2 * unbound.h - unbound validating resolver public API
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
6 * This software is open source.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 * This file contains functions to resolve DNS queries and
40 * validate the answers. Synchronously and asynchronously.
42 * Several ways to use this interface from an application wishing
43 * to perform (validated) DNS lookups.
46 * ctx = ub_ctx_create();
47 * err = ub_ctx_add_ta(ctx, "...");
48 * err = ub_ctx_add_ta(ctx, "...");
50 * ... call ub_ctx_delete(ctx); when you want to stop.
52 * Application not threaded. Blocking.
53 * int err = ub_resolve(ctx, "www.example.com", ...
54 * if(err) fprintf(stderr, "lookup error: %s\n", ub_strerror(err));
57 * Application not threaded. Non-blocking ('asynchronous').
58 * err = ub_resolve_async(ctx, "www.example.com", ... my_callback);
59 * ... application resumes processing ...
60 * ... and when either ub_poll(ctx) is true
61 * ... or when the file descriptor ub_fd(ctx) is readable,
62 * ... or whenever, the app calls ...
64 * ... if no result is ready, the app resumes processing above,
65 * ... or process() calls my_callback() with results.
67 * ... if the application has nothing more to do, wait for answer
70 * Application threaded. Blocking.
71 * Blocking, same as above. The current thread does the work.
72 * Multiple threads can use the *same context*, each does work and uses
73 * shared cache data from the context.
75 * Application threaded. Non-blocking ('asynchronous').
76 * ... setup threaded-asynchronous config option
77 * err = ub_ctx_async(ctx, 1);
78 * ... same as async for non-threaded
79 * ... the callbacks are called in the thread that calls process(ctx)
81 * Openssl needs to have locking in place, and the application must set
82 * it up, because a mere library cannot do this, use the calls
83 * CRYPTO_set_id_callback and CRYPTO_set_locking_callback.
85 * If no threading is compiled in, the above async example uses fork(2) to
86 * create a process to perform the work. The forked process exits when the
87 * calling process exits, or ctx_delete() is called.
88 * Otherwise, for asynchronous with threading, a worker thread is created.
90 * The blocking calls use shared ctx-cache when threaded. Thus
91 * ub_resolve() and ub_resolve_async() && ub_wait() are
92 * not the same. The first makes the current thread do the work, setting
93 * up buffers, etc, to perform the work (but using shared cache data).
94 * The second calls another worker thread (or process) to perform the work.
95 * And no buffers need to be set up, but a context-switch happens.
104 /** the version of this header file */
105 #define UNBOUND_VERSION_MAJOR @UNBOUND_VERSION_MAJOR@
106 #define UNBOUND_VERSION_MINOR @UNBOUND_VERSION_MINOR@
107 #define UNBOUND_VERSION_MICRO @UNBOUND_VERSION_MICRO@
110 * The validation context is created to hold the resolver status,
111 * validation keys and a small cache (containing messages, rrsets,
112 * roundtrip times, trusted keys, lameness information).
114 * Its contents are internally defined.
119 * The validation and resolution results.
120 * Allocated by the resolver, and need to be freed by the application
121 * with ub_resolve_free().
124 /** The original question, name text string. */
126 /** the type asked for */
128 /** the class asked for */
132 * a list of network order DNS rdata items, terminated with a
133 * NULL pointer, so that data[0] is the first result entry,
134 * data[1] the second, and the last entry is NULL.
135 * If there was no data, data[0] is NULL.
139 /** the length in bytes of the data items, len[i] for data[i] */
143 * canonical name for the result (the final cname).
144 * zero terminated string.
145 * May be NULL if no canonical name exists.
150 * DNS RCODE for the result. May contain additional error code if
151 * there was no data due to an error. 0 (NOERROR) if okay.
156 * The DNS answer packet. Network formatted. Can contain DNSSEC types.
159 /** length of the answer packet in octets. */
163 * If there is any data, this is true.
164 * If false, there was no data (nxdomain may be true, rcode can be set).
169 * If there was no data, and the domain did not exist, this is true.
170 * If it is false, and there was no data, then the domain name
171 * is purported to exist, but the requested data type is not available.
176 * True, if the result is validated securely.
177 * False, if validation failed or domain queried has no security info.
179 * It is possible to get a result with no data (havedata is false),
180 * and secure is true. This means that the non-existence of the data
181 * was cryptographically proven (with signatures).
186 * If the result was not secure (secure==0), and this result is due
187 * to a security failure, bogus is true.
188 * This means the data has been actively tampered with, signatures
189 * failed, expected signatures were not present, timestamps on
190 * signatures were out of date and so on.
192 * If !secure and !bogus, this can happen if the data is not secure
193 * because security is disabled for that domain name.
194 * This means the data is from a domain where data is not signed.
199 * If the result is bogus this contains a string (zero terminated)
200 * that describes the failure. There may be other errors as well
201 * as the one described, the description may not be perfectly accurate.
202 * Is NULL if the result is not bogus.
207 * If the query or one of its subqueries was ratelimited. Useful if
208 * ratelimiting is enabled and answer is SERVFAIL.
213 * TTL for the result, in seconds. If the security is bogus, then
214 * you also cannot trust this value.
220 * Callback for results of async queries.
221 * The readable function definition looks like:
222 * void my_callback(void* my_arg, int err, struct ub_result* result);
224 * void* my_arg: your pointer to a (struct of) data of your choice,
226 * int err: if 0 all is OK, otherwise an error occured and no results
228 * struct result: pointer to more detailed result structure.
229 * This structure is allocated on the heap and needs to be
230 * freed with ub_resolve_free(result);
232 typedef void (*ub_callback_type)(void*, int, struct ub_result*);
235 * Create a resolving and validation context.
236 * The information from /etc/resolv.conf and /etc/hosts is not utilised by
237 * default. Use ub_ctx_resolvconf and ub_ctx_hosts to read them.
238 * @return a new context. default initialisation.
239 * returns NULL on error.
241 struct ub_ctx* ub_ctx_create(void);
244 * Destroy a validation context and free all its resources.
245 * Outstanding async queries are killed and callbacks are not called for them.
246 * @param ctx: context to delete.
248 void ub_ctx_delete(struct ub_ctx* ctx);
251 * Set an option for the context.
252 * @param ctx: context.
253 * @param opt: option name from the unbound.conf config file format.
254 * (not all settings applicable). The name includes the trailing ':'
255 * for example ub_ctx_set_option(ctx, "logfile:", "mylog.txt");
256 * This is a power-users interface that lets you specify all sorts
258 * For some specific options, such as adding trust anchors, special
260 * @param val: value of the option.
261 * @return: 0 if OK, else error.
263 int ub_ctx_set_option(struct ub_ctx* ctx, const char* opt, const char* val);
266 * Get an option from the context.
267 * @param ctx: context.
268 * @param opt: option name from the unbound.conf config file format.
269 * (not all settings applicable). The name excludes the trailing ':'
270 * for example ub_ctx_get_option(ctx, "logfile", &result);
271 * This is a power-users interface that lets you specify all sorts
273 * @param str: the string is malloced and returned here. NULL on error.
274 * The caller must free() the string. In cases with multiple
275 * entries (auto-trust-anchor-file), a newline delimited list is
276 * returned in the string.
277 * @return 0 if OK else an error code (malloc failure, syntax error).
279 int ub_ctx_get_option(struct ub_ctx* ctx, const char* opt, char** str);
282 * setup configuration for the given context.
283 * @param ctx: context.
284 * @param fname: unbound config file (not all settings applicable).
285 * This is a power-users interface that lets you specify all sorts
287 * For some specific options, such as adding trust anchors, special
289 * @return: 0 if OK, else error.
291 int ub_ctx_config(struct ub_ctx* ctx, const char* fname);
294 * Set machine to forward DNS queries to, the caching resolver to use.
295 * IP4 or IP6 address. Forwards all DNS requests to that machine, which
296 * is expected to run a recursive resolver. If the proxy is not
297 * DNSSEC-capable, validation may fail. Can be called several times, in
298 * that case the addresses are used as backup servers.
300 * To read the list of nameservers from /etc/resolv.conf (from DHCP or so),
301 * use the call ub_ctx_resolvconf.
303 * @param ctx: context.
304 * At this time it is only possible to set configuration before the
305 * first resolve is done.
306 * @param addr: address, IP4 or IP6 in string format.
307 * If the addr is NULL, forwarding is disabled.
308 * @return 0 if OK, else error.
310 int ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr);
313 * Use DNS over TLS to send queries to machines set with ub_ctx_set_fwd().
315 * @param ctx: context.
316 * At this time it is only possible to set configuration before the
317 * first resolve is done.
318 * @param tls: enable or disable DNS over TLS
319 * @return 0 if OK, else error.
321 int ub_ctx_set_tls(struct ub_ctx* ctx, int tls);
324 * Add a stub zone, with given address to send to. This is for custom
325 * root hints or pointing to a local authoritative dns server.
326 * For dns resolvers and the 'DHCP DNS' ip address, use ub_ctx_set_fwd.
327 * This is similar to a stub-zone entry in unbound.conf.
329 * @param ctx: context.
330 * It is only possible to set configuration before the
331 * first resolve is done.
332 * @param zone: name of the zone, string.
333 * @param addr: address, IP4 or IP6 in string format.
334 * The addr is added to the list of stub-addresses if the entry exists.
335 * If the addr is NULL the stub entry is removed.
336 * @param isprime: set to true to set stub-prime to yes for the stub.
337 * For local authoritative servers, people usually set it to false,
338 * For root hints it should be set to true.
339 * @return 0 if OK, else error.
341 int ub_ctx_set_stub(struct ub_ctx* ctx, const char* zone, const char* addr,
345 * Read list of nameservers to use from the filename given.
346 * Usually "/etc/resolv.conf". Uses those nameservers as caching proxies.
347 * If they do not support DNSSEC, validation may fail.
349 * Only nameservers are picked up, the searchdomain, ndots and other
350 * settings from resolv.conf(5) are ignored.
352 * @param ctx: context.
353 * At this time it is only possible to set configuration before the
354 * first resolve is done.
355 * @param fname: file name string. If NULL "/etc/resolv.conf" is used.
356 * @return 0 if OK, else error.
358 int ub_ctx_resolvconf(struct ub_ctx* ctx, const char* fname);
361 * Read list of hosts from the filename given.
362 * Usually "/etc/hosts".
363 * These addresses are not flagged as DNSSEC secure when queried for.
365 * @param ctx: context.
366 * At this time it is only possible to set configuration before the
367 * first resolve is done.
368 * @param fname: file name string. If NULL "/etc/hosts" is used.
369 * @return 0 if OK, else error.
371 int ub_ctx_hosts(struct ub_ctx* ctx, const char* fname);
374 * Add a trust anchor to the given context.
375 * The trust anchor is a string, on one line, that holds a valid DNSKEY or
377 * @param ctx: context.
378 * At this time it is only possible to add trusted keys before the
379 * first resolve is done.
380 * @param ta: string, with zone-format RR on one line.
381 * [domainname] [TTL optional] [type] [class optional] [rdata contents]
382 * @return 0 if OK, else error.
384 int ub_ctx_add_ta(struct ub_ctx* ctx, const char* ta);
387 * Add trust anchors to the given context.
388 * Pass name of a file with DS and DNSKEY records (like from dig or drill).
389 * @param ctx: context.
390 * At this time it is only possible to add trusted keys before the
391 * first resolve is done.
392 * @param fname: filename of file with keyfile with trust anchors.
393 * @return 0 if OK, else error.
395 int ub_ctx_add_ta_file(struct ub_ctx* ctx, const char* fname);
398 * Add trust anchor to the given context that is tracked with RFC5011
399 * automated trust anchor maintenance. The file is written to when the
400 * trust anchor is changed.
401 * Pass the name of a file that was output from eg. unbound-anchor,
402 * or you can start it by providing a trusted DNSKEY or DS record on one
404 * @param ctx: context.
405 * At this time it is only possible to add trusted keys before the
406 * first resolve is done.
407 * @param fname: filename of file with trust anchor.
408 * @return 0 if OK, else error.
410 int ub_ctx_add_ta_autr(struct ub_ctx* ctx, const char* fname);
413 * Add trust anchors to the given context.
414 * Pass the name of a bind-style config file with trusted-keys{}.
415 * @param ctx: context.
416 * At this time it is only possible to add trusted keys before the
417 * first resolve is done.
418 * @param fname: filename of file with bind-style config entries with trust
420 * @return 0 if OK, else error.
422 int ub_ctx_trustedkeys(struct ub_ctx* ctx, const char* fname);
425 * Set debug output (and error output) to the specified stream.
426 * Pass NULL to disable. Default is stderr.
427 * @param ctx: context.
428 * @param out: FILE* out file stream to log to.
429 * Type void* to avoid stdio dependency of this header file.
430 * @return 0 if OK, else error.
432 int ub_ctx_debugout(struct ub_ctx* ctx, void* out);
435 * Set debug verbosity for the context
436 * Output is directed to stderr.
437 * @param ctx: context.
438 * @param d: debug level, 0 is off, 1 is very minimal, 2 is detailed,
440 * @return 0 if OK, else error.
442 int ub_ctx_debuglevel(struct ub_ctx* ctx, int d);
445 * Set a context behaviour for asynchronous action.
446 * @param ctx: context.
447 * @param dothread: if true, enables threading and a call to resolve_async()
448 * creates a thread to handle work in the background.
449 * If false, a process is forked to handle work in the background.
450 * Changes to this setting after async() calls have been made have
451 * no effect (delete and re-create the context to change).
452 * @return 0 if OK, else error.
454 int ub_ctx_async(struct ub_ctx* ctx, int dothread);
457 * Poll a context to see if it has any new results
458 * Do not poll in a loop, instead extract the fd below to poll for readiness,
459 * and then check, or wait using the wait routine.
460 * @param ctx: context.
461 * @return: 0 if nothing to read, or nonzero if a result is available.
462 * If nonzero, call ctx_process() to do callbacks.
464 int ub_poll(struct ub_ctx* ctx);
467 * Wait for a context to finish with results. Calls ub_process() after
468 * the wait for you. After the wait, there are no more outstanding
469 * asynchronous queries.
470 * @param ctx: context.
471 * @return: 0 if OK, else error.
473 int ub_wait(struct ub_ctx* ctx);
476 * Get file descriptor. Wait for it to become readable, at this point
477 * answers are returned from the asynchronous validating resolver.
478 * Then call the ub_process to continue processing.
479 * This routine works immediately after context creation, the fd
481 * @param ctx: context.
482 * @return: -1 on error, or file descriptor to use select(2) with.
484 int ub_fd(struct ub_ctx* ctx);
487 * Call this routine to continue processing results from the validating
488 * resolver (when the fd becomes readable).
489 * Will perform necessary callbacks.
490 * @param ctx: context
491 * @return: 0 if OK, else error.
493 int ub_process(struct ub_ctx* ctx);
496 * Perform resolution and validation of the target name.
497 * @param ctx: context.
498 * The context is finalized, and can no longer accept config changes.
499 * @param name: domain name in text format (a zero terminated text string).
500 * @param rrtype: type of RR in host order, 1 is A (address).
501 * @param rrclass: class of RR in host order, 1 is IN (for internet).
502 * @param result: the result data is returned in a newly allocated result
503 * structure. May be NULL on return, return value is set to an error
504 * in that case (out of memory).
505 * @return 0 if OK, else error.
507 int ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype,
508 int rrclass, struct ub_result** result);
511 * Perform resolution and validation of the target name.
512 * Asynchronous, after a while, the callback will be called with your
513 * data and the result.
514 * @param ctx: context.
515 * If no thread or process has been created yet to perform the
516 * work in the background, it is created now.
517 * The context is finalized, and can no longer accept config changes.
518 * @param name: domain name in text format (a string).
519 * @param rrtype: type of RR in host order, 1 is A.
520 * @param rrclass: class of RR in host order, 1 is IN (for internet).
521 * @param mydata: this data is your own data (you can pass NULL),
522 * and is passed on to the callback function.
523 * @param callback: this is called on completion of the resolution.
525 * void callback(void* mydata, int err, struct ub_result* result)
526 * with mydata: the same as passed here, you may pass NULL,
527 * with err: is 0 when a result has been found.
528 * with result: a newly allocated result structure.
529 * The result may be NULL, in that case err is set.
531 * If an error happens during processing, your callback will be called
532 * with error set to a nonzero value (and result==NULL).
533 * @param async_id: if you pass a non-NULL value, an identifier number is
534 * returned for the query as it is in progress. It can be used to
536 * @return 0 if OK, else error.
538 int ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype,
539 int rrclass, void* mydata, ub_callback_type callback, int* async_id);
542 * Cancel an async query in progress.
543 * Its callback will not be called.
545 * @param ctx: context.
546 * @param async_id: which query to cancel.
547 * @return 0 if OK, else error.
548 * This routine can return an error if the async_id passed does not exist
549 * or has already been delivered. If another thread is processing results
550 * at the same time, the result may be delivered at the same time and the
551 * cancel fails with an error. Also the cancel can fail due to a system
552 * error, no memory or socket failures.
554 int ub_cancel(struct ub_ctx* ctx, int async_id);
557 * Free storage associated with a result structure.
558 * @param result: to free
560 void ub_resolve_free(struct ub_result* result);
563 * Convert error value to a human readable string.
564 * @param err: error code from one of the libunbound functions.
565 * @return pointer to constant text string, zero terminated.
567 const char* ub_strerror(int err);
570 * Debug routine. Print the local zone information to debug output.
571 * @param ctx: context. Is finalized by the routine.
572 * @return 0 if OK, else error.
574 int ub_ctx_print_local_zones(struct ub_ctx* ctx);
577 * Add a new zone with the zonetype to the local authority info of the
579 * @param ctx: context. Is finalized by the routine.
580 * @param zone_name: name of the zone in text, "example.com"
581 * If it already exists, the type is updated.
582 * @param zone_type: type of the zone (like for unbound.conf) in text.
583 * @return 0 if OK, else error.
585 int ub_ctx_zone_add(struct ub_ctx* ctx, const char *zone_name,
586 const char *zone_type);
589 * Remove zone from local authority info of the library.
590 * @param ctx: context. Is finalized by the routine.
591 * @param zone_name: name of the zone in text, "example.com"
592 * If it does not exist, nothing happens.
593 * @return 0 if OK, else error.
595 int ub_ctx_zone_remove(struct ub_ctx* ctx, const char *zone_name);
598 * Add localdata to the library local authority info.
599 * Similar to local-data config statement.
600 * @param ctx: context. Is finalized by the routine.
601 * @param data: the resource record in text format, for example
602 * "www.example.com IN A 127.0.0.1"
603 * @return 0 if OK, else error.
605 int ub_ctx_data_add(struct ub_ctx* ctx, const char *data);
608 * Remove localdata from the library local authority info.
609 * @param ctx: context. Is finalized by the routine.
610 * @param data: the name to delete all data from, like "www.example.com".
611 * @return 0 if OK, else error.
613 int ub_ctx_data_remove(struct ub_ctx* ctx, const char *data);
616 * Get a version string from the libunbound implementation.
617 * @return a static constant string with the version number.
619 const char* ub_version(void);
622 * Some global statistics that are not in struct stats_info,
623 * this struct is shared on a shm segment (shm-key in unbound.conf)
625 struct ub_shm_stat_info {
629 long long now_sec, now_usec;
630 long long up_sec, up_usec;
631 long long elapsed_sec, elapsed_usec;
642 long long dnscrypt_shared_secret;
643 long long dnscrypt_nonce;
647 /** number of qtype that is stored for in array */
648 #define UB_STATS_QTYPE_NUM 256
649 /** number of qclass that is stored for in array */
650 #define UB_STATS_QCLASS_NUM 256
651 /** number of rcodes in stats */
652 #define UB_STATS_RCODE_NUM 16
653 /** number of opcodes in stats */
654 #define UB_STATS_OPCODE_NUM 16
655 /** number of histogram buckets */
656 #define UB_STATS_BUCKET_NUM 40
658 /** per worker statistics. */
659 struct ub_server_stats {
660 /** number of queries from clients received. */
661 long long num_queries;
662 /** number of queries that have been dropped/ratelimited by ip. */
663 long long num_queries_ip_ratelimited;
664 /** number of queries that had a cache-miss. */
665 long long num_queries_missed_cache;
666 /** number of prefetch queries - cachehits with prefetch */
667 long long num_queries_prefetch;
670 * Sum of the querylistsize of the worker for
671 * every query that missed cache. To calculate average.
673 long long sum_query_list_size;
674 /** max value of query list size reached. */
675 long long max_query_list_size;
677 /** Extended stats below (bool) */
681 long long qtype[UB_STATS_QTYPE_NUM];
682 /** bigger qtype values not in array */
685 long long qclass[UB_STATS_QCLASS_NUM];
686 /** bigger qclass values not in array */
687 long long qclass_big;
689 long long qopcode[UB_STATS_OPCODE_NUM];
690 /** number of queries over TCP */
692 /** number of outgoing queries over TCP */
693 long long qtcp_outgoing;
694 /** number of queries over (DNS over) TLS */
696 /** number of queries over IPv6 */
698 /** number of queries with QR bit */
700 /** number of queries with AA bit */
702 /** number of queries with TC bit */
704 /** number of queries with RD bit */
706 /** number of queries with RA bit */
708 /** number of queries with Z bit */
710 /** number of queries with AD bit */
712 /** number of queries with CD bit */
714 /** number of queries with EDNS OPT record */
716 /** number of queries with EDNS with DO flag */
719 long long ans_rcode[UB_STATS_RCODE_NUM];
720 /** answers with pseudo rcode 'nodata' */
721 long long ans_rcode_nodata;
722 /** answers that were secure (AD) */
723 long long ans_secure;
724 /** answers that were bogus (withheld as SERVFAIL) */
726 /** rrsets marked bogus by validator */
727 long long rrset_bogus;
728 /** number of queries that have been ratelimited by domain recursion. */
729 long long queries_ratelimited;
730 /** unwanted traffic received on server-facing ports */
731 long long unwanted_replies;
732 /** unwanted traffic received on client-facing ports */
733 long long unwanted_queries;
734 /** usage of tcp accept list */
735 long long tcp_accept_usage;
736 /** answers served from expired cache */
737 long long zero_ttl_responses;
738 /** histogram data exported to array
739 * if the array is the same size, no data is lost, and
740 * if all histograms are same size (is so by default) then
741 * adding up works well. */
742 long long hist[UB_STATS_BUCKET_NUM];
744 /** number of message cache entries */
745 long long msg_cache_count;
746 /** number of rrset cache entries */
747 long long rrset_cache_count;
748 /** number of infra cache entries */
749 long long infra_cache_count;
750 /** number of key cache entries */
751 long long key_cache_count;
753 /** number of queries that used dnscrypt */
754 long long num_query_dnscrypt_crypted;
755 /** number of queries that queried dnscrypt certificates */
756 long long num_query_dnscrypt_cert;
757 /** number of queries in clear text and not asking for the certificates */
758 long long num_query_dnscrypt_cleartext;
759 /** number of malformed encrypted queries */
760 long long num_query_dnscrypt_crypted_malformed;
761 /** number of queries which did not have a shared secret in cache */
762 long long num_query_dnscrypt_secret_missed_cache;
763 /** number of dnscrypt shared secret cache entries */
764 long long shared_secret_cache_count;
765 /** number of queries which are replays */
766 long long num_query_dnscrypt_replay;
767 /** number of dnscrypt nonces cache entries */
768 long long nonce_cache_count;
769 /** number of queries for unbound's auth_zones, upstream query */
770 long long num_query_authzone_up;
771 /** number of queries for unbound's auth_zones, downstream answers */
772 long long num_query_authzone_down;
773 /** number of times neg cache records were used to generate NOERROR
775 long long num_neg_cache_noerror;
776 /** number of times neg cache records were used to generate NXDOMAIN
778 long long num_neg_cache_nxdomain;
779 /** number of queries answered from edns-subnet specific data */
780 long long num_query_subnet;
781 /** number of queries answered from edns-subnet specific data, and
782 * the answer was from the edns-subnet cache. */
783 long long num_query_subnet_cache;
784 /** number of bytes in the stream wait buffers */
785 long long mem_stream_wait;
786 /** number of TLS connection resume */
787 long long qtls_resume;
791 * Statistics to send over the control pipe when asked
792 * This struct is made to be memcopied, sent in binary.
793 * shm mapped with (number+1) at num_threads+1, with first as total
795 struct ub_stats_info {
796 /** the thread stats */
797 struct ub_server_stats svr;
799 /** mesh stats: current number of states */
800 long long mesh_num_states;
801 /** mesh stats: current number of reply (user) states */
802 long long mesh_num_reply_states;
803 /** mesh stats: number of reply states overwritten with a new one */
804 long long mesh_jostled;
805 /** mesh stats: number of incoming queries dropped */
806 long long mesh_dropped;
807 /** mesh stats: replies sent */
808 long long mesh_replies_sent;
809 /** mesh stats: sum of waiting times for the replies */
810 long long mesh_replies_sum_wait_sec, mesh_replies_sum_wait_usec;
811 /** mesh stats: median of waiting times for replies (in sec) */
812 double mesh_time_median;
819 #endif /* _UB_UNBOUND_H */