.c
index 1bd5475e..d91563f4 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -944,6 +944,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 	result->freed = NULL;
 	result->validating = 0;
 	result->is_dns_request = 1;
+	result->request_timed_out = 0;
 	result->chain = NULL;
 
 	network_req_init(result->netreqs[0], result,
diff --git a/src/stub.c b/src/stub.c
index 30c08091..90b44c96 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -32,6 +32,12 @@
  */
 
 #include "config.h"
+
+/* Intercept and do not sent out COM DS queries with TLS
+ * For debugging purposes only. Never commit with this turned on.
+ */
+#define INTERCEPT_COM_DS 0
+
 #ifdef USE_POLL_DEFAULT_EVENTLOOP
 # ifdef HAVE_SYS_POLL_H
 #  include <sys/poll.h>
@@ -1306,6 +1312,22 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
 		
 		/* TODO[TLS]: Handle error cases, partial writes, renegotiation etc. */
 		ERR_clear_error();
+#if INTERCEPT_COM_DS
+		/* Intercept and do not sent out COM DS queries. For debugging
+		 * purposes only. Never commit with this turned on.
+		 */
+		if (netreq->request_type == GETDNS_RRTYPE_DS &&
+		    netreq->owner->name_len == 5 &&
+		    netreq->owner->name[0] == 3 &&
+		    (netreq->owner->name[1] & 0xDF) == 'C' &&
+		    (netreq->owner->name[2] & 0xDF) == 'O' &&
+		    (netreq->owner->name[3] & 0xDF) == 'M' &&
+		    netreq->owner->name[4] == 0) {
+
+			debug_req("Intercepting", netreq);
+			written = pkt_len + 2;
+		} else
+#endif
 		written = SSL_write(tls_obj, netreq->query - 2, pkt_len + 2);
 		if (written <= 0)
 			return STUB_TCP_ERROR;
diff --git a/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test b/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test
index b628a657..09473687 100644
--- a/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test
+++ b/src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test
@@ -33,6 +33,19 @@ rm -f report.txt
 		echo ""
 	fi
 ) >> report.txt
+(
+ 	cd ${SRCROOT}/src
+	if [ `grep '^#define[ 	]*INTERCEPT_COM_DS[ 	]*1' stub.c | wc -l` -gt 0 ]
+	then
+		echo "*** "
+		echo "*** The repo contained the COM DS queries interception"
+		echo "*** with TLS transports turned on, this should be off"
+		echo "*** "
+		grep -n '^#define[ 	]INTERCEPT_COM_DS[ 	]*1' stub.c
+		echo ""
+	fi
+) >> report.txt
+
 
 if [ -s report.txt ]
 then
diff --git a/src/types-internal.h b/src/types-internal.h
index 5e1961ac..e70d8911 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -314,6 +314,7 @@ typedef struct getdns_dns_req {
 	unsigned dnssec_ok_checking_disabled		: 1;
 	unsigned is_sync_request			: 1;
 	unsigned is_dns_request				: 1;
+	unsigned request_timed_out			: 1;
 
 	/* The validating and freed variables are used to make sure a single
 	 * code path is followed while processing a DNS request, even when
diff --git a/src/util-internal.c b/src/util-internal.c
index 33c31745..ddac7b51 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -1263,6 +1263,7 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request)
 		GETDNS_FREE(context->mf, srvs.rrs);
 	}
 	if (getdns_dict_set_int(result, GETDNS_STR_KEY_STATUS,
+	    completed_request->request_timed_out ||
 	    nreplies == 0   ? GETDNS_RESPSTATUS_ALL_TIMEOUT :
 	    completed_request->dnssec_return_only_secure && nsecure == 0 && ninsecure > 0
 	                    ? GETDNS_RESPSTATUS_NO_SECURE_ANSWERS :

From 4ceec33d0826b9f5453875510735bf00d7ad8b75 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 6 Apr 2017 11:46:10 +0200
Subject: [PATCH 228/249] Do something about TLS renegotiation.

---
 src/stub.c | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index 90b44c96..e8a8ee52 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1329,9 +1329,22 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
 		} else
 #endif
 		written = SSL_write(tls_obj, netreq->query - 2, pkt_len + 2);
-		if (written <= 0)
-			return STUB_TCP_ERROR;
-
+		if (written <= 0) {
+			/* SSL_write will not do partial writes, because 
+			 * SSL_MODE_ENABLE_PARTIAL_WRITE is not default,
+			 * but the write could fail because of renegotiation.
+			 * In that case SSL_get_error()  will return
+			 * SSL_ERROR_WANT_READ or, SSL_ERROR_WANT_WRITE.
+			 * Return for retry in such cases.
+			 */
+			switch (SSL_get_error(tls_obj, written)) {
+			case SSL_ERROR_WANT_READ:
+			case SSL_ERROR_WANT_WRITE:
+				return STUB_TCP_AGAIN;
+			default:
+				return STUB_TCP_ERROR;
+			}
+		}
 		/* We were able to write everything!  Start reading. */
 		return (int) query_id;
 
@@ -2102,6 +2115,12 @@ upstream_reschedule_events(getdns_upstream *upstream, uint64_t idle_timeout) {
 	else {
 		DEBUG_STUB("%s %-35s: FD:  %d Connection idle - timeout is %d\n", 
 			    STUB_DEBUG_SCHEDULE, __FUNC__, upstream->fd, (int)idle_timeout);
+		/* TODO: Schedule a read also anyway,
+		 *       to digest timed out answers.
+		 *       Dont forget to schedule with upstream->fd then!
+		 *
+		 * upstream->event.read_cb = upstream_read_cb;
+		 */
 		upstream->event.timeout_cb = upstream_idle_timeout_cb;
 		if (upstream->conn_state != GETDNS_CONN_OPEN)
 			idle_timeout = 0;

From e35a2182a92bf9f747471144c6ed2197cecbb729 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 6 Apr 2017 12:24:27 +0200
Subject: [PATCH 229/249] missing #include

---
 src/general.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/general.c b/src/general.c
index 16a07128..b981470b 100644
--- a/src/general.c
+++ b/src/general.c
@@ -53,6 +53,7 @@
 #include "stub.h"
 #include "dict.h"
 #include "mdns.h"
+#include "debug.h"
 
 void _getdns_call_user_callback(getdns_dns_req *dnsreq, getdns_dict *response)
 {

From c2edc94a3a25e835e18e094aab6c080a489986e6 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 6 Apr 2017 15:18:12 +0200
Subject: [PATCH 230/249] Clear timeout event when getting dnssec chain

With full recursion
---
 src/general.c                                    | 16 +++++++---------
 .../225-stub-only-valgrind-checks.dsc            |  2 +-
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/src/general.c b/src/general.c
index b981470b..280df08d 100644
--- a/src/general.c
+++ b/src/general.c
@@ -219,16 +219,14 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 	    )) {
 		/* Reschedule timeout for this DNS request
 		 */
-		dns_req->timeout.userarg    = dns_req;
-		dns_req->timeout.read_cb    = NULL;
-		dns_req->timeout.write_cb   = NULL;
-		dns_req->timeout.timeout_cb =
-		    (getdns_eventloop_callback)
-		    _getdns_validation_chain_timeout;
-		dns_req->timeout.ev         = NULL;
-		(void) dns_req->loop->vmt->schedule(dns_req->loop, -1,
+		if (dns_req->timeout.timeout_cb && dns_req->timeout.ev)
+			GETDNS_CLEAR_EVENT(dns_req->loop, &dns_req->timeout);
+
+		GETDNS_SCHEDULE_EVENT(dns_req->loop, -1,
 		    _getdns_ms_until_expiry2(dns_req->expires, &now_ms),
-		    &dns_req->timeout);
+		    getdns_eventloop_event_init(&dns_req->timeout, dns_req,
+		    NULL, NULL, (getdns_eventloop_callback)
+		    _getdns_validation_chain_timeout));
 
 		_getdns_get_validation_chain(dns_req);
 	} else
diff --git a/src/test/tpkg/225-stub-only-valgrind-checks.tpkg/225-stub-only-valgrind-checks.dsc b/src/test/tpkg/225-stub-only-valgrind-checks.tpkg/225-stub-only-valgrind-checks.dsc
index d845ad44..7167a541 100644
--- a/src/test/tpkg/225-stub-only-valgrind-checks.tpkg/225-stub-only-valgrind-checks.dsc
+++ b/src/test/tpkg/225-stub-only-valgrind-checks.tpkg/225-stub-only-valgrind-checks.dsc
@@ -6,7 +6,7 @@ Maintainer: Willem Toorop
 Category: 
 Component:
 CmdDepends: valgrind
-Depends: 110-link.tpkg
+Depends: 210-stub-only-link.tpkg
 Help:
 Pre: 
 Post: 

From f0ee9202270aec03dc31b02ba89ce16f274bb3f7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 6 Apr 2017 16:13:15 +0200
Subject: [PATCH 231/249] Bump version, update ChangeLog

---
 ChangeLog    | 9 ++++++++-
 configure.ac | 4 ++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index de4e70ca..f5bb6498 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,11 @@
 * 2017-04-??: Version 1.1.0
+  * bugfix: Reschedule request timeout when getting the DNSSEC chain.
+  * Implement sensible default edns0 padding policy.  Thanks DKG.
+  * Keep connections open with sync requests too.
+  * Fix of event loops so they do not give up with naked timers with
+    windows.  Thanks Christian Huitema.
+  * Include peer certificate with DNS-over-TLS in combination with
+    the return_call_reporting extension.
   * More fine grained control over TLS upstream retry and back off
     behaviour with getdns_context_set_tls_backoff_time() and
     getdns_context_set_tls_connection_retries().
@@ -14,7 +21,7 @@
     Thanks Neil Cook
   * bugfix: authentication failure for self signed cert + only pinset
   * bugfix: issue with session re-use making authentication appear to fail
-	
+
 * 2017-01-13: Version 1.0.0
   * edns0_cookies extension enabled by default (per RFC7873)
   * dnssec_roadblock_avoidance enabled by default (per RFC8027)
diff --git a/configure.ac b/configure.ac
index bc07ab09..c1a0c2fc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,7 +37,7 @@ sinclude(./m4/ax_check_compile_flag.m4)
 sinclude(./m4/pkg.m4)
 
 AC_INIT([getdns], [1.1.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
-AC_SUBST(RELEASE_CANDIDATE, [-rc1])
+AC_SUBST(RELEASE_CANDIDATE, [-rc2])
 
 # Set current date from system if not set
 AC_ARG_WITH([current-date],
@@ -47,7 +47,7 @@ AC_ARG_WITH([current-date],
   [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
 
 AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
-AC_SUBST(GETDNS_NUMERIC_VERSION, [0x0100C100])
+AC_SUBST(GETDNS_NUMERIC_VERSION, [0x0100C200])
 AC_SUBST(API_VERSION, ["December 2015"])
 AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
 GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"

From a27915ccc97d3543568e4ca97f61b334ceaa03f8 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 6 Apr 2017 19:47:15 +0200
Subject: [PATCH 232/249] One more ChangeLog update

---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index f5bb6498..1299763c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 * 2017-04-??: Version 1.1.0
   * bugfix: Reschedule request timeout when getting the DNSSEC chain.
+  * getdns_context_unset_edns_maximum_udp_payload_size() to reset
+    to default IPv4/IPv6 dependent edns max udp payload size.
   * Implement sensible default edns0 padding policy.  Thanks DKG.
   * Keep connections open with sync requests too.
   * Fix of event loops so they do not give up with naked timers with

From c9b3e3cf7b4d4a012241c4adc90c31c3d7244814 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 6 Apr 2017 20:50:34 +0200
Subject: [PATCH 233/249] Allow cleanup of naked idle timeouts

---
 src/context.c            | 34 +++++++++++++++++++++++++++-------
 src/stub.c               |  3 +--
 src/tools/getdns_query.c |  1 +
 3 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/src/context.c b/src/context.c
index 2e26b06c..5396fcc4 100644
--- a/src/context.c
+++ b/src/context.c
@@ -2210,18 +2210,38 @@ getdns_context_set_timeout(struct getdns_context *context, uint64_t timeout)
  *
  */
 getdns_return_t
-getdns_context_set_idle_timeout(struct getdns_context *context, uint64_t timeout)
+getdns_context_set_idle_timeout(getdns_context *context, uint64_t timeout)
 {
-    RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
+	size_t i;
 
-    /* Shuold we enforce maximum based on edns-tcp-keepalive spec? */
-    /* 0 should be allowed as that is the default.*/
+	if (!context)
+		return GETDNS_RETURN_INVALID_PARAMETER;
 
-    context->idle_timeout = timeout;
+	/* Shuold we enforce maximum based on edns-tcp-keepalive spec? */
+	/* 0 should be allowed as that is the default.*/
 
-    dispatch_updated(context, GETDNS_CONTEXT_CODE_IDLE_TIMEOUT);
+	context->idle_timeout = timeout;
 
-    return GETDNS_RETURN_GOOD;
+	dispatch_updated(context, GETDNS_CONTEXT_CODE_IDLE_TIMEOUT);
+
+	if (timeout)
+		return GETDNS_RETURN_GOOD;
+
+	/* If timeout == 0, call scheduled idle timeout events */
+	for (i = 0; i < context->upstreams->count; i++) {
+		getdns_upstream *upstream =
+		    &context->upstreams->upstreams[i];
+
+		if (!upstream->event.ev ||
+		    !upstream->event.timeout_cb ||
+		     upstream->event.read_cb ||
+		     upstream->event.write_cb)
+			continue;
+
+		GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
+		upstream->event.timeout_cb(upstream->event.userarg);
+	}
+	return GETDNS_RETURN_GOOD;
 }               /* getdns_context_set_timeout */
 
 
diff --git a/src/stub.c b/src/stub.c
index e8a8ee52..3597cb88 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1717,9 +1717,8 @@ upstream_write_cb(void *userarg)
 	default:
 		if (netreq->owner->return_call_reporting &&
 		    netreq->upstream->tls_obj &&
+		    netreq->debug_tls_peer_cert.data == NULL &&
 		    (cert = SSL_get_peer_certificate(netreq->upstream->tls_obj))) {
-			assert(netreq->debug_tls_peer_cert.data == NULL);
-
 			netreq->debug_tls_peer_cert.size = i2d_X509(
 			    cert, &netreq->debug_tls_peer_cert.data);
 			X509_free(cert);
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 5a431484..7dca01fe 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -1230,6 +1230,7 @@ void read_line_cb(void *userarg)
 		if (listen_count)
 			(void) getdns_context_set_listen_addresses(
 			    context, NULL, NULL, NULL);
+		(void) getdns_context_set_idle_timeout(context, 0);
 		return;
 	}
 	if (query_file)

From e6696d9557770c7c1b0ebdaf92dbc7d16af1d214 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 6 Apr 2017 20:53:18 +0200
Subject: [PATCH 234/249] getdns_context_unset_edns_maximum_udp_payload_size

---
 src/libgetdns.symbols | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index 890475ee..4df6a989 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -69,6 +69,7 @@ getdns_context_set_tls_query_padding_blocksize
 getdns_context_set_update_callback
 getdns_context_set_upstream_recursive_servers
 getdns_context_set_use_threads
+getdns_context_unset_edns_maximum_udp_payload_size
 getdns_convert_alabel_to_ulabel
 getdns_convert_dns_name_to_fqdn
 getdns_convert_fqdn_to_dns_name

From ce7ee62355ce5add8f1a49f08697ac72aa064db8 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Tue, 11 Apr 2017 15:24:10 +0100
Subject: [PATCH 235/249] Should we update stubby.conf to include 2 of the new
 test servers?

---
 src/tools/stubby.conf | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf
index 92cb38be..bd9e636e 100644
--- a/src/tools/stubby.conf
+++ b/src/tools/stubby.conf
@@ -60,6 +60,19 @@
       [ { digest: "sha256"
         , value: pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=
       } ]
+    },
+    { address_data: 2001:4b98:dc2:43:216:3eff:fea9:41a
+    , tls_auth_name: "dns-resolver.yeti.eu.org"
+    , tls_pubkey_pinset:
+      [ { digest: "sha256"
+        , value: 8jkVGv5GP34E70/tDu+j2vnZ1bikayym2QvF4mkX11g=
+      } ]
+    },
+    { address_data: 89.233.43.71 
+    , tls_auth_name: "unicast.censurfridns.dk"
+    },
+    { address_data: 2a01:3a0:53:53::
+    , tls_auth_name: "unicast.censurfridns.dk"
     }
   ]
 }

From a060e723f2f054bb281c13ddd0a07f2023e4cfc7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 11 Apr 2017 23:29:33 +0200
Subject: [PATCH 236/249] Doxygen documentation for everything in getdns.h

---
 src/getdns/getdns.h.in | 436 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 432 insertions(+), 4 deletions(-)

diff --git a/src/getdns/getdns.h.in b/src/getdns/getdns.h.in
index 5851c023..618bb835 100644
--- a/src/getdns/getdns.h.in
+++ b/src/getdns/getdns.h.in
@@ -490,12 +490,30 @@ typedef enum getdns_callback_type_t {
  */
 
 
+/**
+ * Many calls in the DNS API require a DNS context. A DNS context contains
+ * the information that the API needs in order to process DNS calls, such
+ * as the locations of upstream DNS servers, DNSSEC trust anchors, and so on.
+ * The internal structure of the DNS context is opaque, and might be different
+ * on each OS. When a context is passed to any function, it must be an
+ * allocated context; the context must not be NULL.
+ *
+ * Use getdns_context_set_* functions to configure a context.
+ */
 typedef struct getdns_context getdns_context;
+
+/**
+ * When scheduling asynchronous requests, transaction identifiers associated
+ * with the request are returned.  These identifiers are of the type:
+ * getdns_transaction_t.  These identifiers can be used to associate answers
+ * with requests, and also to cancel outstanding requests.
+ */
 typedef uint64_t getdns_transaction_t;
 
 
 /**
- * used to check data types within complex types (dict, list)
+ * getdns_list_get_data_type() and getdns_dict_get_data_type() return the type
+ * of data on an index in a getdns_list, or on a name in a getdns_dict.
  */
 typedef enum getdns_data_type
 {
@@ -503,6 +521,9 @@ typedef enum getdns_data_type
 } getdns_data_type;
 
 
+/**
+ * A  struct to hold binary data.
+ */
 typedef struct getdns_bindata
 {
 	size_t size;
@@ -893,8 +914,17 @@ void getdns_dict_destroy(getdns_dict *dict);
  * @{
  */
 
+/**
+ * create a new entry in the dictionary, or replace the value of an existing entry
+ * this routine makes a copy of the child_dict_
+ * @param dict dictionary in which to add or change the value
+ * @param name key that identifies which item in the dictionary to add/change
+ * @param child_dict value to assign to the node identified by name
+ * @return GETDNS_RETURN_GOOD on success
+ */
 getdns_return_t getdns_dict_set_dict(getdns_dict *dict,
     const char *name, const getdns_dict *child_dict);
+
 /**
  * create a new entry in the dictionary, or replace the value of an existing entry
  * this routine makes a copy of the child_list
@@ -944,7 +974,28 @@ getdns_return_t getdns_dict_remove_name(getdns_dict *dict, const char *name);
  */
 /**
  * The type of the callback function that must be registered when scheduling
- * asynchronous requests.
+ * asynchronous requests.  The registered function will be called from the
+ * eventloop with the following parameters.
+ * @param context The DNS context that was used in the calling function
+ * @param callback_type Supplies the reason for the callback.
+ *                      This will be one of:
+ *                      - GETDNS_CALLBACK_COMPLETE The response has the
+ *                        requested data in it
+ *                      - GETDNS_CALLBACK_CANCEL The calling program cancelled
+ *                        the callback; response is NULL
+ *                      - GETDNS_CALLBACK_TIMEOUT The requested action timed
+ *                        out; response is filled in with empty structures or
+ *                        will contain additional information about the timeout
+ *                        when used in combination with the
+ *                        return_call_reporting extension.
+ *                      - GETDNS_CALLBACK_ERROR The requested action had an 
+ *                        error; response is NULL.
+ * @param response A response object with the response data. 
+ *                 The application is responsible for cleaning up the response
+ *                 object with getdns_dict_destroy.
+ * @param userarg Identical to the userarg passed to the calling function.
+ * @param transaction_id The transaction identifier that was assigned by the
+ *                       calling function.
  */
 typedef void (*getdns_callback_t) (getdns_context *context,
     getdns_callback_type_t callback_type,
@@ -1196,27 +1247,90 @@ getdns_service_sync(getdns_context *context,
 /**
  * Convert a domain name in DNS wire format to presentation format.
  * The newly allocated string should be freed with free.
+ * @param dns_name_wire_fmt A bindata to the DNS name in wire format
+ * @param fqdn_as_string A reference to a pointer that will be set
+ *                       to a newly allocated string containing the
+ *                       presentation format of the name.  The caller
+ *                       is responsible for deallocate this space with free().
+ * @return GETDNS_RETURN_GOOD on success or GETDNS_RETURN_GENERIC_ERROR
+ *         when the wireformat name could not be parsed.
  */
 getdns_return_t
 getdns_convert_dns_name_to_fqdn(
     const getdns_bindata *dns_name_wire_fmt,
     char **fqdn_as_string);
 
+/**
+ * Convert a domain name in presentation format to DNS wire format.
+ * @param fqdn_as_string The name to convert in presentation format.
+ * @param dns_name_wire_fmt A reference to a pointer that will be set
+ *                          to a newly allocated bindata containing the
+ *                          DNS wire format of the name.  The caller
+ *                          is responsible for deallocate this space with free().
+ * @return GETDNS_RETURN_GOOD on success or GETDNS_RETURN_GENERIC_ERROR
+ *         when the presentation format name could not be parsed.
+ */
 getdns_return_t
 getdns_convert_fqdn_to_dns_name(
     const char *fqdn_as_string,
     getdns_bindata **dns_name_wire_fmt);
 
+/**
+ * Convert an Unicode encoded label to ASCII encoding following the
+ * rules for IDNA 2008 described in RFC 5890-5892.
+ * @param ulabel The Unicode encoded label to convert.
+ * @return The ASCII encoding label. The caller is responsible for deallocate
+ * this space with free().
+ */ 
 char *getdns_convert_ulabel_to_alabel(const char *ulabel);
 
+/**
+ * Convert an ASCII encoded label to Unicode encoding following the
+ * rules for IDNA 2008 described in RFC 5890-5892.
+ * @param alabel The ASCII encoded label to convert.
+ * @return The Unicode encoding label. The caller is responsible for
+ * deallocation with free().
+ */ 
 char *getdns_convert_alabel_to_ulabel(const char *alabel);
 
+/**
+ * Offline DNSSEC validate Resource Records with the help of support
+ * records and a DNSSEC trust anchor.
+ * @param to_validate This is a list of reply_dicts to validate (as can
+ *                    be seen under "replies_tree" in a response dict), or
+ *                    an RRset with signatures represented as a list of
+ *                    rr_dicts.  The format of rr_dict can be seen in
+ *                    the sections of reply_dicts in response dicts.
+ *                    It is also possible to validate the non-existance
+ *                    of a query.  Besides all the necessary NSEC(3)s plus
+ *                    signature, the to_validate should then also contain
+ *                    a question rr_dict with a qname, qclass and qtype.
+ * @param support_records A list of all the DNSKEY, DS and NSEC(3) RRsets
+ *                        (in the form of rr_dicts) that may be used to
+ *                        validate the RRsets or replies in to_validate.
+ *                        The value returned under "validation_chain" in a
+ *                        response dict when the dnssec_return_validation_chain
+ *                        extension was used, can be used directly for this.
+ * @param trust_anchors A list of rr_dicts containing the DNSSEC trust anchors.
+ *                      The return value of the getdns_root_trust_anchor()
+ *                      can be used directly for this.
+ * @return The function returns one of GETDNS_DNSSEC_SECURE,
+ * GETDNS_DNSSEC_BOGUS, GETDNS_DNSSEC_INDETERMINATE, or GETDNS_DNSSEC_INSECURE
+ * depending on the validation status.
+ */
 getdns_return_t
 getdns_validate_dnssec(getdns_list *to_validate,
     getdns_list *support_records,
     getdns_list *trust_anchors);
 
-/* Get root trust anchor */
+/**
+ * Get the default list of trust anchor records that is used by the library
+ * to validate DNSSEC.
+ * @param utc_date_of_anchor Set to the number of seconds since epoch
+ *                           the trust anchors were obtained
+ * @return The list of DNSSEC trust anchors, or NULL on error. The  caller is
+ * responsible for deallocating the list with getdns_list_destroy().
+ */
 getdns_list *getdns_root_trust_anchor(time_t *utc_date_of_anchor);
 
 /**
@@ -1227,6 +1341,13 @@ getdns_list *getdns_root_trust_anchor(time_t *utc_date_of_anchor);
  */
 char *getdns_pretty_print_dict(const getdns_dict *some_dict);
 
+/**
+ * Converts a getdns_bindata representing an IPv4 or IPv6 address to a 
+ * textual representation.
+ * @param bindata_of_ipv4_or_ipv6_address The IP address to convert.
+ * @return character array (caller must free this) containing the textual
+ * representation of the address.
+ */
 char *getdns_display_ip_address(const getdns_bindata
     *bindata_of_ipv4_or_ipv6_address);
 
@@ -1238,6 +1359,16 @@ char *getdns_display_ip_address(const getdns_bindata
  * \addtogroup context_set getdns_context_set functions
  * @{
  */
+
+/**
+ * An application can be notified when the context is changed.
+ * @param context The context for which to monitor changes
+ * @param value The callback function that will be called when any context is
+ *              changed. A update callback function can be deregistered by
+ *              passing NULL.
+ * @return GETDNS_RETURN_GOOD when succesful.
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
+ */
 getdns_return_t
 getdns_context_set_context_update_callback(
   getdns_context *context,
@@ -1245,73 +1376,339 @@ getdns_context_set_context_update_callback(
                 getdns_context_code_t changed_item)
 );
 
+/**
+ * Specify whether DNS queries are performed with recursive lookups or as a
+ * stub resolver. The default value is GETDNS_RESOLUTION_RECURSING.
+ * @param context The context to configure
+ * @param value GETDNS_RESOLUTION_RECURSING or GETDNS_RESOLUTION_STUB.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_CONTEXT_UPDATE_FAIL with unknown resolution types
+ * @return GETDNS_RETURN_NOT_IMPLEMENTED when getdns was compiled for stub
+ *         resolution only and recursing resolution type was requested.
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
+ */
 getdns_return_t
 getdns_context_set_resolution_type(getdns_context *context,
     getdns_resolution_t value);
 
+/**
+ * Sets the ordered list of namespaces that will be queried.
+ * This context setting is ignored for the getdns_general and
+ * getdns_general_sync functions; it is used for the other funtions. 
+ * When a normal lookup is done, the API does the lookups in the order given
+ * and stops when it gets the first result
+ * @param context The context to configure
+ * @param namespace_count The number of values in the namespaces list.
+ * @param namespaces An ordered list of namespaces that will be queried.
+ *                   The values are: GETDNS_NAMESPACE_DNS,
+ *                   GETDNS_NAMESPACE_LOCALNAMES, GETDNS_NAMESPACE_NETBIOS,
+ *                   GETDNS_NAMESPACE_MDNS, and GETDNS_NAMESPACE_NIS. 
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_CONTEXT_UPDATE_FAIL with unknown namespace types
+ * @return GETDNS_RETURN_NOT_IMPLEMENTED when unsupported namespaces were
+ *         given.  Currently this implementation supports only
+ *         GETDNS_NAMESPACE_DNS, GETDNS_NAMESPACE_LOCALNAMES and has an
+ *         draft implementation of GETDNS_NAMESPACE_MDNS, which has to be
+ *         enabled at configure time.
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
+ */
 getdns_return_t
 getdns_context_set_namespaces(getdns_context *context,
     size_t namespace_count, getdns_namespace_t *namespaces);
 
+/**
+ * Specifies what transport are used for DNS lookups. The default is
+ * GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP. Use of this function
+ * is discouraged.  Please use getdns_context_set_dns_transport_list()
+ * instead of this function.  
+ * @param context The context to configure
+ * @param value The transport to use for DNS lookups.
+ *              The value is GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP,
+ *              GETDNS_TRANSPORT_UDP_ONLY, GETDNS_TRANSPORT_TCP_ONLY,
+ *              GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN,
+ *              GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN or
+ *              GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_CONTEXT_UPDATE_FAIL with unknown values
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
+ */
 getdns_return_t
 getdns_context_set_dns_transport(getdns_context *context,
     getdns_transport_t value);
 
+/**
+ * Specifies what transport is used for DNS lookups. The default is a list
+ * containing GETDNS_TRANSPORT_UDP then GETDNS_TRANSPORT_TCP.  The API will
+ * return information on the actual transport used to fulfill the request in
+ * the response dict, when the return_call_reporting extension is used.
+ * @param context The context to configure
+ * @param transport_count The number of values in the transports list.
+ * @param transports An ordered list of transports that will be used for DNS
+ *                   lookups. If only one transport value is specified it will
+ *                   be the only transport used. Should it not be available
+ *                   basic resolution will fail. Fallback transport options are
+ *                   specified by including multiple values in the list.
+ *                   The values are: GETDNS_TRANSPORT_UDP, GETDNS_TRANSPORT_TCP,
+ *                   or GETDNS_TRANSPORT_TLS
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_CONTEXT_UPDATE_FAIL with unknown values
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
+ */
 getdns_return_t
 getdns_context_set_dns_transport_list(getdns_context *context,
     size_t transport_count, getdns_transport_list_t *transports);
 
+/**
+ * Specify number of milliseconds the API will leave an idle TCP or TLS
+ * connection open for (idle means no outstanding responses and no pending
+ * queries).  When set to 0, all currently open idle connections will be
+ * closed immediately.  The default is 0.
+ * Note with synchronous queries, idle connections can not reliably be timed.
+ * Each new synchronous request, will reset the counter no matter the time
+ * in between requests, and thus leave the connection open always.  This
+ * setting is thus only meaningful when doing requests asynchronously.
+ * @param context The context to configure
+ * @param timeout The number of milliseconds the API will leave an idle TCP
+ *                or TLS connection open for
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
+ */
 getdns_return_t
 getdns_context_set_idle_timeout(getdns_context *context, uint64_t timeout);
 
+/**
+ * Limit the number of outstanding DNS queries. When more than limit requests
+ * are scheduled, they are kept on an internal queue, to be rescheduled when
+ * the number of outstanding queries drops below the limit again.
+ * A value of 0 indicates that the number of outstanding DNS queries is
+ * unlimited, however, queries will be put on the internal queue too when
+ * system resources are exhausted (i.e. number of available sockets).
+ * The default value is 0.
+ * @param context The context to configure
+ * @param limit The maximum number of outstanding DNS queries.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
+ */
 getdns_return_t
 getdns_context_set_limit_outstanding_queries(getdns_context *context,
     uint16_t limit);
 
+/**
+ * Specifies number of milliseconds the API will wait for request to return.
+ * The default is 5000 (i.e. 5 seconds).
+ * @param context The context to configure
+ * @param timeout The number of milliseconds the API will wait for request to
+ *                return.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_INVALID_PARAMETER for a timeout 0,
+ *         or when context was NULL
+ */
 getdns_return_t
 getdns_context_set_timeout(getdns_context *context, uint64_t timeout);
 
+/**
+ * Specifies whether or not DNS queries follow redirects.
+ * The default value is GETDNS_REDIRECTS_FOLLOW.
+ * In this implementation, redirects are only actively followed in the recursing
+ * resolution mode.  The GETDNS_REDIRECTS_DO_NOT_FOLLOW will not prevent this,
+ * but the response will be stripped of all resource records that could only be
+ * found through following redirects.  The setting will do this with answers
+ * provided by an upstream in stub resolution mode too.
+ * @param context The context to configure
+ * @param value GETDNS_REDIRECTS_FOLLOW for normal following of redirects
+ *              through CNAME and DNAME; or GETDNS_REDIRECTS_DO_NOT_FOLLOW to
+ *              cause any lookups that would have gone through CNAME and DNAME
+ *              to return the CNAME or DNAME, not the eventual target.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_INVALID_PARAMETER for an unknown value,
+ *         or when context was NULL
+ */
 getdns_return_t
 getdns_context_set_follow_redirects(getdns_context *context,
     getdns_redirects_t value);
 
+/**
+ * Configure the list of addresses to be used for looking up top-level domains.
+ * The default is the list of "normal" IANA root servers
+ * @param context The context to configure
+ * @param addresses The list contains dicts that are addresses to be used for
+ *                  looking up top-level domains. Each dict in the list
+ *                  contains at least two names: address_type (whose value is
+ *                  a bindata; it is currently either "IPv4" or "IPv6") and
+ *                  address_data (whose value is a bindata).
+ *                  This implementation also accepts a list of addressxi
+ *                  bindatas. Or a list of rr_dicts for address records (i.e.
+ *                  the additional section of a NS query for ".", or a with
+ *                  getdns_fp2rr_list() converted root.hints file).
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_ CONTEXT_UPDATE_FAIL when there were problems
+ *         parsing the provided addresses list.
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL
+ */
 getdns_return_t
 getdns_context_set_dns_root_servers(getdns_context *context,
     getdns_list *addresses);
 
+/**
+ * Specifies whether, how and when to append a suffix to the query string.
+ * The non-standard implementation default is
+ * GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST.
+ * @param context The context to configure
+ * @param value GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST,
+ *              GETDNS_APPEND_NAME_ALWAYS,
+ *              GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE,
+ *              GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE,
+ *              or GETDNS_APPEND_NAME_NEVER.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_ CONTEXT_UPDATE_FAIL with unknown values.
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL
+ */
 getdns_return_t
 getdns_context_set_append_name(getdns_context *context,
     getdns_append_name_t value);
 
+/**
+ * Specify the list of suffixes to be appended based on the value off the 
+ * append_name setting.  The default is read from OS, or an empty list when
+ * the context is not initialized with OS defaults.
+ * @param context The context to configure
+ * @param value A list of bindatas that are strings that are to be appended
+ *              based on the value off the append_name setting.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_ CONTEXT_UPDATE_FAIL with unknown values.
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL
+ */
 getdns_return_t
 getdns_context_set_suffix(getdns_context *context, getdns_list *value);
 
+/**
+ * Specify the DNSSEC trust anchors.  The default is to read it from 
+ * @TRUST_ANCHOR_FILE@.
+ * @param context The context to configure
+ * @param value A list of rr_dicts for DS or DNSKEY that are the DNSSEC
+ *              trust anchors.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_ CONTEXT_UPDATE_FAIL with unknown values.
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL
+ */
 getdns_return_t
 getdns_context_set_dnssec_trust_anchors(getdns_context *context,
     getdns_list *value);
 
+/**
+ * Specify the DNSSEC allowed skew.  The default is 0.
+ * @param context The context to configure
+ * @param value The number of seconds of skew that is allowed in either
+ *              direction when checking an RRSIG's Expiration and Inception
+ *              fields.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL
+ */
 getdns_return_t
 getdns_context_set_dnssec_allowed_skew(getdns_context *context,
     uint32_t value);
 
+
+/**
+ * Specify where a stub resolver will send queries.  The default value is set
+ * from the OS when the context is created with the set_from_os flag, or
+ * empty otherwise.
+ * @param context The context to configure
+ * @param upstream_list The upstreams are specified either by a getdns_bindata
+ *                      containing a IPv4 or IPv6 address in network format
+ *                      or a `getdns_dict`, containing at least a name
+ *                      `address_data` whose value is the address bindata, and
+ *                      optionally also:
+ *                      - `scode_id` containing an getdns_bindata with the
+ *                        scope ID for IPv6 link-local addresses.
+ *                      - `port` an integer specifying which port to use to
+ *                        contact this upstream over UDP and TCP;
+ *                        the default is 53
+ *                      - `tsig_algorithm` (a bindata) that is the name of the
+ *                        TSIG hash algorithm 
+ *                      - `tsig_name` (a bindata) that is the name of the TSIG key
+ *                      - `tsig_secret` (a bindata) that is the TSIG key
+ *                      - `tls_port` (a integer) that is the port to use to
+ *                        contact this upstream over TLS
+ *                      - `tls_auth_name` (a bindata) that is the name of the
+ *                        upstream (as a bindata containing a string) which
+ *                        must be verified to confirm its identity.
+ *                      - `tls_pubkey_pinset` (a list) containing dicts with
+ *                        - `digest` which must be a bindata containing the
+ *                          text sha256
+ *                        - `value` A SHA256 hash of the `SubjectPublicKeyInfo`
+ *                          of the upstream, which will be used to authenticate
+ *                          it.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_INVALID_PARAMETER when `context` or `upstream_list` was `NULL`
+ * @return GETDNS_RETURN_CONTEXT_UPDATE_FAIL when there were problems parsing
+ *         the `upstream_list`.
+ */
 getdns_return_t
 getdns_context_set_upstream_recursive_servers(getdns_context *context,
     getdns_list *upstream_list);
 
+/**
+ * Set the maximum UDP payload size advertised in a EDNS0 OPT record.
+ * When not set (the default), outgoing values will adhere to the suggestions
+ * in RFC 6891 and may follow a scheme that uses multiple values to maximize
+ * receptivity.
+ * @param context The context to configure
+ * @param value The maximum UDP payload size advertised in a EDNS0 OPT record.
+ *              The value must be between 512 and 65536
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL
+ */
 getdns_return_t
 getdns_context_set_edns_maximum_udp_payload_size(getdns_context *context,
     uint16_t value);
 
+/**
+ * Set the rcode advertised in a EDNS0 OPT record.  The default is 0.
+ * @param context The context to configure
+ * @param value  A value between 0 and 255.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL
+ */
 getdns_return_t
 getdns_context_set_edns_extended_rcode(getdns_context *context,
     uint8_t value);
 
+/**
+ * Set the version advertised in a EDNS0 OPT record.  The default is 0.
+ * @param context The context to configure
+ * @param value  A value between 0 and 255.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL
+ */
 getdns_return_t
 getdns_context_set_edns_version(getdns_context *context, uint8_t value);
 
+/**
+ * Set the DO advertised in a EDNS0 OPT record.  The default is 0.
+ * However use of any of the dnssec_* extension will override this setting
+ * and set the DO bit.
+ * @param context The context to configure
+ * @param value  A value between 0 and 1.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL
+ */
 getdns_return_t
 getdns_context_set_edns_do_bit(getdns_context *context, uint8_t value);
 
+/**
+ * Specify custom memory management functions to be used with this context.
+ * The given memory management functions will be used for creating the response
+ * dicts. The response dicts inherit the custom memory management functions
+ * from the context and will deallocate themselves (and their members) with the
+ * custom deallocator. By default, the system `malloc`, `realloc`, and `free` are used.
+ * @param context The context to configure
+ * @param malloc A custom memory allocator.  The default is `malloc`.
+ * @param realloc A custom memory reallocator. The default is `realloc`.
+ * @param free A custom memory deallocator. The default is `free`.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL
+ */
 getdns_return_t
 getdns_context_set_memory_functions(getdns_context *context,
     void *(*malloc) (size_t),
@@ -1319,6 +1716,22 @@ getdns_context_set_memory_functions(getdns_context *context,
     void (*free) (void *)
     );
 
+/**
+ * Specify custom extended memory management functions to be used with this
+ * context.  The value of `userarg` argument will be passed to the custom
+ * `malloc`, `realloc`, and `free`.
+ * The response dicts inherit the custom memory management functions
+ * from the context and will deallocate themselves (and their members) with the
+ * custom deallocator. By default, the system `malloc`, `realloc`, and `free` are used.
+ * @param context The context to configure
+ * @param userarg This value will be passed as the `userarg` argument to the
+ *                custom `malloc`, `realloc` and `free` function.
+ * @param malloc A custom memory allocator.  The default is a wrapper for `malloc`.
+ * @param realloc A custom memory reallocator. The default is a wrapper for `realloc`.
+ * @param free A custom memory deallocator. The default is a wrapper for `free`.
+ * @return GETDNS_RETURN_GOOD when successful. 
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL
+ */
 getdns_return_t
 getdns_context_set_extended_memory_functions(getdns_context *context,
     void *userarg,
@@ -1329,7 +1742,22 @@ getdns_context_set_extended_memory_functions(getdns_context *context,
 /** @}
  */
 
-/* api information support */
+/**
+ * Retrieve information about the API itself and inspect the current context.
+ * The returned dictionary can be used with getdns_context_config() directly
+ * to configure another context with precisely these settings.
+ * @param context The context from which to get the information
+ * @return A getdns_dict containing the following name/value pairs:
+ *         - `version_string` (a bindata) represents the version string for this version of the DNS API.
+ *         - `implementation_string` (a bindata) is a string showing which
+ *           implementation of the getdns API this is.  In our implementation
+ *           this will always be set to "https://getdnsapi.net"
+ *         - resolution_type (an int) is the type of resolver that the API is
+ *            acting as in this context: GETDNS_RESOLUTION_RECURSING or
+ *            GETDNS_RESOLUTION_STUB.
+ *         - all_context (a dict) with names for all the other settings in
+ *           context.
+ */
 getdns_dict*
 getdns_context_get_api_information(getdns_context* context);
 

From 708e520989001bda926ebf6ab8f98549d9698866 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 11 Apr 2017 23:33:24 +0200
Subject: [PATCH 237/249] Spelling fixes from Andreas Schulze

---
 ChangeLog                                           | 3 ++-
 doc/getdns_address.3.in                             | 2 +-
 doc/getdns_cancel_callback.3.in                     | 2 +-
 doc/getdns_context.3.in                             | 4 ++--
 doc/getdns_context_set.3.in                         | 2 +-
 doc/getdns_context_set_context_update_callback.3.in | 2 +-
 doc/getdns_convert.3.in                             | 2 +-
 doc/getdns_dict.3.in                                | 2 +-
 doc/getdns_dict_get.3.in                            | 2 +-
 doc/getdns_dict_set.3.in                            | 2 +-
 doc/getdns_display_ip_address.3.in                  | 2 +-
 doc/getdns_general.3.in                             | 2 +-
 doc/getdns_hostname.3.in                            | 2 +-
 doc/getdns_list.3.in                                | 2 +-
 doc/getdns_list_get.3.in                            | 2 +-
 doc/getdns_list_set.3.in                            | 2 +-
 doc/getdns_pretty_print_dict.3.in                   | 2 +-
 doc/getdns_root_trust_anchor.3.in                   | 2 +-
 doc/getdns_service.3.in                             | 2 +-
 doc/getdns_validate_dnssec.3.in                     | 2 +-
 doc/libgetdns.3.in                                  | 4 ++--
 src/stub.c                                          | 2 +-
 src/test/tests_transports.sh                        | 4 ++--
 src/tools/getdns_query.c                            | 8 ++++----
 src/types-internal.h                                | 2 +-
 25 files changed, 32 insertions(+), 31 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1299763c..5a8b7140 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,5 @@
 * 2017-04-??: Version 1.1.0
+  * Spelling fixes.  Thanks Andreas Schulze.
   * bugfix: Reschedule request timeout when getting the DNSSEC chain.
   * getdns_context_unset_edns_maximum_udp_payload_size() to reset
     to default IPv4/IPv6 dependent edns max udp payload size.
@@ -176,7 +177,7 @@
     '-1' to append suffix only to single label after failure
     '-M' to append suffix only to multi label name after failure
     '-N' to never append a suffix
-    '-Z <suffixes>' to set suffixes with the given comma separed list
+    '-Z <suffixes>' to set suffixes with the given comma separated list
   * Better help text for getdns_query (printed with the '-h' option)
   * Setting the +specify_class extension with getdns_query
   * Return NOT_IMPLEMENTED for not implemented namespaces, and the
diff --git a/doc/getdns_address.3.in b/doc/getdns_address.3.in
index 122f2392..561518d9 100644
--- a/doc/getdns_address.3.in
+++ b/doc/getdns_address.3.in
@@ -33,7 +33,7 @@
 -- get ip address(es) for a name
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_cancel_callback.3.in b/doc/getdns_cancel_callback.3.in
index 012bd3ef..297e3053 100644
--- a/doc/getdns_cancel_callback.3.in
+++ b/doc/getdns_cancel_callback.3.in
@@ -32,7 +32,7 @@
 -- cancel an outstanding asyn getdns request
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_context.3.in b/doc/getdns_context.3.in
index 71ed4b15..6fb089bb 100644
--- a/doc/getdns_context.3.in
+++ b/doc/getdns_context.3.in
@@ -39,7 +39,7 @@
 .ad n
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
@@ -141,7 +141,7 @@ in use might have a requirements on this issue. You may need to provide one or
 two functions to allow it to function properly. For example before you call 
 getdns_context_create() you may need to use 
 the openssl functions CRYPTO_set_id_callback and CRYPTO_set_locking_callback to set up
-asyncronous operation (the  application calls these functions once for initialisation).  
+asynchronous operation (the  application calls these functions once for initialisation).
 Openssl 1.0.0 or later uses the CRYPTO_THREADID_set_callback function.
 
 .HP 3
diff --git a/doc/getdns_context_set.3.in b/doc/getdns_context_set.3.in
index 606a653d..b97bc243 100644
--- a/doc/getdns_context_set.3.in
+++ b/doc/getdns_context_set.3.in
@@ -45,7 +45,7 @@
 .ad n
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_context_set_context_update_callback.3.in b/doc/getdns_context_set_context_update_callback.3.in
index d85b1b3e..d51b34ff 100644
--- a/doc/getdns_context_set_context_update_callback.3.in
+++ b/doc/getdns_context_set_context_update_callback.3.in
@@ -32,7 +32,7 @@
 -- get informed on getdns context updates
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_convert.3.in b/doc/getdns_convert.3.in
index 25614585..fb8fca91 100644
--- a/doc/getdns_convert.3.in
+++ b/doc/getdns_convert.3.in
@@ -34,7 +34,7 @@
 -- convert dname between presentation- and wire-format
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_dict.3.in b/doc/getdns_dict.3.in
index d4d9b3b9..2ee2b45c 100644
--- a/doc/getdns_dict.3.in
+++ b/doc/getdns_dict.3.in
@@ -38,7 +38,7 @@
 .ad n
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_dict_get.3.in b/doc/getdns_dict_get.3.in
index 956c0523..45c71870 100644
--- a/doc/getdns_dict_get.3.in
+++ b/doc/getdns_dict_get.3.in
@@ -38,7 +38,7 @@
 -- get value by name from a getdns dict
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_dict_set.3.in b/doc/getdns_dict_set.3.in
index ee684090..f42e455a 100644
--- a/doc/getdns_dict_set.3.in
+++ b/doc/getdns_dict_set.3.in
@@ -36,7 +36,7 @@
 -- set a value by name in a getdns dict
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_display_ip_address.3.in b/doc/getdns_display_ip_address.3.in
index a038f4e9..08ea7da1 100644
--- a/doc/getdns_display_ip_address.3.in
+++ b/doc/getdns_display_ip_address.3.in
@@ -32,7 +32,7 @@
 -- convert an getdns ip address to string
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_general.3.in b/doc/getdns_general.3.in
index 9b983d0d..27b25574 100644
--- a/doc/getdns_general.3.in
+++ b/doc/getdns_general.3.in
@@ -33,7 +33,7 @@
 -- do a getdns DNS lookup
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_hostname.3.in b/doc/getdns_hostname.3.in
index e45c3620..25f53b39 100644
--- a/doc/getdns_hostname.3.in
+++ b/doc/getdns_hostname.3.in
@@ -33,7 +33,7 @@
 -- get hostname by address
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_list.3.in b/doc/getdns_list.3.in
index 2bbd8f3c..47a17272 100644
--- a/doc/getdns_list.3.in
+++ b/doc/getdns_list.3.in
@@ -38,7 +38,7 @@
 .ad n
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_list_get.3.in b/doc/getdns_list_get.3.in
index 1749ef08..d58d6851 100644
--- a/doc/getdns_list_get.3.in
+++ b/doc/getdns_list_get.3.in
@@ -38,7 +38,7 @@
 -- get a value by index from a getdns list
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_list_set.3.in b/doc/getdns_list_set.3.in
index 301bb882..cbba6959 100644
--- a/doc/getdns_list_set.3.in
+++ b/doc/getdns_list_set.3.in
@@ -36,7 +36,7 @@
 -- set a value by index from a getdns list
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_pretty_print_dict.3.in b/doc/getdns_pretty_print_dict.3.in
index 7ab966e3..e3e9f73e 100644
--- a/doc/getdns_pretty_print_dict.3.in
+++ b/doc/getdns_pretty_print_dict.3.in
@@ -32,7 +32,7 @@
 -- return a string representation of a getdns dict
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_root_trust_anchor.3.in b/doc/getdns_root_trust_anchor.3.in
index 401cd297..3d16b238 100644
--- a/doc/getdns_root_trust_anchor.3.in
+++ b/doc/getdns_root_trust_anchor.3.in
@@ -32,7 +32,7 @@
 -- return the getdns list of default root trust anchors
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_service.3.in b/doc/getdns_service.3.in
index 35f40579..ab03c880 100644
--- a/doc/getdns_service.3.in
+++ b/doc/getdns_service.3.in
@@ -33,7 +33,7 @@
 -- getdns lookup of a service
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/getdns_validate_dnssec.3.in b/doc/getdns_validate_dnssec.3.in
index bce70b85..a97ca72e 100644
--- a/doc/getdns_validate_dnssec.3.in
+++ b/doc/getdns_validate_dnssec.3.in
@@ -32,7 +32,7 @@
 -- DNSSEC validate a given getdns record
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 #include <getdns.h>
diff --git a/doc/libgetdns.3.in b/doc/libgetdns.3.in
index 0c4d2ece..791ed384 100644
--- a/doc/libgetdns.3.in
+++ b/doc/libgetdns.3.in
@@ -32,7 +32,7 @@ libgetdns
 -- an implementation of a modern asynchronous DNS API by and for application developers
 
 .SH LIBRARY
-DNS Resolver library (libgetdns, -lgetdns)
+DNS Resolver library (libgetdns, \-lgetdns)
 
 .SH SYNOPSIS
 .B libgetdns
@@ -230,7 +230,7 @@ Set to GETDNS_EXTENSION_TRUE to include the DNSSEC status for each DNS record in
 .HP 3
 "dnssec_return_only_secure" (int)
 
-Set to GETDNS_EXTENSION_TRUE to cause only records that the API can validate as secure withe DNSSEC to be returned in the
+Set to GETDNS_EXTENSION_TRUE to cause only records that the API can validate as secure with DNSSEC to be returned in the
 .I replies_tree
 and
 .I replies_full lists
diff --git a/src/stub.c b/src/stub.c
index 3597cb88..2fa121f1 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -750,7 +750,7 @@ stub_tcp_read(int fd, getdns_tcp_state *tcp, struct mem_funcs *mf)
 
 /* stub_tcp_write(fd, tcp, netreq)
  * will return STUB_TCP_AGAIN when we need to come back again,
- * STUB_TCP_ERROR on error and a query_id on successfull sent.
+ * STUB_TCP_ERROR on error and a query_id on successful sent.
  */
 static int
 stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
diff --git a/src/test/tests_transports.sh b/src/test/tests_transports.sh
index 0cb0947b..89604038 100755
--- a/src/test/tests_transports.sh
+++ b/src/test/tests_transports.sh
@@ -10,7 +10,7 @@ TLS_SERVER_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S="
 TLS_SERVER_SS_KEY="pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI="
 TLS_SERVER_WRONG_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc1S="
 GOOD_RESULT_SYNC="Status was: At least one response was returned"
-GOOD_RESULT_ASYNC="successfull"
+GOOD_RESULT_ASYNC="successful"
 BAD_RESULT_SYNC="1 'Generic error'"
 BAD_RESULT_ASYNC="callback_type of 703"
 NUM_ARGS=3
@@ -196,4 +196,4 @@ done
 
 echo
 echo "Finished transport test: did $COUNT queries, $GOOD_COUNT passes, $FAIL_COUNT failures"
-echo
\ No newline at end of file
+echo
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 7dca01fe..72eb19b2 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -219,7 +219,7 @@ print_usage(FILE *out, const char *progname)
 	}
 	fprintf(out, "\t-D\tSet edns0 do bit\n");
 	fprintf(out, "\t-d\tclear edns0 do bit\n");
-	fprintf(out, "\t-e <idle_timeout>\tSet idle timeout in miliseconds\n");
+	fprintf(out, "\t-e <idle_timeout>\tSet idle timeout in milliseconds\n");
 	if (!i_am_stubby)
 		fprintf(out, "\t-F <filename>\tread the queries from the specified file\n");
 	fprintf(out, "\t-f <filename>\tRead DNSSEC trust anchors from <filename>\n");
@@ -253,7 +253,7 @@ print_usage(FILE *out, const char *progname)
 	       , i_am_stubby ? "" : "(default = recursing)" );
 	if (!i_am_stubby)
 		fprintf(out, "\t-S\tservice lookup (<type> is ignored)\n");
-	fprintf(out, "\t-t <timeout>\tSet timeout in miliseconds\n");
+	fprintf(out, "\t-t <timeout>\tSet timeout in milliseconds\n");
 	fprintf(out, "\t-v\tPrint getdns release version\n");
 	fprintf(out, "\t-x\tDo not follow redirects\n");
 	fprintf(out, "\t-X\tFollow redirects (default)\n");
@@ -263,7 +263,7 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t-1\tAppend suffix only to single label after failure\n");
 	fprintf(out, "\t-M\tAppend suffix only to multi label name after failure\n");
 	fprintf(out, "\t-N\tNever append a suffix\n");
-	fprintf(out, "\t-Z <suffixes>\tSet suffixes with the given comma separed list\n");
+	fprintf(out, "\t-Z <suffixes>\tSet suffixes with the given comma separated list\n");
 
 	fprintf(out, "\t-T\tSet transport to TCP only\n");
 	fprintf(out, "\t-O\tSet transport to TCP only keep connections open\n");
@@ -384,7 +384,7 @@ void callback(getdns_context *context, getdns_callback_type_t callback_type,
 	}
 
 	if (callback_type == GETDNS_CALLBACK_COMPLETE) {
-		printf("Response code was: GOOD. Status was: Callback with ID %"PRIu64"  was successfull.\n",
+		printf("Response code was: GOOD. Status was: Callback with ID %"PRIu64"  was successful.\n",
 			trans_id);
 
 	} else if (callback_type == GETDNS_CALLBACK_CANCEL)
diff --git a/src/types-internal.h b/src/types-internal.h
index e70d8911..22cf649a 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -345,7 +345,7 @@ typedef struct getdns_dns_req {
 	/* the transaction id */
 	getdns_transaction_t trans_id;
 
-	/* Absolute time (in miliseconds since epoch),
+	/* Absolute time (in milliseconds since epoch),
 	 * after which this dns request is expired; i.e. timed out
 	 */
 	uint64_t expires;

From 68a87e4ceeb2d0d166e23732582733b2d03e809c Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 12 Apr 2017 11:21:25 +0200
Subject: [PATCH 238/249] Event loop extension functions documentation

---
 src/getdns/getdns_ext_libev.h    |  16 ++-
 src/getdns/getdns_ext_libevent.h |  16 ++-
 src/getdns/getdns_ext_libuv.h    |  16 ++-
 src/getdns/getdns_extra.h.in     | 174 ++++++++++++++++++++++++++++---
 4 files changed, 205 insertions(+), 17 deletions(-)

diff --git a/src/getdns/getdns_ext_libev.h b/src/getdns/getdns_ext_libev.h
index c65ef8d3..3a39530f 100644
--- a/src/getdns/getdns_ext_libev.h
+++ b/src/getdns/getdns_ext_libev.h
@@ -48,7 +48,21 @@ struct ev_loop;
 /**
  *  \ingroup eventloops
  */
-/* For libevent, which we are using for these examples */
+/**
+ * Associate the libev ev_loop with the context, so that all
+ * asynchronous requests will schedule Input/Output with it.
+ * Synchronous requests will still use a default eventloop based on `poll()`.
+ * Applications need to @code #include <getdns/getdns_ext_libev.h> @endcode
+ * and link with libgetdns_ext_ev to use this function.
+ * getdns needs to have been configured with --with-libev for this 
+ * extension to be available.
+ * @param context The context to configure
+ * @param ev_loop The libev event loop to associate with this context.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_BAD_CONTEXT when context is NULL
+ * @return GETDNS_RETURN_INVALID_PARAMETER when ev_loop is NULL
+ * @return GETDNS_RETURN_MEMORY_ERROR when memory could not be allocated
+ */
 getdns_return_t
 getdns_extension_set_libev_loop(struct getdns_context *context,
     struct ev_loop *ev_loop);
diff --git a/src/getdns/getdns_ext_libevent.h b/src/getdns/getdns_ext_libevent.h
index de364e3f..a7fbc9b5 100644
--- a/src/getdns/getdns_ext_libevent.h
+++ b/src/getdns/getdns_ext_libevent.h
@@ -47,7 +47,21 @@ struct event_base;
 /**
  *  \ingroup eventloops
  */
-/* For libevent, which we are using for these examples */
+/**
+ * Associate the libevent event_base with the context, so that all
+ * asynchronous requests will schedule Input/Output with it.
+ * Synchronous requests will still use a default eventloop based on `poll()`.
+ * Applications need to @code #include <getdns/getdns_ext_libevent.h> @endcode
+ * and link with libgetdns_ext_event to use this function.
+ * getdns needs to have been configured with --with-libevent for this 
+ * extension to be available.
+ * @param context The context to configure
+ * @param this_event_base The libevent event base to associate with this context.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_BAD_CONTEXT when context is NULL
+ * @return GETDNS_RETURN_INVALID_PARAMETER when this_event_base is NULL
+ * @return GETDNS_RETURN_MEMORY_ERROR when memory could not be allocated
+ */
 getdns_return_t
 getdns_extension_set_libevent_base(struct getdns_context *context,
     struct event_base *this_event_base);
diff --git a/src/getdns/getdns_ext_libuv.h b/src/getdns/getdns_ext_libuv.h
index f8809149..03463499 100644
--- a/src/getdns/getdns_ext_libuv.h
+++ b/src/getdns/getdns_ext_libuv.h
@@ -47,7 +47,21 @@ struct uv_loop_s;
 /**
  *  \ingroup eventloops
  */
-/* For libevent, which we are using for these examples */
+/**
+ * Associate the libuv uv_loop with the context, so that all
+ * asynchronous requests will schedule Input/Output with it.
+ * Synchronous requests will still use a default eventloop based on `poll()`.
+ * Applications need to @code #include <getdns/getdns_ext_libuv.h> @endcode 
+ * and link with libgetdns_ext_uv to use this function.
+ * getdns needs to have been configured with --with-libuv for this 
+ * extension to be available.
+ * @param context The context to configure
+ * @param uv_loop The libuv event loop to associate with this context.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_BAD_CONTEXT when context is NULL
+ * @return GETDNS_RETURN_INVALID_PARAMETER when uv_loop is NULL
+ * @return GETDNS_RETURN_MEMORY_ERROR when memory could not be allocated
+ */
 getdns_return_t
 getdns_extension_set_libuv_loop(struct getdns_context *context,
     struct uv_loop_s *uv_loop);
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index c49113dc..4d623803 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -157,69 +157,215 @@ typedef enum getdns_tls_authentication_t {
  *  @{
  */
 
+/**
+ * The type of callback function that is used by the callbacks in an
+ * getdns_eventloop_event.
+ * @param userarg This will have the value of the userarg attribute of the
+ *                getdns_eventloop_event struct in which this callback was
+ *                present.
+ */
 typedef void (*getdns_eventloop_callback)(void *userarg);
 
-/* context extension event data */
-typedef struct getdns_eventloop_event {
+
+typedef struct getdns_eventloop_event getdns_eventloop_event;
+/**
+ * getdns uses an event loop abstraction layer to interface with event loop
+ * extensions. The extension accepts registration of getdns_eventloop_events
+ * and translates them to the underlying event loop API for which it is an
+ * extension.  Also applications using getdns can use the abstraction layer
+ * themselves and in doing so inherit the flexibility being immediately 
+ * compatible with all the event loop systems for which there is an extension
+ * already (i.e. libevent, libev and libuv).
+ */
+struct getdns_eventloop_event {
+	/**
+	 * The userarg argument that will be passed to the
+	 * getdns_eventloop_callbacks when they are fired.
+	 */
 	void *userarg;
+
+	/**
+	 * When not NULL, it will be fired when the associated file descriptor
+	 * is readable.
+	 */
 	getdns_eventloop_callback read_cb;
+
+	/**
+	 * When not NULL, it will be fired when the associated file descriptor
+	 * is writable.
+	 */
 	getdns_eventloop_callback write_cb;
+
+	/**
+	 * When not NULL, it will be fired when the during scheduling specified
+	 * timeout time has passed.
+	 */
 	getdns_eventloop_callback timeout_cb;
 
-	/* Pointer to the underlying event
-	 * that the eventloop extension will create and free.
+	/**
+	 * Pointer to the underlying event
+	 * that an eventloop extension must manage (i.e. create and free.)
 	 */
 	void *ev;
-} getdns_eventloop_event;
+};
 
 typedef struct getdns_eventloop_vmt getdns_eventloop_vmt;
+/**
+ * The manifestation of the event loop abstraction layer.  Event loop
+ * extension implementers should extend this with attributed needed for the
+ * underlying event loop.
+ * The current event loop extension can be obtained with the
+ * getdns_context_get_eventloop() function.
+ */
 typedef struct getdns_eventloop {
+	/**
+	 * The Virtual Method Table providing the interface for this specific
+	 * event loop extension.
+	 */
 	getdns_eventloop_vmt *vmt;
 } getdns_eventloop;
 
-/* A prototype for a method having no arguments and not return value. */
+/**
+ * The function prototype for the `cleanup` and `run` functions in an getdns
+ * event loop's Virtual Method Table.  These methods have no (extra) arguments
+ * and return nothing.
+ * @param loop The event loop to `run` or `cleanup`
+ */
 typedef void (*getdns_eventloop_noargs)(getdns_eventloop *loop);
 
-/* Call the extension to schedule an event
- *
+/**
+ * The function prototype for the `schedule` function in an event loop
+ * Virtual Method Table.
  * The getdns_eventloop_event must be provided by the caller with the callbacks
  * and userarg therein already supplied (by the caller). This function will set
  * the ev pointer (in the getdns_eventloop_event) to refer to the underlying
  * (extension) event.
+ * @param loop The event loop for which to register the event.
+ * @param fd The file descriptor for which to schedule the read_cb and/or
+ *           write_cb callbacks.
+ * @param timeout The number of milliseconds that must pass without read
+ *        and/or write event after which the timeout_cb callback is fired.
+ * @param ev The event with all attributes provisioned, except for the ev->ev
+ *           attribute, which will be provisioned by the implementation of
+ *           the schedule method.
+ * @return GETDNS_RETURN_GOOD when successful and an error code otherwise.
  */
 typedef getdns_return_t (*getdns_eventloop_schedule)(getdns_eventloop *loop,
     int fd, uint64_t timeout, getdns_eventloop_event *ev);
 
-/* Call the extension to clean a scheduled event */
+/**
+ * The function prototype for the `clean` function in an event loop
+ * Virtual Method Table.
+ * The implementation must clear the event (which is referred to with
+ * ev->ev) in the underlying event loop and make ev->ev NULL when done.
+ * getdns will test for this value to determine if events are scheduled or not.
+ * @param loop The event loop for which to event needs to be cleared.
+ * @param ev [in,out] The event with the ev->ev attribute referring to the
+ *           underlying event. ev->ev must be set to NULL after the event
+ *           was cleared.
+ * @return GETDNS_RETURN_GOOD when successful and an error code otherwise.
+ */
 typedef getdns_return_t (*getdns_eventloop_clear)
     (getdns_eventloop *loop, getdns_eventloop_event *ev);
 
+/**
+ * The function prototype for the `run_once` function in an event loop
+ * Virtual Method Table.  The implementation must do a single round of
+ * firing callbacks, either blocking or not.
+ * @param loop The event loop to run
+ * @param blocking When 0, only callbacks for file descriptors that are
+ *                 immediately readable or writable or timeouts that have
+ *                 passed will be fired. When 1, the eventloop will wait
+ *                 until the first callback can be fired, either because a
+ *                 associated file descriptor has become readable or writeable,
+ *                 or because a timeout time passed.
+ */
 typedef void (*getdns_eventloop_run_once)(getdns_eventloop *loop,int blocking);
 
- /* Virtual Method Table */
+/**
+ * The Virtual Method Table providing the interface for this specific
+ * event loop extension.
+ */
 struct getdns_eventloop_vmt {
+	/**
+	 * Destroy the getdns_eventloop and the associated underlying event
+	 * loop for which it is an extension.
+	 */
 	getdns_eventloop_noargs     cleanup;
+
+	/**
+	 * Schedule a getdns_eventloop_event with a getdns_eventloop.
+	 */
 	getdns_eventloop_schedule   schedule;
+
+	/**
+	 * Clear a getdns_eventloop_event
+	 */
 	getdns_eventloop_clear      clear;
+
+	/**
+	 * Run the getdns_eventloop until it has no getdns_eventloop_events
+	 * scheduled.
+	 */
 	getdns_eventloop_noargs     run;
+
+	/**
+	 * Do a single iteration of firing callbacks for scheduled events
+	 * and then return.
+	 */
 	getdns_eventloop_run_once   run_once;
 };
 
-/* set an event loop extension on the context */
+/**
+ * Configure a context to use the specified event loop abstraction extension.
+ * This function must be called with an provisioned eventloop by the
+ * event loop extension registration functions.
+ * @param context The context to configure
+ * @param eventloop The event loop abstraction extension with a completely
+ *                  provisioned Virtual Method Table and other associated
+ *                  data which is opaque to the user.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or eventloop were NULL.
+ */
 getdns_return_t
 getdns_context_set_eventloop(getdns_context* context,
     getdns_eventloop *eventloop);
 
-/* get the currently active (pluggable) eventloop from the context */
+/**
+ * Get the current event loop abstraction extension from the context
+ * Applications using getdns can use the event loop abstraction extension
+ * themselves directly to inherit the flexibility being immediately 
+ * compatible with all the event loop systems for which there is an extension
+ * (i.e. libevent, libev and libuv).
+ * @param context [in] The context to get the eventloop from
+ * @param eventloop [out] The currently active  event loop abstraction extension
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or evenloop were NULL
+ */
 getdns_return_t
 getdns_context_get_eventloop(getdns_context* context,
     getdns_eventloop **eventloop);
 
-/* detach the eventloop from the context */
+/**
+ * Detach the eventloop from the context.  Resets the context with the default
+ * event loop based on poll().  WARNING!  Do not use this function.  It is For
+ * internal use only and may disappear in future releases.
+ * @param context The context to reset to default event loop usage
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context is NULL
+ */
 getdns_return_t
 getdns_context_detach_eventloop(getdns_context *context);
 
-/* Run the context's event loop until nothing more to do */
+/**
+ * Run the context's event loop until nothing more to do.
+ * This is equivalend to:
+ * ```c
+ * if (getdns_context_get_eventloop(context, &loop) == GETDNS_RETURN_GOOD)
+ * 	loop->vmt->run(loop);
+ * ```
+ * @param context The context which event loop to run.
+ */
 void
 getdns_context_run(getdns_context *context);
 /** @}

From 2226c722a9c946be41529c84aaee2603c0e53bb0 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 12 Apr 2017 12:35:46 +0200
Subject: [PATCH 239/249] Extra context setters

---
 src/getdns/getdns.h.in       |  3 ++
 src/getdns/getdns_extra.h.in | 99 ++++++++++++++++++++++++++++++++++--
 src/mk-symfiles.sh           |  2 +-
 3 files changed, 98 insertions(+), 6 deletions(-)

diff --git a/src/getdns/getdns.h.in b/src/getdns/getdns.h.in
index 618bb835..c984e69a 100644
--- a/src/getdns/getdns.h.in
+++ b/src/getdns/getdns.h.in
@@ -1362,6 +1362,9 @@ char *getdns_display_ip_address(const getdns_bindata
 
 /**
  * An application can be notified when the context is changed.
+ * Note that this implementation has an extended version of this function
+ * in which an additional userarg parameter can be registered:
+ * #getdns_context_set_update_callback .
  * @param context The context for which to monitor changes
  * @param value The callback function that will be called when any context is
  *              changed. A update callback function can be deregistered by
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 4d623803..02088978 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -392,36 +392,125 @@ getdns_return_t
 getdns_context_set_update_callback(getdns_context *context, void *userarg,
     void (*value) (getdns_context *, getdns_context_code_t, void *));
 
-/* Enable the return_dnssec_status extension on every request.
-   value is either GETDNS_EXTENSION_TRUE or GETDNS_EXTENSION_FALSE
-   returns GETDNS_RETURN_GOOD on success or GETDNS_RETURN_INVALID_PARAMETER
-   if context or value is invalid */
+/**
+ * Enable the return_dnssec_status extension on every request.
+ * @param context The context to configure
+ * @param value is either GETDNS_EXTENSION_TRUE or GETDNS_EXTENSION_FALSE
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_INVALID_PARAMETER if context or value is invalid
+ */
 getdns_return_t getdns_context_set_return_dnssec_status(
     getdns_context *context, int enabled);
 
-/* tells underlying unbound to use background threads or fork */
+/**
+ * Tell underlying unbound context to use background threads or fork.
+ * This is only relevant for libunbound version before 1.5.9.  After this
+ * version the underlying unbound will share the event loop with getdns
+ * eliminating the use for threads.  Since the need for this function is
+ * doubtful and likely to disappear in the future, use is strongly
+ * discouraged.
+ * @param context The context to configure
+ * @param use_threads is either 1 to use threads, or 0 to use fork
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_INVALID_PARAMETER if context is NULL
+ */
 getdns_return_t getdns_context_set_use_threads(getdns_context* context,
     int use_threads);
 
+/**
+ * Configure context for oppertunistic or scrict usage profile with DNS
+ * over TLS.
+ * @param context The context to configure
+ * @param value is either GETDNS_AUTHENTICATION_REQUIRED for the strict
+ *              usage profile or GETDNS_AUTHENTICATION_NONE for opportunistic
+ *              profile.
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_INVALID_PARAMETER if context is null or value has an
+ *         invalid value.
+ */
 getdns_return_t
 getdns_context_set_tls_authentication(
     getdns_context *context, getdns_tls_authentication_t value);
 
+/**
+ * Configure context to round robin queries over the available upstreams
+ * when resolving with the stub resolution type.
+ * @param context The context to configure
+ * @param value is either 1 to enable and 0 to disable round robin.
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_INVALID_PARAMETER if context is null or value has an
+ *         invalid value.
+ */
 getdns_return_t
 getdns_context_set_round_robin_upstreams(getdns_context *context, uint8_t value);
 
+/**
+ * Configure the amount of seconds a TLS connection should not be tried with
+ * an upstream when it has never been tried before.  Default is 3600 which is
+ * one hour.
+ * @param context The context to configure
+ * @param value Number of seconds before an attempt to setup DNS over TLS,
+ *              with an upstream for which setting up an TLS connection has
+ *              never been successful before, will be retried.
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_INVALID_PARAMETER if context is null.
+ */
 getdns_return_t
 getdns_context_set_tls_backoff_time(getdns_context *context, uint16_t value);
 
+/**
+ * Configure the number of times getdns retries to setup DNS over TLS with a
+ * specific upstream, before it decides to give up for tls_backoff_time
+ * seconds.  The default is 2.
+ * @param context The context to configure
+ * @param value Number of attempts to retry setting up a DNS over TLS
+ *              connection before giving up.
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_INVALID_PARAMETER if context is null.
+ */
 getdns_return_t
 getdns_context_set_tls_connection_retries(getdns_context *context, uint16_t value);
 
+/**
+ * Configure context to sent queries with the EDNS Client Subnet option set
+ * to hide the originating network when resolving in stub resolution.
+ * The default is 0 (disabled).
+ * @param context The context to configure
+ * @param value is either 1 to enable and 0 to disable.
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_INVALID_PARAMETER if context is null or value has an
+ *         invalid value.
+ */
 getdns_return_t
 getdns_context_set_edns_client_subnet_private(getdns_context *context, uint8_t value);
 
+/**
+ * Configure context to pad each outgoing query over TLS to a multiple of the
+ * requested blocksizes.  A value of 0 means disable, and a value of 1 means
+ * to "pad using a sensible policy".  The default is 1 (pad using sensible policy).
+ * @param context The context to configure
+ * @param value The requested block size to pad to, or 0 to disable, or 1 to
+ *              indicate that the library should use a sinsible policy.
+ *              Currently that just means to pad to a multiple of 128 octets for
+ *              outgoing queries, but this might change in the future.
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_INVALID_PARAMETER if context is null or value has an
+ *         invalid value.
+ */
 getdns_return_t
 getdns_context_set_tls_query_padding_blocksize(getdns_context *context, uint16_t value);
 
+/**
+ * Configure context to advertise maximum UDP payload size values, that
+ * adhere to the suggestions in RFC 6891 and may follow a scheme that uses
+ * multiple values to maximize receptivity. In practice with our implementation
+ * this means 1432 for IPv4 upstreams and 1232 for IPv6 upstreams.
+ * The default is to have the edns maximum UDP payload size to be unset and
+ * thus use the adaptive scheme.
+ * @param context The context to configure
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_INVALID_PARAMETER if context is null.
+ */
 getdns_return_t
 getdns_context_unset_edns_maximum_udp_payload_size(getdns_context *context);
 /** @}
diff --git a/src/mk-symfiles.sh b/src/mk-symfiles.sh
index 878196b9..597657b7 100755
--- a/src/mk-symfiles.sh
+++ b/src/mk-symfiles.sh
@@ -3,7 +3,7 @@
 write_symbols() {
 	OUTPUT=$1
 	shift
-	grep 'getdns_[0-9a-zA-Z_]*(' $* | grep -v '^#' | grep -v 'INLINE' \
+	grep 'getdns_[0-9a-zA-Z_]*(' $* | grep -v '^#' | grep -v 'INLINE' | grep -v 'getdns_extra\.h\.in: \* if' \
 	| sed -e 's/(.*$//g' -e 's/^.*getdns_/getdns_/g' | LC_ALL=C sort | uniq > $OUTPUT
 }
 

From b5739434efdfe3f578ad5dd490c5dbf5d42dbe76 Mon Sep 17 00:00:00 2001
From: Hrish1 <hmail17.95@gmail.com>
Date: Wed, 12 Apr 2017 20:05:31 +0530
Subject: [PATCH 240/249] Some mispelled words corrected

---
 project-doc/cachedesign.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/project-doc/cachedesign.txt b/project-doc/cachedesign.txt
index fcce2b3d..71606e7c 100644
--- a/project-doc/cachedesign.txt
+++ b/project-doc/cachedesign.txt
@@ -13,10 +13,10 @@ Recursive Resolver Cache
 Caching is arguably an important feature for most recursive resolvers.
 In this case we are not intending a replacement for the fully
 functional recursive resolvers already available (BIND, Unbound, etc.)
-so we shoudl limit a cache implementation to behaviors important to
+so we should limit a cache implementation to behaviors important to
 proper operation of a recursive resolver.
 
-DNSSEC validation can potentially triggers more queries than a simple
+DNSSEC validation can potentially trigger more queries than a simple
 request for a A RR so I think it makes sense to cache root and TLD
 data.  Once we have gone that far it isn't much of a reach to cache
 at each layer in the hierarchy (depth will not increase the coding

From 6e66754795e4eb670d7376743f6e59da77656189 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Wed, 12 Apr 2017 18:19:34 +0100
Subject: [PATCH 241/249] Nope - just add uncensored as the yeti servers would
 require a different trust anchor

---
 src/tools/stubby.conf | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf
index bd9e636e..adfe3c0f 100644
--- a/src/tools/stubby.conf
+++ b/src/tools/stubby.conf
@@ -61,13 +61,6 @@
         , value: pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=
       } ]
     },
-    { address_data: 2001:4b98:dc2:43:216:3eff:fea9:41a
-    , tls_auth_name: "dns-resolver.yeti.eu.org"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: 8jkVGv5GP34E70/tDu+j2vnZ1bikayym2QvF4mkX11g=
-      } ]
-    },
     { address_data: 89.233.43.71 
     , tls_auth_name: "unicast.censurfridns.dk"
     },

From 8c45f1fded99085e73087d7e225f797650746dba Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 12 Apr 2017 22:50:17 +0200
Subject: [PATCH 242/249] All remaining doxygen documentation

Existing documentation needs to be reviewed too though...
---
 src/getdns/getdns.h.in       |  27 ++-
 src/getdns/getdns_extra.h.in | 404 +++++++++++++++++++++++++++++++----
 2 files changed, 389 insertions(+), 42 deletions(-)

diff --git a/src/getdns/getdns.h.in b/src/getdns/getdns.h.in
index c984e69a..bd1e36fd 100644
--- a/src/getdns/getdns.h.in
+++ b/src/getdns/getdns.h.in
@@ -1382,6 +1382,7 @@ getdns_context_set_context_update_callback(
 /**
  * Specify whether DNS queries are performed with recursive lookups or as a
  * stub resolver. The default value is GETDNS_RESOLUTION_RECURSING.
+ * @see getdns_context_get_resolution_type
  * @param context The context to configure
  * @param value GETDNS_RESOLUTION_RECURSING or GETDNS_RESOLUTION_STUB.
  * @return GETDNS_RETURN_GOOD when successful
@@ -1400,6 +1401,7 @@ getdns_context_set_resolution_type(getdns_context *context,
  * getdns_general_sync functions; it is used for the other funtions. 
  * When a normal lookup is done, the API does the lookups in the order given
  * and stops when it gets the first result
+ * @see getdns_context_get_namespaces
  * @param context The context to configure
  * @param namespace_count The number of values in the namespaces list.
  * @param namespaces An ordered list of namespaces that will be queried.
@@ -1422,8 +1424,11 @@ getdns_context_set_namespaces(getdns_context *context,
 /**
  * Specifies what transport are used for DNS lookups. The default is
  * GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP. Use of this function
- * is discouraged.  Please use getdns_context_set_dns_transport_list()
+ * is discouraged.  Please use #getdns_context_set_dns_transport_list()
  * instead of this function.  
+ * @see getdns_context_get_dns_transport
+ * @see getdns_context_set_dns_transport_list
+ * @see getdns_context_get_dns_transport_list
  * @param context The context to configure
  * @param value The transport to use for DNS lookups.
  *              The value is GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP,
@@ -1444,6 +1449,9 @@ getdns_context_set_dns_transport(getdns_context *context,
  * containing GETDNS_TRANSPORT_UDP then GETDNS_TRANSPORT_TCP.  The API will
  * return information on the actual transport used to fulfill the request in
  * the response dict, when the return_call_reporting extension is used.
+ * @see getdns_context_get_dns_transport_list
+ * @see getdns_context_set_dns_transport
+ * @see getdns_context_get_dns_transport
  * @param context The context to configure
  * @param transport_count The number of values in the transports list.
  * @param transports An ordered list of transports that will be used for DNS
@@ -1470,6 +1478,7 @@ getdns_context_set_dns_transport_list(getdns_context *context,
  * Each new synchronous request, will reset the counter no matter the time
  * in between requests, and thus leave the connection open always.  This
  * setting is thus only meaningful when doing requests asynchronously.
+ * @see getdns_context_get_idle_timeout
  * @param context The context to configure
  * @param timeout The number of milliseconds the API will leave an idle TCP
  *                or TLS connection open for
@@ -1487,6 +1496,7 @@ getdns_context_set_idle_timeout(getdns_context *context, uint64_t timeout);
  * unlimited, however, queries will be put on the internal queue too when
  * system resources are exhausted (i.e. number of available sockets).
  * The default value is 0.
+ * @see getdns_context_get_limit_outstanding_queries
  * @param context The context to configure
  * @param limit The maximum number of outstanding DNS queries.
  * @return GETDNS_RETURN_GOOD when successful. 
@@ -1499,6 +1509,7 @@ getdns_context_set_limit_outstanding_queries(getdns_context *context,
 /**
  * Specifies number of milliseconds the API will wait for request to return.
  * The default is 5000 (i.e. 5 seconds).
+ * @see getdns_context_get_timeout
  * @param context The context to configure
  * @param timeout The number of milliseconds the API will wait for request to
  *                return.
@@ -1517,6 +1528,7 @@ getdns_context_set_timeout(getdns_context *context, uint64_t timeout);
  * but the response will be stripped of all resource records that could only be
  * found through following redirects.  The setting will do this with answers
  * provided by an upstream in stub resolution mode too.
+ * @see getdns_context_get_follow_redirects
  * @param context The context to configure
  * @param value GETDNS_REDIRECTS_FOLLOW for normal following of redirects
  *              through CNAME and DNAME; or GETDNS_REDIRECTS_DO_NOT_FOLLOW to
@@ -1533,6 +1545,7 @@ getdns_context_set_follow_redirects(getdns_context *context,
 /**
  * Configure the list of addresses to be used for looking up top-level domains.
  * The default is the list of "normal" IANA root servers
+ * @see getdns_context_get_dns_root_servers
  * @param context The context to configure
  * @param addresses The list contains dicts that are addresses to be used for
  *                  looking up top-level domains. Each dict in the list
@@ -1556,6 +1569,7 @@ getdns_context_set_dns_root_servers(getdns_context *context,
  * Specifies whether, how and when to append a suffix to the query string.
  * The non-standard implementation default is
  * GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST.
+ * @see getdns_context_get_append_name
  * @param context The context to configure
  * @param value GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST,
  *              GETDNS_APPEND_NAME_ALWAYS,
@@ -1574,6 +1588,7 @@ getdns_context_set_append_name(getdns_context *context,
  * Specify the list of suffixes to be appended based on the value off the 
  * append_name setting.  The default is read from OS, or an empty list when
  * the context is not initialized with OS defaults.
+ * @see getdns_context_get_suffix
  * @param context The context to configure
  * @param value A list of bindatas that are strings that are to be appended
  *              based on the value off the append_name setting.
@@ -1587,6 +1602,7 @@ getdns_context_set_suffix(getdns_context *context, getdns_list *value);
 /**
  * Specify the DNSSEC trust anchors.  The default is to read it from 
  * @TRUST_ANCHOR_FILE@.
+ * @see getdns_context_get_dnssec_trust_anchors
  * @param context The context to configure
  * @param value A list of rr_dicts for DS or DNSKEY that are the DNSSEC
  *              trust anchors.
@@ -1600,6 +1616,7 @@ getdns_context_set_dnssec_trust_anchors(getdns_context *context,
 
 /**
  * Specify the DNSSEC allowed skew.  The default is 0.
+ * @see getdns_context_get_dnssec_allowed_skew
  * @param context The context to configure
  * @param value The number of seconds of skew that is allowed in either
  *              direction when checking an RRSIG's Expiration and Inception
@@ -1616,6 +1633,7 @@ getdns_context_set_dnssec_allowed_skew(getdns_context *context,
  * Specify where a stub resolver will send queries.  The default value is set
  * from the OS when the context is created with the set_from_os flag, or
  * empty otherwise.
+ * @see getdns_context_get_upstream_recursive_servers
  * @param context The context to configure
  * @param upstream_list The upstreams are specified either by a getdns_bindata
  *                      containing a IPv4 or IPv6 address in network format
@@ -1656,6 +1674,8 @@ getdns_context_set_upstream_recursive_servers(getdns_context *context,
  * When not set (the default), outgoing values will adhere to the suggestions
  * in RFC 6891 and may follow a scheme that uses multiple values to maximize
  * receptivity.
+ * @see getdns_context_get_edns_maximum_udp_payload_size
+ * @see getdns_context_unset_edns_maximum_udp_payload_size
  * @param context The context to configure
  * @param value The maximum UDP payload size advertised in a EDNS0 OPT record.
  *              The value must be between 512 and 65536
@@ -1668,6 +1688,7 @@ getdns_context_set_edns_maximum_udp_payload_size(getdns_context *context,
 
 /**
  * Set the rcode advertised in a EDNS0 OPT record.  The default is 0.
+ * @see getdns_context_get_edns_extended_rcode
  * @param context The context to configure
  * @param value  A value between 0 and 255.
  * @return GETDNS_RETURN_GOOD when successful. 
@@ -1679,6 +1700,7 @@ getdns_context_set_edns_extended_rcode(getdns_context *context,
 
 /**
  * Set the version advertised in a EDNS0 OPT record.  The default is 0.
+ * @see getdns_context_get_edns_version
  * @param context The context to configure
  * @param value  A value between 0 and 255.
  * @return GETDNS_RETURN_GOOD when successful. 
@@ -1688,9 +1710,10 @@ getdns_return_t
 getdns_context_set_edns_version(getdns_context *context, uint8_t value);
 
 /**
- * Set the DO advertised in a EDNS0 OPT record.  The default is 0.
+ * Set the DO ibit advertised in a EDNS0 OPT record.  The default is 0.
  * However use of any of the dnssec_* extension will override this setting
  * and set the DO bit.
+ * @see getdns_context_get_edns_do_bit
  * @param context The context to configure
  * @param value  A value between 0 and 1.
  * @return GETDNS_RETURN_GOOD when successful. 
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 02088978..bd41f51f 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -210,6 +210,7 @@ struct getdns_eventloop_event {
 };
 
 typedef struct getdns_eventloop_vmt getdns_eventloop_vmt;
+
 /**
  * The manifestation of the event loop abstraction layer.  Event loop
  * extension implementers should extend this with attributed needed for the
@@ -320,6 +321,7 @@ struct getdns_eventloop_vmt {
  * Configure a context to use the specified event loop abstraction extension.
  * This function must be called with an provisioned eventloop by the
  * event loop extension registration functions.
+ * @see getdns_context_get_eventloop
  * @param context The context to configure
  * @param eventloop The event loop abstraction extension with a completely
  *                  provisioned Virtual Method Table and other associated
@@ -337,6 +339,7 @@ getdns_context_set_eventloop(getdns_context* context,
  * themselves directly to inherit the flexibility being immediately 
  * compatible with all the event loop systems for which there is an extension
  * (i.e. libevent, libev and libuv).
+ * @see getdns_context_set_eventloop
  * @param context [in] The context to get the eventloop from
  * @param eventloop [out] The currently active  event loop abstraction extension
  * @return GETDNS_RETURN_GOOD when successful
@@ -346,17 +349,6 @@ getdns_return_t
 getdns_context_get_eventloop(getdns_context* context,
     getdns_eventloop **eventloop);
 
-/**
- * Detach the eventloop from the context.  Resets the context with the default
- * event loop based on poll().  WARNING!  Do not use this function.  It is For
- * internal use only and may disappear in future releases.
- * @param context The context to reset to default event loop usage
- * @return GETDNS_RETURN_GOOD when successful
- * @return GETDNS_RETURN_INVALID_PARAMETER when context is NULL
- */
-getdns_return_t
-getdns_context_detach_eventloop(getdns_context *context);
-
 /**
  * Run the context's event loop until nothing more to do.
  * This is equivalend to:
@@ -376,8 +368,10 @@ getdns_context_run(getdns_context *context);
  * \defgroup Ucontextset Additional getdns_context_set functions
  *  @{
  */
+
 /**
  * Register a callback function for context changes.
+ * @see getdns_context_set_context_update_callback
  * @param context The context to monitor for changes
  * @param userarg A user defined argument that will be passed to the callback
  *                function.
@@ -395,35 +389,23 @@ getdns_context_set_update_callback(getdns_context *context, void *userarg,
 /**
  * Enable the return_dnssec_status extension on every request.
  * @param context The context to configure
- * @param value is either GETDNS_EXTENSION_TRUE or GETDNS_EXTENSION_FALSE
+ * @param enabled is either GETDNS_EXTENSION_TRUE or GETDNS_EXTENSION_FALSE
  * @return GETDNS_RETURN_GOOD on success
  * @return GETDNS_RETURN_INVALID_PARAMETER if context or value is invalid
  */
 getdns_return_t getdns_context_set_return_dnssec_status(
     getdns_context *context, int enabled);
 
-/**
- * Tell underlying unbound context to use background threads or fork.
- * This is only relevant for libunbound version before 1.5.9.  After this
- * version the underlying unbound will share the event loop with getdns
- * eliminating the use for threads.  Since the need for this function is
- * doubtful and likely to disappear in the future, use is strongly
- * discouraged.
- * @param context The context to configure
- * @param use_threads is either 1 to use threads, or 0 to use fork
- * @return GETDNS_RETURN_GOOD on success
- * @return GETDNS_RETURN_INVALID_PARAMETER if context is NULL
- */
-getdns_return_t getdns_context_set_use_threads(getdns_context* context,
-    int use_threads);
-
 /**
  * Configure context for oppertunistic or scrict usage profile with DNS
  * over TLS.
+ * @see getdns_context_get_tls_authentication
  * @param context The context to configure
  * @param value is either GETDNS_AUTHENTICATION_REQUIRED for the strict
  *              usage profile or GETDNS_AUTHENTICATION_NONE for opportunistic
  *              profile.
+ *              See #getdns_context_set_upstream_recursive_servers
+ *              for details on how to configure credentials per upstream.
  * @return GETDNS_RETURN_GOOD on success
  * @return GETDNS_RETURN_INVALID_PARAMETER if context is null or value has an
  *         invalid value.
@@ -435,6 +417,7 @@ getdns_context_set_tls_authentication(
 /**
  * Configure context to round robin queries over the available upstreams
  * when resolving with the stub resolution type.
+ * @see getdns_context_get_round_robin_upstreams
  * @param context The context to configure
  * @param value is either 1 to enable and 0 to disable round robin.
  * @return GETDNS_RETURN_GOOD on success
@@ -448,6 +431,7 @@ getdns_context_set_round_robin_upstreams(getdns_context *context, uint8_t value)
  * Configure the amount of seconds a TLS connection should not be tried with
  * an upstream when it has never been tried before.  Default is 3600 which is
  * one hour.
+ * @see getdns_context_get_tls_backoff_time
  * @param context The context to configure
  * @param value Number of seconds before an attempt to setup DNS over TLS,
  *              with an upstream for which setting up an TLS connection has
@@ -462,6 +446,7 @@ getdns_context_set_tls_backoff_time(getdns_context *context, uint16_t value);
  * Configure the number of times getdns retries to setup DNS over TLS with a
  * specific upstream, before it decides to give up for tls_backoff_time
  * seconds.  The default is 2.
+ * @see getdns_context_get_tls_connection_retries
  * @param context The context to configure
  * @param value Number of attempts to retry setting up a DNS over TLS
  *              connection before giving up.
@@ -475,6 +460,7 @@ getdns_context_set_tls_connection_retries(getdns_context *context, uint16_t valu
  * Configure context to sent queries with the EDNS Client Subnet option set
  * to hide the originating network when resolving in stub resolution.
  * The default is 0 (disabled).
+ * @see getdns_context_get_edns_client_subnet_private
  * @param context The context to configure
  * @param value is either 1 to enable and 0 to disable.
  * @return GETDNS_RETURN_GOOD on success
@@ -488,6 +474,7 @@ getdns_context_set_edns_client_subnet_private(getdns_context *context, uint8_t v
  * Configure context to pad each outgoing query over TLS to a multiple of the
  * requested blocksizes.  A value of 0 means disable, and a value of 1 means
  * to "pad using a sensible policy".  The default is 1 (pad using sensible policy).
+ * @see getdns_context_get_tls_query_padding_blocksize
  * @param context The context to configure
  * @param value The requested block size to pad to, or 0 to disable, or 1 to
  *              indicate that the library should use a sinsible policy.
@@ -507,6 +494,8 @@ getdns_context_set_tls_query_padding_blocksize(getdns_context *context, uint16_t
  * this means 1432 for IPv4 upstreams and 1232 for IPv6 upstreams.
  * The default is to have the edns maximum UDP payload size to be unset and
  * thus use the adaptive scheme.
+ * @see getdns_context_set_edns_maximum_udp_payload_size
+ * @see getdns_context_get_edns_maximum_udp_payload_size
  * @param context The context to configure
  * @return GETDNS_RETURN_GOOD on success
  * @return GETDNS_RETURN_INVALID_PARAMETER if context is null.
@@ -520,93 +509,345 @@ getdns_context_unset_edns_maximum_udp_payload_size(getdns_context *context);
   * \defgroup Ucontextget Additional getdns_context_get functions
   *  @{
   */
-/** begin getters **/
+
+/**
+ * Get the current resolution type setting from this context.
+ * @see getdns_context_set_resolution_type
+ * @param context [in] The context from which to get the setting
+ * @param value [out] The resolution type, either GETDNS_RESOLUTION_RECURSING
+ *              or GETDNS_RESOLUTION_STUB.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_resolution_type(getdns_context *context,
     getdns_resolution_t* value);
 
-/** users must call free on the resulting namespaces if not NULL */
+/**
+ * Get a copy of the namespaces list setting from this context.
+ * Users must call free on the resulting namespaces if not NULL
+ * @see getdns_context_set_namespaces
+ * @param context [in] The context from which to get the setting
+ * @param namespace_count [out] The length of the list.
+ * @param namespaces [out] The returned namespaces list.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
+ */
 getdns_return_t
 getdns_context_get_namespaces(getdns_context *context,
     size_t* namespace_count, getdns_namespace_t **namespaces);
 
+/**
+ * Get what transports are used for DNS lookups.
+ * @see getdns_context_set_dns_transport
+ * @see getdns_context_get_dns_transport_list
+ * @see getdns_context_set_dns_transport_list
+ * @param context [in] The context from which to get the setting
+ * @param value [out] The transport to use for DNS lookups.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
+ */
 getdns_return_t
 getdns_context_get_dns_transport(getdns_context *context,
     getdns_transport_t* value);
 
+/**
+ * Get a copy of the transports list setting from this context.
+ * Users must call free on the resulting transports if not NULL
+ * @see getdns_context_set_dns_transport_list
+ * @see getdns_context_get_dns_transport
+ * @see getdns_context_set_dns_transport
+ * @param context [in] The context from which to get the setting
+ * @param transport_count [out] The length of the list.
+ * @param transports [out] The returned transports list.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
+ */
 getdns_return_t
 getdns_context_get_dns_transport_list(getdns_context *context,
     size_t* transport_count, getdns_transport_list_t **transports);
 
+/**
+ * Get the current limit for oustanding queries setting from this context.
+ * @see getdns_context_set_limit_outstanding_queries
+ * @param context [in] The context from which to get the setting
+ * @param limit [out] The current limit for oustanding queries
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or limit was NULL.
+ */
 getdns_return_t
 getdns_context_get_limit_outstanding_queries(getdns_context *context,
     uint16_t* limit);
 
+/**
+ * Get the current number of milliseconds the API will wait for request
+ * to return setting from this context.
+ * @see getdns_context_set_timeout
+ * @param context [in] The context from which to get the setting
+ * @param timeout [out] The number of milliseconds the API will wait for a
+ *                      response.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or limit was NULL.
+ */
 getdns_return_t
 getdns_context_get_timeout(getdns_context *context, uint64_t* timeout);
 
+/**
+ * Get the current number of milliseconds the API will leave an idle TCP or TLS
+ * connection open for (idle means no outstanding responses and no pending
+ * queries).
+ * @see getdns_context_set_idle_timeout
+ * @param context [in] The context from which to get the setting
+ * @param timeout [out] The number of milliseconds the API will leave an idle TCP
+  *                     or TLS connection open for
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or timeout was NULL.
+ */
 getdns_return_t
 getdns_context_get_idle_timeout(getdns_context *context, uint64_t* timeout);
 
+/**
+ * Get the setting that says whether or not DNS queries follow redirects.
+ * @see getdns_context_set_follow_redirects
+ * @param context [in] The context from which to get the setting
+ * @param value [out] Either GETDNS_REDIRECTS_FOLLOW or GETDNS_REDIRECTS_DO_NOT_FOLLOW
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_follow_redirects(getdns_context *context,
     getdns_redirects_t* value);
 
+/**
+ * Get a copy of the list of addresses in use for looking up top-level domains
+ * in use by the context.
+ * Callers are responsible for deallocating the returned list with
+ * #getdns_list_destroy()
+ * @see getdns_context_set_dns_root_servers
+ * @param context [in] The context from which to get the setting
+ * @param addresses [out] A copy of the list of dns root servers in use for
+ *                        looking up top level domains.  The caller must 
+ *                        destroy this list.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or adresses was NULL.
+ * @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
+ */
 getdns_return_t
 getdns_context_get_dns_root_servers(getdns_context *context,
     getdns_list **addresses);
 
+/**
+ * Get whether, how and when a suffix is appended to a query string with
+ * the context.
+ * @see getdns_context_set_append_name
+ * @param context [in] The context from which to get the setting
+ * @param value [out] GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST,
+ *              GETDNS_APPEND_NAME_ALWAYS,
+ *              GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE,
+ *              GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE,
+ *              or GETDNS_APPEND_NAME_NEVER
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_append_name(getdns_context *context,
     getdns_append_name_t* value);
 
+/**
+ * Get a copy of the list of suffixes to be appended based on the value off the 
+ * append_name setting in use by context
+ * Callers are responsible for deallocating the returned list with
+ * #getdns_list_destroy()
+ * @see getdns_context_set_suffix
+ * @param context [in] The context from which to get the setting
+ * @param value [out] A copy of the list of suffixes. The caller must destroy
+ *                    this list.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ * @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
+ */
 getdns_return_t
 getdns_context_get_suffix(getdns_context *context, getdns_list **value);
 
+/**
+ * Get a copy of the list of DNSSEC trust anchors in use by context.
+ * Callers are responsible for deallocating the returned list with
+ * #getdns_list_destroy()
+ * @see getdns_context_set_dnssec_trust_anchors
+ * @param context [in] The context from which to get the setting
+ * @param value [out] A copy of the list of DNSSEC trust anchors.
+ *                    The caller must destroy this list.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ * @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
+ */
 getdns_return_t
 getdns_context_get_dnssec_trust_anchors(getdns_context *context,
     getdns_list **value);
 
+/**
+ * Get the allowed DNSSEC skew setting from context
+ * @see getdns_context_set_dnssec_allowed_skew
+ * @param context [in] The context from which to get the setting
+ * @param value [out] The number of seconds of skew that is allowed in either
+ *              direction when checking an RRSIG's Expiration and Inception
+ *              fields.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_dnssec_allowed_skew(getdns_context *context,
     uint32_t* value);
 
+/**
+ * Get a copy of the list of upstream that will be targeted in stub resolution
+ * mode.
+ * Callers are responsible for deallocating the returned list with
+ * #getdns_list_destroy()
+ * @see getdns_context_set_upstream_recursive_servers
+ * @param context [in] The context from which to get the setting
+ * @param upstream_list [out] A copy of the list of upstreams.
+ *                    The caller must destroy this list.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ * @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
+ */
 getdns_return_t
 getdns_context_get_upstream_recursive_servers(getdns_context *context,
     getdns_list **upstream_list);
 
+/**
+ * Get the maximum UDP payload size advertised in an EDNS0 OPT record
+ * setting from context
+ * @see getdns_context_set_edns_maximum_udp_payload_size
+ * @see getdns_context_unset_edns_maximum_udp_payload_size
+ * @param context [in] The context from which to get the setting
+ * @param value [out] the maximum UDP payload size advertised in an EDNS0
+ *                    OPT record.  When the value is unset, 0 is returned.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_edns_maximum_udp_payload_size(getdns_context *context,
     uint16_t* value);
 
+/**
+ * Get the rcode advertised in an EDNS0 OPT record setting from context
+ * @see getdns_context_set_edns_extended_rcode
+ * @param context [in] The context from which to get the setting
+ * @param value [out] The rcode advertised in an EDNS0 OPT record
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_edns_extended_rcode(getdns_context *context,
     uint8_t* value);
 
+/**
+ * Get the version advertised in an EDNS0 OPT record setting from context
+ * @see getdns_context_set_edns_version
+ * @param context [in] The context from which to get the setting
+ * @param value [out] The version advertised in an EDNS0 OPT record
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_edns_version(getdns_context *context, uint8_t* value);
 
+/**
+ * Get the DO bit advertised in an EDNS0 OPT record setting from context
+ * @see getdns_context_set_edns_do_bit
+ * @param context [in] The context from which to get the setting
+ * @param value [out] 1 if the DO bit is advertised in EDNS0 OPT records,
+ *                    0 otherwise.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_edns_do_bit(getdns_context *context, uint8_t* value);
 
+/**
+ * Get whether queries with this context will have the EDNS Client Subnet 
+ * option set to hide the originating network when resolving in stub 
+ * resolution.
+ * @see getdns_context_set_edns_do_bit
+ * @param context [in] The context from which to get the setting
+ * @param value [out] 1 if the setting is on, 0 otherwise
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_edns_client_subnet_private(getdns_context *context, uint8_t* value);
 
+/**
+ * Get the blocksize that will be used to pad outgoing queries over TLS.
+ * @see getdns_context_set_tls_query_padding_blocksize
+ * @param context [in] The context from which to get the setting
+ * @param value [out] The padding blocksize, or 0 if padding is disabled,
+ *                    or 1 if the setting is to pad using a sensible policy.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_tls_query_padding_blocksize(getdns_context *context, uint16_t* value);
 
+/**
+ * Get whether the upstream needs to be authenticated whith DNS over TLS.
+ * @see getdns_context_set_tls_authentication
+ * @param context [in] The context from which to get the setting
+ * @param value [out] is either GETDNS_AUTHENTICATION_REQUIRED if
+ *                    authentication is required, or GETDNS_AUTHENTICATION_NONE
+ *                    if authentication is optional.  When credentials are
+ *                    available, the API will still try to authenticate the
+ *                    upstream.
+ *                    See #getdns_context_set_upstream_recursive_servers
+ *                    for details on how to configure credentials per upstream.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_tls_authentication(getdns_context *context,
     getdns_tls_authentication_t* value);
 
+/**
+ * Get whether the context is configured to round robin queries over the available
+ * upstreams.
+ * @see getdns_context_get_round_robin_upstreams
+ * @param context [in] The context from which to get the setting
+ * @param value [out] 1 if the setting is on, 0 otherwise
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_round_robin_upstreams(getdns_context *context,
     uint8_t* value);
 
+/**
+ * Get the amount of seconds a TLS connection should not be tried with
+ * an upstream when it has never been tried before.
+ * @see getdns_context_set_tls_backoff_time
+ * @param context [in] The context from which to get the setting
+ * @param value [out] Number of seconds before an attempt to setup DNS over TLS,
+ *              with an upstream for which setting up an TLS connection has
+ *              never been successful before, will be retried.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_tls_backoff_time(getdns_context *context,
     uint16_t* value);
 
+/**
+ * Get the number of times getdns retries to setup DNS over TLS with a
+ * specific upstream, before it decides to give up for tls_backoff_time
+ * seconds.
+ * @see getdns_context_set_tls_connection_retries
+ * @param context [in] The context from which to get the setting
+ * @param value [out] Number of attempts to retry setting up a DNS over TLS
+ *              connection before giving up.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
 getdns_return_t
 getdns_context_get_tls_connection_retries(getdns_context *context,
     uint16_t* value);
@@ -637,9 +878,36 @@ getdns_context_get_update_callback(getdns_context *context, void **userarg,
  *  @{
  */
 
+/**
+ * Get the version number of this implementation.
+ * @return The version number as string.  For example "@GETDNS_VERSION@".
+ */
 const char *getdns_get_version(void);
+
+/**
+ * Get the version number of this implementation as number.
+ * @return The version number as number.  For example @GETDNS_NUMERIC_VERSION@.
+ *         - The most significant byte of this uint32_t is the Major version.
+ *         - The second most significant byte is the Minor version.
+ *         - The third most significant byte the Patch version.
+ */
 uint32_t getdns_get_version_number(void);
+
+/**
+ * Get the version of the getdns API specification this library implements
+ * as a string.
+ * @return The API specification version as string. For example "@API_VERSION@"
+ */
 const char *getdns_get_api_version(void);
+
+/**
+ * Get the version of the getdns API specification this library implements
+ * as a number.
+ * @return The API specification version as number. For example "@API_NUMERIC_VERSION@"
+ *         - The most significant 16 bits represent the year.
+ *         - The third most significant byte the day.
+ */
+
 uint32_t getdns_get_api_version_number(void);
 
 /**
@@ -651,16 +919,35 @@ uint32_t getdns_get_api_version_number(void);
  */
 const char *getdns_get_errorstr_by_id(uint16_t err);
 
-/* dict util */
-/* set a string as bindata */
-getdns_return_t getdns_dict_util_set_string(getdns_dict * dict,
-    char *name, const char *value);
-
-/* get a string from a dict.  the result must be freed if valid */
-getdns_return_t getdns_dict_util_get_string(getdns_dict * dict,
-    char *name, char **result);
-
+/**
+ * Create a new entry in the dictionary, or replace the value of an existing
+ * entry, with a getdns_bindata representing a string.  The string will be
+ * copied.  The size of the bindata will be strlen(value), though there will
+ * be a '\0' byte directly after the size'd position even, though the size
+ * argument suggests that this would not be part of the bindata's date space.
+ * @see getdns_dict_set_bindata
+ * @param dict dictionary in which to add or change the value
+ * @param name key that identifies which item in the dictionary to add/change
+ * @param value string to be copied and stored in the bindata at key
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_INVALID_PARAMETER when one of the arguments was NULL
+ * @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
+ */
+getdns_return_t
+getdns_dict_util_set_string(getdns_dict *dict, char *name, const char *value);
 
+/**
+ * Get the string associated with the speicifed name.  The string should not
+ * be free()'d by the caller.
+ * @see getdns_dict_get_bindata
+ * @param dict dictionary from which to fetch the bindata
+ * @param name a name/key value to look up in the dictionary
+ * @param result The bindata's data value
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_NO_SUCH_DICT_NAME if dict is invalid or name does not exist
+ */
+getdns_return_t
+getdns_dict_util_get_string(getdns_dict * dict, char *name, char **result);
 
 /**
  * Validate replies or resource records.
@@ -1387,19 +1674,56 @@ getdns_reply(getdns_context *context,
  * \defgroup Uutilityfunctionsdeprecated  Additional utility functions (will be deprecated)
  *  @{
  */
-/* WARNING! Function getdns_strerror is not in the API specification and
+/**
+ * WARNING! Function getdns_strerror is not in the API specification and
  * is likely to be removed from future versions of our implementation, to be
  * replaced by getdns_get_errorstr_by_id or something similar.
  * Please use getdns_get_errorstr_by_id instead of getdns_strerror.
  */
 getdns_return_t getdns_strerror(getdns_return_t err, char *buf, size_t buflen);
 
+/**
+ * Runs the event loop once non blocking.
+ * WARNING! Do not use this function.  This function will be removed in
+ * future versions of getdns.
+ */
 getdns_return_t getdns_context_process_async(getdns_context* context);
 
-/* Async support */
+/**
+ * Return the number of pending requests and the point of time of the next
+ * timeout.
+ * WARNING! Do not use this function.  This function will be removed in
+ * future versions of getdns.
+ */
 uint32_t getdns_context_get_num_pending_requests(getdns_context* context,
     struct timeval* next_timeout);
 
+/**
+ * Detach the eventloop from the context.  Resets the context with the default
+ * event loop based on poll().  WARNING!  Do not use this function.  It is For
+ * internal use only and may disappear in future releases.
+ * @param context The context to reset to default event loop usage
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context is NULL
+ */
+getdns_return_t
+getdns_context_detach_eventloop(getdns_context *context);
+
+/**
+ * Tell underlying unbound context to use background threads or fork.
+ * This is only relevant for libunbound version before 1.5.9.  After this
+ * version the underlying unbound will share the event loop with getdns
+ * eliminating the use for threads.  Since the need for this function is
+ * doubtful and likely to disappear in the future, use is strongly
+ * discouraged.
+ * @param context The context to configure
+ * @param use_threads is either 1 to use threads, or 0 to use fork
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_INVALID_PARAMETER if context is NULL
+ */
+getdns_return_t getdns_context_set_use_threads(getdns_context* context,
+    int use_threads);
+
 /** @}
  */
 /** @}

From 0da79ae77a1cb30387c9841da18a607ebeb47224 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 12 Apr 2017 23:05:17 +0200
Subject: [PATCH 243/249] Fix to compile with libressl.  Thanks phicoh.

---
 ChangeLog     | 1 +
 configure.ac  | 2 +-
 src/context.c | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5a8b7140..8222f5d9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,5 @@
 * 2017-04-??: Version 1.1.0
+  * Fix to compile with libressl.  Thanks phicoh.
   * Spelling fixes.  Thanks Andreas Schulze.
   * bugfix: Reschedule request timeout when getting the DNSSEC chain.
   * getdns_context_unset_edns_maximum_udp_payload_size() to reset
diff --git a/configure.ac b/configure.ac
index c1a0c2fc..fffd8282 100644
--- a/configure.ac
+++ b/configure.ac
@@ -296,7 +296,7 @@ fi
 AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/bn.h openssl/rsa.h openssl/dsa.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method DSA_SIG_set0 EVP_dss1])
+AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method DSA_SIG_set0 EVP_dss1 SSL_CTX_set_min_proto_version])
 AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
 AC_INCLUDES_DEFAULT
 #ifdef HAVE_OPENSSL_ERR_H
diff --git a/src/context.c b/src/context.c
index 5396fcc4..ee181719 100644
--- a/src/context.c
+++ b/src/context.c
@@ -3379,7 +3379,7 @@ _getdns_context_prepare_for_resolution(struct getdns_context *context,
 			if(context->tls_ctx == NULL)
 				return GETDNS_RETURN_BAD_CONTEXT;
 
-#  ifdef HAVE_TLS_CLIENT_METHOD
+#  ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION
 			if (!SSL_CTX_set_min_proto_version(
 			    context->tls_ctx, TLS1_2_VERSION)) {
 				SSL_CTX_free(context->tls_ctx);

From 6026cb14500be917d0c07003e01d7cc8363f23a0 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 12 Apr 2017 23:08:20 +0200
Subject: [PATCH 244/249] 1.1.0-rc3

---
 configure.ac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index fffd8282..e0181857 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,7 +37,7 @@ sinclude(./m4/ax_check_compile_flag.m4)
 sinclude(./m4/pkg.m4)
 
 AC_INIT([getdns], [1.1.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
-AC_SUBST(RELEASE_CANDIDATE, [-rc2])
+AC_SUBST(RELEASE_CANDIDATE, [-rc3])
 
 # Set current date from system if not set
 AC_ARG_WITH([current-date],
@@ -47,7 +47,7 @@ AC_ARG_WITH([current-date],
   [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
 
 AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
-AC_SUBST(GETDNS_NUMERIC_VERSION, [0x0100C200])
+AC_SUBST(GETDNS_NUMERIC_VERSION, [0x0100C300])
 AC_SUBST(API_VERSION, ["December 2015"])
 AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
 GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"

From 6c4af3af930ef33d52812ff660995e4bab4fc49d Mon Sep 17 00:00:00 2001
From: Hoda Rohani <hoda@nlnetlabs.nl>
Date: Thu, 13 Apr 2017 09:44:08 +0200
Subject: [PATCH 245/249] unintiallized array

---
 src/context.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/context.c b/src/context.c
index ee181719..369061d0 100644
--- a/src/context.c
+++ b/src/context.c
@@ -4297,7 +4297,7 @@ static getdns_return_t _get_list_or_read_file(const getdns_dict *config_dict,
 					break; \
 				X[i] = (getdns_ ## T ## _t)n; \
 			} \
-			r = getdns_context_set_ ##X (context, count, X); \
+			r = getdns_context_set_ ##X (context, i, X); \
 		}
 
 #define EXTENSION_SETTING_BOOL(X) \

From 691d1a77e696e4b0341f1c5a1b27acda981f7047 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 13 Apr 2017 10:59:20 +0200
Subject: [PATCH 246/249] Fix VS Code analysis warning

Should settle issue #239
---
 src/dnssec.c         | 11 +++++------
 src/gldns/wire2str.c | 12 ++++++++++++
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index 8c01a635..b6bbe328 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1104,10 +1104,8 @@ static void val_chain_node_soa_cb(getdns_dns_req *dnsreq)
 	    ; i = _getdns_rrset_iter_next(i)) {
 
 		rrset = _getdns_rrset_iter_value(i);
-		if (rrset->rr_type == GETDNS_RRTYPE_SOA)
-			break;
-	}
-	if (i) {
+		if (rrset->rr_type != GETDNS_RRTYPE_SOA)
+			continue;
 
 		while (node &&
 		    ! _dname_equal(node->ds.name, rrset->name))
@@ -1124,8 +1122,9 @@ static void val_chain_node_soa_cb(getdns_dns_req *dnsreq)
 				val_chain_sched_soa_node(node->parent);
 			}
 		}
-
-	} else if (node->parent) {
+		break;
+	}
+	if (!i && node->parent) {
 		node->lock++;
 		val_chain_sched_soa_node(node->parent);
 	}
diff --git a/src/gldns/wire2str.c b/src/gldns/wire2str.c
index 35a6df9d..55a16f86 100644
--- a/src/gldns/wire2str.c
+++ b/src/gldns/wire2str.c
@@ -195,14 +195,22 @@ char* gldns_wire2str_type(uint16_t rrtype)
 {
 	char buf[16];
 	gldns_wire2str_type_buf(rrtype, buf, sizeof(buf));
+#ifndef USE_WINSOCK
 	return strdup(buf);
+#else
+	return _strdup(buf);
+#endif
 }
 
 char* gldns_wire2str_class(uint16_t rrclass)
 {
 	char buf[16];
 	gldns_wire2str_class_buf(rrclass, buf, sizeof(buf));
+#ifndef USE_WINSOCK
 	return strdup(buf);
+#else
+	return _strdup(buf);
+#endif
 }
 
 char* gldns_wire2str_dname(uint8_t* dname, size_t dname_len)
@@ -218,7 +226,11 @@ char* gldns_wire2str_rcode(int rcode)
 {
 	char buf[16];
 	gldns_wire2str_rcode_buf(rcode, buf, sizeof(buf));
+#ifndef USE_WINSOCK
 	return strdup(buf);
+#else
+	return _strdup(buf);
+#endif
 }
 
 int gldns_wire2str_pkt_buf(uint8_t* d, size_t dlen, char* s, size_t slen)

From d5dcdac58c2a34bcf8b0305cb1cade6b0a2bafc3 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 13 Apr 2017 11:19:22 +0200
Subject: [PATCH 247/249] Validate tls_auth_name

Deals with issue #270
---
 src/context.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/context.c b/src/context.c
index 369061d0..2bfefe7d 100644
--- a/src/context.c
+++ b/src/context.c
@@ -2796,12 +2796,21 @@ getdns_context_set_upstream_recursive_servers(struct getdns_context *context,
 			if (getdns_upstream_transports[j] == GETDNS_TRANSPORT_TLS) {
 				getdns_list *pubkey_pinset = NULL;
 				if (dict && (r = getdns_dict_get_bindata(
-					dict, "tls_auth_name", &tls_auth_name)) == GETDNS_RETURN_GOOD) {
-					/*TODO: VALIDATE THIS STRING!*/
+				    dict, "tls_auth_name", &tls_auth_name)) == GETDNS_RETURN_GOOD) {
+
+					if (tls_auth_name->size >= sizeof(upstream->tls_auth_name)) {
+						/* tls_auth_name's are just 
+						 * domain names and should
+						 * thus not be larger than 256
+						 * bytes.
+						 */
+						goto invalid_parameter;
+					}
 					memcpy(upstream->tls_auth_name,
 					       (char *)tls_auth_name->data,
 						tls_auth_name->size);
-					upstream->tls_auth_name[tls_auth_name->size] = '\0';
+					upstream->tls_auth_name
+					    [tls_auth_name->size] = '\0';
 				}
 				if (dict && (r = getdns_dict_get_list(dict, "tls_pubkey_pinset",
 							      &pubkey_pinset)) == GETDNS_RETURN_GOOD) {

From eb8fe6184a74b9d30e785b7c7f13d6ca6b01b5bc Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 13 Apr 2017 11:47:44 +0200
Subject: [PATCH 248/249] getdnsapi.net DNS over TLS ips to match the name

---
 src/tools/stubby.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf
index adfe3c0f..67a5233c 100644
--- a/src/tools/stubby.conf
+++ b/src/tools/stubby.conf
@@ -21,7 +21,7 @@
         , value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
       } ] 
     },
-    { address_data: 185.49.141.38
+    { address_data: 185.49.141.37
     , tls_auth_name: "getdnsapi.net"
     , tls_pubkey_pinset:
       [ { digest: "sha256"
@@ -42,7 +42,7 @@
         , value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
       } ] 
     },
-    { address_data: 2a04:b900:0:100::38
+    { address_data: 2a04:b900:0:100::37
     , tls_auth_name: "getdnsapi.net"
     , tls_pubkey_pinset:
       [ { digest: "sha256"

From 05268f45b0d3160846d0094df59f9995a962a302 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 13 Apr 2017 11:48:40 +0200
Subject: [PATCH 249/249] Bump version

---
 ChangeLog    | 4 +++-
 configure.ac | 6 +++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8222f5d9..7b7cdf82 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
-* 2017-04-??: Version 1.1.0
+* 2017-04-13: Version 1.1.0
+  * bugfix: Check size of tls_auth_name.
+  * Improvements that came from Visual Studio static analysis
   * Fix to compile with libressl.  Thanks phicoh.
   * Spelling fixes.  Thanks Andreas Schulze.
   * bugfix: Reschedule request timeout when getting the DNSSEC chain.
diff --git a/configure.ac b/configure.ac
index e0181857..1aa801f2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,7 +37,7 @@ sinclude(./m4/ax_check_compile_flag.m4)
 sinclude(./m4/pkg.m4)
 
 AC_INIT([getdns], [1.1.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
-AC_SUBST(RELEASE_CANDIDATE, [-rc3])
+AC_SUBST(RELEASE_CANDIDATE, [])
 
 # Set current date from system if not set
 AC_ARG_WITH([current-date],
@@ -47,7 +47,7 @@ AC_ARG_WITH([current-date],
   [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
 
 AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
-AC_SUBST(GETDNS_NUMERIC_VERSION, [0x0100C300])
+AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01010000])
 AC_SUBST(API_VERSION, ["December 2015"])
 AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
 GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
@@ -77,7 +77,7 @@ GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRE
 # getdns-0.5.0 had libversion 4:0:3
 # getdns-0.5.1 had libversion 4:1:3 (but should have been getdns-0.6.0)
 # getdns-0.9.0 had libversion 5:0:4
-# getdns-1.0.0 will have libversion 5:1:4
+# getdns-1.0.0 had  libversion 5:1:4
 # getdns-1.1.0 will have libversion 6:0:0
 #
 GETDNS_LIBVERSION=6:0:0