Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
/*
 * unbound.h - unbound validating resolver public API
 *
 * Copyright (c) 2007, NLnet Labs. All rights reserved.
 *
 * This software is open source.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 * Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 * 
 * Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution.
 * 
 * Neither the name of the NLNET LABS nor the names of its contributors may
 * be used to endorse or promote products derived from this software without
 * specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/**
 * \file
 *
 * This file contains functions to resolve DNS queries and 
 * validate the answers. Synchronously and asynchronously.
 *
 * Several ways to use this interface from an application wishing
 * to perform (validated) DNS lookups.
 *
 * All start with
 *	ctx = ub_ctx_create();
 *	err = ub_ctx_add_ta(ctx, "...");
 *	err = ub_ctx_add_ta(ctx, "...");
 *	... some lookups
 *	... call ub_ctx_delete(ctx); when you want to stop.
 *
 * Application not threaded. Blocking.
 *	int err = ub_resolve(ctx, "www.example.com", ...
 *	if(err) fprintf(stderr, "lookup error: %s\n", ub_strerror(err));
 *	... use the answer
 *
 * Application not threaded. Non-blocking ('asynchronous').
 *      err = ub_resolve_async(ctx, "www.example.com", ... my_callback);
 *	... application resumes processing ...
 *	... and when either ub_poll(ctx) is true
 *	... or when the file descriptor ub_fd(ctx) is readable,
 *	... or whenever, the app calls ...
 *	ub_process(ctx);
 *	... if no result is ready, the app resumes processing above,
 *	... or process() calls my_callback() with results.
 *
 *      ... if the application has nothing more to do, wait for answer
 *      ub_wait(ctx); 
 *
 * Application threaded. Blocking.
 *	Blocking, same as above. The current thread does the work.
 *	Multiple threads can use the *same context*, each does work and uses
 *	shared cache data from the context.
 *
 * Application threaded. Non-blocking ('asynchronous').
 *	... setup threaded-asynchronous config option
 *	err = ub_ctx_async(ctx, 1);
 *	... same as async for non-threaded
 *	... the callbacks are called in the thread that calls process(ctx)
 *
 * Openssl needs to have locking in place, and the application must set
 * it up, because a mere library cannot do this, use the calls
 * CRYPTO_set_id_callback and CRYPTO_set_locking_callback.
 *
 * If no threading is compiled in, the above async example uses fork(2) to
 * create a process to perform the work. The forked process exits when the 
 * calling process exits, or ctx_delete() is called.
 * Otherwise, for asynchronous with threading, a worker thread is created.
 *
 * The blocking calls use shared ctx-cache when threaded. Thus
 * ub_resolve() and ub_resolve_async() && ub_wait() are
 * not the same. The first makes the current thread do the work, setting
 * up buffers, etc, to perform the work (but using shared cache data).
 * The second calls another worker thread (or process) to perform the work.
 * And no buffers need to be set up, but a context-switch happens.
 */
#ifndef _UB_UNBOUND_H
#define _UB_UNBOUND_H

#ifdef __cplusplus
extern "C" {
#endif

/** the version of this header file */
#define UNBOUND_VERSION_MAJOR @UNBOUND_VERSION_MAJOR@
#define UNBOUND_VERSION_MINOR @UNBOUND_VERSION_MINOR@
#define UNBOUND_VERSION_MICRO @UNBOUND_VERSION_MICRO@

/**
 * The validation context is created to hold the resolver status,
 * validation keys and a small cache (containing messages, rrsets,
 * roundtrip times, trusted keys, lameness information).
 *
 * Its contents are internally defined.
 */
struct ub_ctx;

/**
 * The validation and resolution results.
 * Allocated by the resolver, and need to be freed by the application
 * with ub_resolve_free().
 */
struct ub_result {
	/** The original question, name text string. */
	char* qname;
	/** the type asked for */
	int qtype;
	/** the class asked for */
	int qclass;

	/** 
	 * a list of network order DNS rdata items, terminated with a 
	 * NULL pointer, so that data[0] is the first result entry,
	 * data[1] the second, and the last entry is NULL. 
	 * If there was no data, data[0] is NULL.
	 */
	char** data;

	/** the length in bytes of the data items, len[i] for data[i] */
	int* len;

	/** 
	 * canonical name for the result (the final cname). 
	 * zero terminated string.
	 * May be NULL if no canonical name exists.
	 */
	char* canonname;

	/**
	 * DNS RCODE for the result. May contain additional error code if
	 * there was no data due to an error. 0 (NOERROR) if okay.
	 */
	int rcode;

	/**
	 * The DNS answer packet. Network formatted. Can contain DNSSEC types.
	 */
	void* answer_packet;
	/** length of the answer packet in octets. */
	int answer_len;

	/**
	 * If there is any data, this is true.
	 * If false, there was no data (nxdomain may be true, rcode can be set).
	 */
	int havedata;

	/** 
	 * If there was no data, and the domain did not exist, this is true.
	 * If it is false, and there was no data, then the domain name 
	 * is purported to exist, but the requested data type is not available.
	 */
	int nxdomain;

	/**
	 * True, if the result is validated securely.
	 * False, if validation failed or domain queried has no security info.
	 *
	 * It is possible to get a result with no data (havedata is false),
	 * and secure is true. This means that the non-existence of the data
	 * was cryptographically proven (with signatures).
	 */
	int secure;

	/** 
	 * If the result was not secure (secure==0), and this result is due 
	 * to a security failure, bogus is true.
	 * This means the data has been actively tampered with, signatures
	 * failed, expected signatures were not present, timestamps on 
	 * signatures were out of date and so on.
	 *
	 * If !secure and !bogus, this can happen if the data is not secure 
	 * because security is disabled for that domain name. 
	 * This means the data is from a domain where data is not signed.
	 */
	int bogus;
	
	/**
	 * If the result is bogus this contains a string (zero terminated)
	 * that describes the failure.  There may be other errors as well
	 * as the one described, the description may not be perfectly accurate.
	 * Is NULL if the result is not bogus.
	 */
	char* why_bogus;

	/**
	 * If the query or one of its subqueries was ratelimited.  Useful if
	 * ratelimiting is enabled and answer to the client is SERVFAIL as a
	 * result.
	 */
	int was_ratelimited;

	/**
	 * TTL for the result, in seconds.  If the security is bogus, then
	 * you also cannot trust this value.
	 */
	int ttl;
};

/**
 * Callback for results of async queries.
 * The readable function definition looks like:
 * void my_callback(void* my_arg, int err, struct ub_result* result);
 * It is called with
 *	void* my_arg: your pointer to a (struct of) data of your choice, 
 *		or NULL.
 *	int err: if 0 all is OK, otherwise an error occured and no results
 *	     are forthcoming.
 *	struct result: pointer to more detailed result structure.
 *		This structure is allocated on the heap and needs to be
 *		freed with ub_resolve_free(result);
 */
typedef void (*ub_callback_type)(void*, int, struct ub_result*);

/**
 * Create a resolving and validation context.
 * The information from /etc/resolv.conf and /etc/hosts is not utilised by
 * default. Use ub_ctx_resolvconf and ub_ctx_hosts to read them.
 * @return a new context. default initialisation.
 * 	returns NULL on error.
 */
struct ub_ctx* ub_ctx_create(void);

/**
 * Destroy a validation context and free all its resources.
 * Outstanding async queries are killed and callbacks are not called for them.
 * @param ctx: context to delete.
 */
void ub_ctx_delete(struct ub_ctx* ctx);

/**
 * Set an option for the context.
 * @param ctx: context.
 * @param opt: option name from the unbound.conf config file format.
 *	(not all settings applicable). The name includes the trailing ':'
 *	for example ub_ctx_set_option(ctx, "logfile:", "mylog.txt");
 * 	This is a power-users interface that lets you specify all sorts
 * 	of options.
 * 	For some specific options, such as adding trust anchors, special
 * 	routines exist.
 * @param val: value of the option.
 * @return: 0 if OK, else error.
 */
int ub_ctx_set_option(struct ub_ctx* ctx, const char* opt, const char* val);

/**
 * Get an option from the context.
 * @param ctx: context.
 * @param opt: option name from the unbound.conf config file format.
 *	(not all settings applicable). The name excludes the trailing ':'
 *	for example ub_ctx_get_option(ctx, "logfile", &result);
 * 	This is a power-users interface that lets you specify all sorts
 * 	of options.
 * @param str: the string is malloced and returned here. NULL on error.
 * 	The caller must free() the string.  In cases with multiple 
 * 	entries (auto-trust-anchor-file), a newline delimited list is 
 * 	returned in the string.
 * @return 0 if OK else an error code (malloc failure, syntax error).
 */
int ub_ctx_get_option(struct ub_ctx* ctx, const char* opt, char** str);

/**
 * setup configuration for the given context.
 * @param ctx: context.
 * @param fname: unbound config file (not all settings applicable).
 * 	This is a power-users interface that lets you specify all sorts
 * 	of options.
 * 	For some specific options, such as adding trust anchors, special
 * 	routines exist.
 * @return: 0 if OK, else error.
 */
int ub_ctx_config(struct ub_ctx* ctx, const char* fname);

/**
 * Set machine to forward DNS queries to, the caching resolver to use. 
 * IP4 or IP6 address. Forwards all DNS requests to that machine, which 
 * is expected to run a recursive resolver. If the proxy is not 
 * DNSSEC-capable, validation may fail. Can be called several times, in 
 * that case the addresses are used as backup servers.
 *
 * To read the list of nameservers from /etc/resolv.conf (from DHCP or so),
 * use the call ub_ctx_resolvconf.
 *
 * @param ctx: context.
 *	At this time it is only possible to set configuration before the
 *	first resolve is done.
 * @param addr: address, IP4 or IP6 in string format.
 * 	If the addr is NULL, forwarding is disabled.
 * @return 0 if OK, else error.
 */
int ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr);

/**
 * Use DNS over TLS to send queries to machines set with ub_ctx_set_fwd().
 *
 * @param ctx: context.
 *	At this time it is only possible to set configuration before the
 *	first resolve is done.
 * @param tls: enable or disable DNS over TLS
 * @return 0 if OK, else error.
 */
int ub_ctx_set_tls(struct ub_ctx* ctx, int tls);

/**
 * Add a stub zone, with given address to send to.  This is for custom
 * root hints or pointing to a local authoritative dns server.
 * For dns resolvers and the 'DHCP DNS' ip address, use ub_ctx_set_fwd.
 * This is similar to a stub-zone entry in unbound.conf.
 *
 * @param ctx: context.
 *	It is only possible to set configuration before the
 *	first resolve is done.
 * @param zone: name of the zone, string.
 * @param addr: address, IP4 or IP6 in string format.
 * 	The addr is added to the list of stub-addresses if the entry exists.
 * 	If the addr is NULL the stub entry is removed.
 * @param isprime: set to true to set stub-prime to yes for the stub.
 * 	For local authoritative servers, people usually set it to false,
 * 	For root hints it should be set to true.
 * @return 0 if OK, else error.
 */
int ub_ctx_set_stub(struct ub_ctx* ctx, const char* zone, const char* addr,
	int isprime);

/**
 * Read list of nameservers to use from the filename given.
 * Usually "/etc/resolv.conf". Uses those nameservers as caching proxies.
 * If they do not support DNSSEC, validation may fail.
 *
 * Only nameservers are picked up, the searchdomain, ndots and other
 * settings from resolv.conf(5) are ignored.
 *
 * @param ctx: context.
 *	At this time it is only possible to set configuration before the
 *	first resolve is done.
 * @param fname: file name string. If NULL "/etc/resolv.conf" is used.
 * @return 0 if OK, else error.
 */
int ub_ctx_resolvconf(struct ub_ctx* ctx, const char* fname);

/**
 * Read list of hosts from the filename given.
 * Usually "/etc/hosts". 
 * These addresses are not flagged as DNSSEC secure when queried for.
 *
 * @param ctx: context.
 *	At this time it is only possible to set configuration before the
 *	first resolve is done.
 * @param fname: file name string. If NULL "/etc/hosts" is used.
 * @return 0 if OK, else error.
 */
int ub_ctx_hosts(struct ub_ctx* ctx, const char* fname);

/**
 * Add a trust anchor to the given context.
 * The trust anchor is a string, on one line, that holds a valid DNSKEY or
 * DS RR. 
 * @param ctx: context.
 *	At this time it is only possible to add trusted keys before the
 *	first resolve is done.
 * @param ta: string, with zone-format RR on one line.
 * 	[domainname] [TTL optional] [type] [class optional] [rdata contents]
 * @return 0 if OK, else error.
 */
int ub_ctx_add_ta(struct ub_ctx* ctx, const char* ta);

/**
 * Add trust anchors to the given context.
 * Pass name of a file with DS and DNSKEY records (like from dig or drill).
 * @param ctx: context.
 *	At this time it is only possible to add trusted keys before the
 *	first resolve is done.
 * @param fname: filename of file with keyfile with trust anchors.
 * @return 0 if OK, else error.
 */
int ub_ctx_add_ta_file(struct ub_ctx* ctx, const char* fname);

/**
 * Add trust anchor to the given context that is tracked with RFC5011
 * automated trust anchor maintenance.  The file is written to when the
 * trust anchor is changed.
 * Pass the name of a file that was output from eg. unbound-anchor,
 * or you can start it by providing a trusted DNSKEY or DS record on one
 * line in the file.
 * @param ctx: context.
 *	At this time it is only possible to add trusted keys before the
 *	first resolve is done.
 * @param fname: filename of file with trust anchor.
 * @return 0 if OK, else error.
 */
int ub_ctx_add_ta_autr(struct ub_ctx* ctx, const char* fname);

/**
 * Add trust anchors to the given context.
 * Pass the name of a bind-style config file with trusted-keys{}.
 * @param ctx: context.
 *	At this time it is only possible to add trusted keys before the
 *	first resolve is done.
 * @param fname: filename of file with bind-style config entries with trust
 * 	anchors.
 * @return 0 if OK, else error.
 */
int ub_ctx_trustedkeys(struct ub_ctx* ctx, const char* fname);

/**
 * Set debug output (and error output) to the specified stream.
 * Pass NULL to disable. Default is stderr.
 * @param ctx: context.
 * @param out: FILE* out file stream to log to.
 * 	Type void* to avoid stdio dependency of this header file.
 * @return 0 if OK, else error.
 */
int ub_ctx_debugout(struct ub_ctx* ctx, void* out);

/**
 * Set debug verbosity for the context
 * Output is directed to stderr.
 * @param ctx: context.
 * @param d: debug level, 0 is off, 1 is very minimal, 2 is detailed, 
 *	and 3 is lots.
 * @return 0 if OK, else error.
 */
int ub_ctx_debuglevel(struct ub_ctx* ctx, int d);

/**
 * Set a context behaviour for asynchronous action.
 * @param ctx: context.
 * @param dothread: if true, enables threading and a call to resolve_async() 
 *	creates a thread to handle work in the background.
 *	If false, a process is forked to handle work in the background.
 *	Changes to this setting after async() calls have been made have 
 *	no effect (delete and re-create the context to change).
 * @return 0 if OK, else error.
 */
int ub_ctx_async(struct ub_ctx* ctx, int dothread);

/**
 * Poll a context to see if it has any new results
 * Do not poll in a loop, instead extract the fd below to poll for readiness,
 * and then check, or wait using the wait routine.
 * @param ctx: context.
 * @return: 0 if nothing to read, or nonzero if a result is available.
 * 	If nonzero, call ctx_process() to do callbacks.
 */
int ub_poll(struct ub_ctx* ctx);

/**
 * Wait for a context to finish with results. Calls ub_process() after
 * the wait for you. After the wait, there are no more outstanding 
 * asynchronous queries.
 * @param ctx: context.
 * @return: 0 if OK, else error.
 */
int ub_wait(struct ub_ctx* ctx);

/**
 * Get file descriptor. Wait for it to become readable, at this point
 * answers are returned from the asynchronous validating resolver.
 * Then call the ub_process to continue processing.
 * This routine works immediately after context creation, the fd
 * does not change.
 * @param ctx: context.
 * @return: -1 on error, or file descriptor to use select(2) with.
 */
int ub_fd(struct ub_ctx* ctx);

/**
 * Call this routine to continue processing results from the validating
 * resolver (when the fd becomes readable).
 * Will perform necessary callbacks.
 * @param ctx: context
 * @return: 0 if OK, else error.
 */
int ub_process(struct ub_ctx* ctx);

/**
 * Perform resolution and validation of the target name.
 * @param ctx: context.
 *	The context is finalized, and can no longer accept config changes.
 * @param name: domain name in text format (a zero terminated text string).
 * @param rrtype: type of RR in host order, 1 is A (address).
 * @param rrclass: class of RR in host order, 1 is IN (for internet).
 * @param result: the result data is returned in a newly allocated result
 * 	structure. May be NULL on return, return value is set to an error 
 * 	in that case (out of memory).
 * @return 0 if OK, else error.
 */
int ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype, 
	int rrclass, struct ub_result** result);

/**
 * Perform resolution and validation of the target name.
 * Asynchronous, after a while, the callback will be called with your
 * data and the result.
 * @param ctx: context.
 *	If no thread or process has been created yet to perform the
 *	work in the background, it is created now.
 *	The context is finalized, and can no longer accept config changes.
 * @param name: domain name in text format (a string).
 * @param rrtype: type of RR in host order, 1 is A.
 * @param rrclass: class of RR in host order, 1 is IN (for internet).
 * @param mydata: this data is your own data (you can pass NULL),
 * 	and is passed on to the callback function.
 * @param callback: this is called on completion of the resolution.
 * 	It is called as:
 * 	void callback(void* mydata, int err, struct ub_result* result)
 * 	with mydata: the same as passed here, you may pass NULL,
 * 	with err: is 0 when a result has been found.
 * 	with result: a newly allocated result structure.
 *		The result may be NULL, in that case err is set.
 *
 * 	If an error happens during processing, your callback will be called
 * 	with error set to a nonzero value (and result==NULL).
 * @param async_id: if you pass a non-NULL value, an identifier number is
 *	returned for the query as it is in progress. It can be used to 
 *	cancel the query.
 * @return 0 if OK, else error.
 */
int ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype, 
	int rrclass, void* mydata, ub_callback_type callback, int* async_id);

/**
 * Cancel an async query in progress.
 * Its callback will not be called.
 *
 * @param ctx: context.
 * @param async_id: which query to cancel.
 * @return 0 if OK, else error.
 * This routine can return an error if the async_id passed does not exist
 * or has already been delivered. If another thread is processing results
 * at the same time, the result may be delivered at the same time and the
 * cancel fails with an error.  Also the cancel can fail due to a system
 * error, no memory or socket failures.
 */
int ub_cancel(struct ub_ctx* ctx, int async_id);

/**
 * Free storage associated with a result structure.
 * @param result: to free
 */
void ub_resolve_free(struct ub_result* result);

/** 
 * Convert error value to a human readable string.
 * @param err: error code from one of the libunbound functions.
 * @return pointer to constant text string, zero terminated.
 */
const char* ub_strerror(int err);

/**
 * Debug routine.  Print the local zone information to debug output.
 * @param ctx: context.  Is finalized by the routine.
 * @return 0 if OK, else error.
 */
int ub_ctx_print_local_zones(struct ub_ctx* ctx);

/**
 * Add a new zone with the zonetype to the local authority info of the 
 * library.
 * @param ctx: context.  Is finalized by the routine.
 * @param zone_name: name of the zone in text, "example.com"
 *	If it already exists, the type is updated.
 * @param zone_type: type of the zone (like for unbound.conf) in text.
 * @return 0 if OK, else error.
 */
int ub_ctx_zone_add(struct ub_ctx* ctx, const char *zone_name, 
	const char *zone_type);

/**
 * Remove zone from local authority info of the library.
 * @param ctx: context.  Is finalized by the routine.
 * @param zone_name: name of the zone in text, "example.com"
 *	If it does not exist, nothing happens.
 * @return 0 if OK, else error.
 */
int ub_ctx_zone_remove(struct ub_ctx* ctx, const char *zone_name);

/**
 * Add localdata to the library local authority info.
 * Similar to local-data config statement.
 * @param ctx: context.  Is finalized by the routine.
 * @param data: the resource record in text format, for example
 *	"www.example.com IN A 127.0.0.1"
 * @return 0 if OK, else error.
 */
int ub_ctx_data_add(struct ub_ctx* ctx, const char *data);

/**
 * Remove localdata from the library local authority info.
 * @param ctx: context.  Is finalized by the routine.
 * @param data: the name to delete all data from, like "www.example.com".
 * @return 0 if OK, else error.
 */
int ub_ctx_data_remove(struct ub_ctx* ctx, const char *data);

/**
 * Get a version string from the libunbound implementation.
 * @return a static constant string with the version number.
 */
const char* ub_version(void);

/** 
 * Some global statistics that are not in struct stats_info,
 * this struct is shared on a shm segment (shm-key in unbound.conf)
 */
struct ub_shm_stat_info {
	int num_threads;

	struct {
		long long now_sec, now_usec;
		long long up_sec, up_usec;
		long long elapsed_sec, elapsed_usec;
	} time;

	struct {
		long long msg;
		long long rrset;
		long long val;
		long long iter;
		long long subnet;
		long long ipsecmod;
		long long respip;
		long long dnscrypt_shared_secret;
		long long dnscrypt_nonce;
		long long dynlib;
	} mem;
};

/** number of qtype that is stored for in array */
#define UB_STATS_QTYPE_NUM 256
/** number of qclass that is stored for in array */
#define UB_STATS_QCLASS_NUM 256
/** number of rcodes in stats */
#define UB_STATS_RCODE_NUM 16
/** number of opcodes in stats */
#define UB_STATS_OPCODE_NUM 16
/** number of histogram buckets */
#define UB_STATS_BUCKET_NUM 40
/** number of RPZ actions */
#define UB_STATS_RPZ_ACTION_NUM 10

/** per worker statistics. */
struct ub_server_stats {
	/** number of queries from clients received. */
	long long num_queries;
	/** number of queries that have been dropped/ratelimited by ip. */
	long long num_queries_ip_ratelimited;
	/** number of queries that had a cache-miss. */
	long long num_queries_missed_cache;
	/** number of prefetch queries - cachehits with prefetch */
	long long num_queries_prefetch;

	/**
	 * Sum of the querylistsize of the worker for 
	 * every query that missed cache. To calculate average.
	 */
	long long sum_query_list_size;
	/** max value of query list size reached. */
	long long max_query_list_size;

	/** Extended stats below (bool) */
	int extended;

	/** qtype stats */
	long long qtype[UB_STATS_QTYPE_NUM];
	/** bigger qtype values not in array */
	long long qtype_big;
	/** qclass stats */
	long long qclass[UB_STATS_QCLASS_NUM];
	/** bigger qclass values not in array */
	long long qclass_big;
	/** query opcodes */
	long long qopcode[UB_STATS_OPCODE_NUM];
	/** number of queries over TCP */
	long long qtcp;
	/** number of outgoing queries over TCP */
	long long qtcp_outgoing;
	/** number of queries over (DNS over) TLS */
	long long qtls;
	/** number of queries over (DNS over) HTTPS */
	long long qhttps;
	/** number of queries over IPv6 */
	long long qipv6;
	/** number of queries with QR bit */
	long long qbit_QR;
	/** number of queries with AA bit */
	long long qbit_AA;
	/** number of queries with TC bit */
	long long qbit_TC;
	/** number of queries with RD bit */
	long long qbit_RD;
	/** number of queries with RA bit */
	long long qbit_RA;
	/** number of queries with Z bit */
	long long qbit_Z;
	/** number of queries with AD bit */
	long long qbit_AD;
	/** number of queries with CD bit */
	long long qbit_CD;
	/** number of queries with EDNS OPT record */
	long long qEDNS;
	/** number of queries with EDNS with DO flag */
	long long qEDNS_DO;
	/** answer rcodes */
	long long ans_rcode[UB_STATS_RCODE_NUM];
	/** answers with pseudo rcode 'nodata' */
	long long ans_rcode_nodata;
	/** answers that were secure (AD) */
	long long ans_secure;
	/** answers that were bogus (withheld as SERVFAIL) */
	long long ans_bogus;
	/** rrsets marked bogus by validator */
	long long rrset_bogus;
	/** number of queries that have been ratelimited by domain recursion. */
	long long queries_ratelimited;
	/** unwanted traffic received on server-facing ports */
	long long unwanted_replies;
	/** unwanted traffic received on client-facing ports */
	long long unwanted_queries;
	/** usage of tcp accept list */
	long long tcp_accept_usage;
	/** expired answers served from cache */
	long long ans_expired;
	/** histogram data exported to array 
	 * if the array is the same size, no data is lost, and
	 * if all histograms are same size (is so by default) then
	 * adding up works well. */
	long long hist[UB_STATS_BUCKET_NUM];
	
	/** number of message cache entries */
	long long msg_cache_count;
	/** number of rrset cache entries */
	long long rrset_cache_count;
	/** number of infra cache entries */
	long long infra_cache_count;
	/** number of key cache entries */
	long long key_cache_count;

	/** number of queries that used dnscrypt */
	long long num_query_dnscrypt_crypted;
	/** number of queries that queried dnscrypt certificates */
	long long num_query_dnscrypt_cert;
	/** number of queries in clear text and not asking for the certificates */
	long long num_query_dnscrypt_cleartext;
	/** number of malformed encrypted queries */
	long long num_query_dnscrypt_crypted_malformed;
	/** number of queries which did not have a shared secret in cache */
	long long num_query_dnscrypt_secret_missed_cache;
	/** number of dnscrypt shared secret cache entries */
	long long shared_secret_cache_count;
	/** number of queries which are replays */
	long long num_query_dnscrypt_replay;
	/** number of dnscrypt nonces cache entries */
	long long nonce_cache_count;
	/** number of queries for unbound's auth_zones, upstream query */
	long long num_query_authzone_up;
	/** number of queries for unbound's auth_zones, downstream answers */
	long long num_query_authzone_down;
	/** number of times neg cache records were used to generate NOERROR
	 * responses. */
	long long num_neg_cache_noerror;
	/** number of times neg cache records were used to generate NXDOMAIN
	 * responses. */
	long long num_neg_cache_nxdomain;
	/** number of queries answered from edns-subnet specific data */
	long long num_query_subnet;
	/** number of queries answered from edns-subnet specific data, and
	 * the answer was from the edns-subnet cache. */
	long long num_query_subnet_cache;
	/** number of bytes in the stream wait buffers */
	long long mem_stream_wait;
	/** number of bytes in the HTTP2 query buffers */
	long long mem_http2_query_buffer;
	/** number of bytes in the HTTP2 response buffers */
	long long mem_http2_response_buffer;
	/** number of TLS connection resume */
	long long qtls_resume;
	/** RPZ action stats */
	long long rpz_action[UB_STATS_RPZ_ACTION_NUM];
};

/** 
 * Statistics to send over the control pipe when asked
 * This struct is made to be memcopied, sent in binary.
 * shm mapped with (number+1) at num_threads+1, with first as total
 */
struct ub_stats_info {
	/** the thread stats */
	struct ub_server_stats svr;

	/** mesh stats: current number of states */
	long long mesh_num_states;
	/** mesh stats: current number of reply (user) states */
	long long mesh_num_reply_states;
	/** mesh stats: number of reply states overwritten with a new one */
	long long mesh_jostled;
	/** mesh stats: number of incoming queries dropped */
	long long mesh_dropped;
	/** mesh stats: replies sent */
	long long mesh_replies_sent;
	/** mesh stats: sum of waiting times for the replies */
	long long mesh_replies_sum_wait_sec, mesh_replies_sum_wait_usec;
	/** mesh stats: median of waiting times for replies (in sec) */
	double mesh_time_median;
};

#ifdef __cplusplus
}
#endif

#endif /* _UB_UNBOUND_H */